@propulsionworks/cloudformation 0.1.12 → 0.1.14

package/out/exports/resources.generated/aws-securityhub-automationrulev2.d.ts

@@ -0,0 +1,456 @@
+import type { ResourceDefinitionWithAttributes } from "../main.ts";
+/**
+ * Creates a V2 automation rule. This API is in private preview and subject to change.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html}
+ */
+export type SecurityHubAutomationRuleV2 = ResourceDefinitionWithAttributes<"AWS::SecurityHub::AutomationRuleV2", SecurityHubAutomationRuleV2Props, SecurityHubAutomationRuleV2Attribs>;
+/**
+ * Creates a V2 automation rule. This API is in private preview and subject to change.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html}
+ */
+export type SecurityHubAutomationRuleV2Props = {
+    /**
+     * A list of actions to be performed when the rule criteria is met.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-actions}
+     */
+    Actions: AutomationRulesActionV2[];
+    /**
+     * The filtering type and configuration of the automation rule.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-criteria}
+     */
+    Criteria: Criteria;
+    /**
+     * A description of the V2 automation rule.
+     * @minLength 1
+     * @maxLength 256
+     * @pattern .*\S.*
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-description}
+     */
+    Description: string;
+    /**
+     * The name of the V2 automation rule.
+     * @minLength 1
+     * @maxLength 256
+     * @pattern .*\S.*
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-rulename}
+     */
+    RuleName: string;
+    /**
+     * The value for the rule priority.
+     * @min 1
+     * @max 1000
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-ruleorder}
+     */
+    RuleOrder: number;
+    /**
+     * The status of the V2 automation rule.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-rulestatus}
+     */
+    RuleStatus?: "ENABLED" | "DISABLED" | undefined;
+    /**
+     * A list of key-value pairs associated with the V2 automation rule.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-tags}
+     */
+    Tags?: Record<string, string> | undefined;
+};
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#aws-resource-securityhub-automationrulev2-return-values}
+ */
+export type SecurityHubAutomationRuleV2Attribs = {
+    /**
+     * The timestamp when the V2 automation rule was created.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-createdat}
+     */
+    CreatedAt: string;
+    /**
+     * The ARN of the V2 automation rule.
+     * @pattern ^arn:aws\S*:securityhub:[a-z0-9-]+:[0-9]{12}:automation-rulev2/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-rulearn}
+     */
+    RuleArn: string;
+    /**
+     * The ID of the V2 automation rule.
+     * @pattern ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-ruleid}
+     */
+    RuleId: string;
+    /**
+     * The timestamp when the V2 automation rule was updated.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-automationrulev2.html#cfn-securityhub-automationrulev2-updatedat}
+     */
+    UpdatedAt: string;
+};
+/**
+ * The logical operator used to combine multiple conditions
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-allowedoperators.html}
+ */
+export type AllowedOperators = "AND" | "OR";
+/**
+ * Allows you to configure automated responses.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesactionv2.html}
+ */
+export type AutomationRulesActionV2 = {
+    /**
+     * The settings for integrating automation rule actions with external systems or service.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesactionv2.html#cfn-securityhub-automationrulev2-automationrulesactionv2-externalintegrationconfiguration}
+     */
+    ExternalIntegrationConfiguration?: ExternalIntegrationConfiguration | undefined;
+    /**
+     * Specifies that the automation rule action is an update to a finding field.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesactionv2.html#cfn-securityhub-automationrulev2-automationrulesactionv2-findingfieldsupdate}
+     */
+    FindingFieldsUpdate?: AutomationRulesFindingFieldsUpdateV2 | undefined;
+    /**
+     * Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesactionv2.html#cfn-securityhub-automationrulev2-automationrulesactionv2-type}
+     */
+    Type: "FINDING_FIELDS_UPDATE" | "EXTERNAL_INTEGRATION";
+};
+/**
+ * Allows you to define the structure for modifying specific fields in security findings.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2.html}
+ */
+export type AutomationRulesFindingFieldsUpdateV2 = {
+    /**
+     * Notes or contextual information for findings that are modified by the automation rule.
+     * @pattern .*\S.*
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2.html#cfn-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2-comment}
+     */
+    Comment?: string | undefined;
+    /**
+     * The severity level to be assigned to findings that match the automation rule criteria.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2.html#cfn-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2-severityid}
+     */
+    SeverityId?: number | undefined;
+    /**
+     * The status to be applied to findings that match automation rule criteria.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2.html#cfn-securityhub-automationrulev2-automationrulesfindingfieldsupdatev2-statusid}
+     */
+    StatusId?: number | undefined;
+};
+/**
+ * Boolean filter for querying findings.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-booleanfilter.html}
+ */
+export type BooleanFilter = {
+    /**
+     * The value of the boolean.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-booleanfilter.html#cfn-securityhub-automationrulev2-booleanfilter-value}
+     */
+    Value: boolean;
+};
+/**
+ * Enables the creation of filtering criteria for security findings.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html}
+ */
+export type CompositeFilter = {
+    /**
+     * Enables filtering based on boolean field values.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-booleanfilters}
+     */
+    BooleanFilters?: OcsfBooleanFilter[] | undefined;
+    /**
+     * Enables filtering based on date and timestamp fields.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-datefilters}
+     */
+    DateFilters?: OcsfDateFilter[] | undefined;
+    /**
+     * Enables the creation of filtering criteria for security findings.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-mapfilters}
+     */
+    MapFilters?: OcsfMapFilter[] | undefined;
+    /**
+     * Enables filtering based on numerical field values.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-numberfilters}
+     */
+    NumberFilters?: OcsfNumberFilter[] | undefined;
+    /**
+     * The logical operator used to combine multiple filter conditions.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-operator}
+     */
+    Operator?: AllowedOperators | undefined;
+    /**
+     * Enables filtering based on string field values.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-compositefilter.html#cfn-securityhub-automationrulev2-compositefilter-stringfilters}
+     */
+    StringFilters?: OcsfStringFilter[] | undefined;
+};
+/**
+ * The filtering type and configuration of the automation rule.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-criteria.html}
+ */
+export type Criteria = {
+    /**
+     * The filtering conditions that align with OCSF standards.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-criteria.html#cfn-securityhub-automationrulev2-criteria-ocsffindingcriteria}
+     */
+    OcsfFindingCriteria?: OcsfFindingFilters | undefined;
+};
+/**
+ * A date filter for querying findings.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-datefilter.html}
+ */
+export type DateFilter = {
+    /**
+     * A date range for the date filter.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-datefilter.html#cfn-securityhub-automationrulev2-datefilter-daterange}
+     */
+    DateRange?: DateRange | undefined;
+    /**
+     * A timestamp that provides the end date for the date filter.
+     *
+     * For more information about the validation and formatting of timestamp fields in AWS Security Hub , see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps) .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-datefilter.html#cfn-securityhub-automationrulev2-datefilter-end}
+     */
+    End?: string | undefined;
+    /**
+     * A timestamp that provides the start date for the date filter.
+     *
+     * For more information about the validation and formatting of timestamp fields in AWS Security Hub , see [Timestamps](https://docs.aws.amazon.com/securityhub/1.0/APIReference/Welcome.html#timestamps) .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-datefilter.html#cfn-securityhub-automationrulev2-datefilter-start}
+     */
+    Start?: string | undefined;
+};
+/**
+ * A date range for the date filter.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-daterange.html}
+ */
+export type DateRange = {
+    /**
+     * A date range unit for the date filter.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-daterange.html#cfn-securityhub-automationrulev2-daterange-unit}
+     */
+    Unit: "DAYS";
+    /**
+     * A date range value for the date filter.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-daterange.html#cfn-securityhub-automationrulev2-daterange-value}
+     */
+    Value: number;
+};
+/**
+ * The settings for integrating automation rule actions with external systems or service.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-externalintegrationconfiguration.html}
+ */
+export type ExternalIntegrationConfiguration = {
+    /**
+     * The ARN of the connector that establishes the integration.
+     * @pattern .*\S.*
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-externalintegrationconfiguration.html#cfn-securityhub-automationrulev2-externalintegrationconfiguration-connectorarn}
+     */
+    ConnectorArn?: string | undefined;
+};
+/**
+ * A map filter for filtering AWS Security Hub findings. Each map filter provides the field to check for, the value to check for, and the comparison operator.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-mapfilter.html}
+ */
+export type MapFilter = {
+    /**
+     * The condition to apply to the key value when filtering Security Hub findings with a map filter.
+     *
+     * To search for values that have the filter value, use one of the following comparison operators:
+     *
+     * - To search for values that include the filter value, use `CONTAINS` . For example, for the `ResourceTags` field, the filter `Department CONTAINS Security` matches findings that include the value `Security` for the `Department` tag. In the same example, a finding with a value of `Security team` for the `Department` tag is a match.
+     * - To search for values that exactly match the filter value, use `EQUALS` . For example, for the `ResourceTags` field, the filter `Department EQUALS Security` matches findings that have the value `Security` for the `Department` tag.
+     *
+     * `CONTAINS` and `EQUALS` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Department CONTAINS Security OR Department CONTAINS Finance` match a finding that includes either `Security` , `Finance` , or both values.
+     *
+     * To search for values that don't have the filter value, use one of the following comparison operators:
+     *
+     * - To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, for the `ResourceTags` field, the filter `Department NOT_CONTAINS Finance` matches findings that exclude the value `Finance` for the `Department` tag.
+     * - To search for values other than the filter value, use `NOT_EQUALS` . For example, for the `ResourceTags` field, the filter `Department NOT_EQUALS Finance` matches findings that don’t have the value `Finance` for the `Department` tag.
+     *
+     * `NOT_CONTAINS` and `NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance` match a finding that excludes both the `Security` and `Finance` values.
+     *
+     * `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.
+     *
+     * You can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can’t have both an `EQUALS` filter and a `NOT_EQUALS` filter on the same field. Combining filters in this way returns an error.
+     *
+     * `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-mapfilter.html#cfn-securityhub-automationrulev2-mapfilter-comparison}
+     */
+    Comparison: "EQUALS" | "NOT_EQUALS";
+    /**
+     * The key of the map filter. For example, for `ResourceTags` , `Key` identifies the name of the tag. For `UserDefinedFields` , `Key` is the name of the field.
+     * @minLength 1
+     * @maxLength 4096
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-mapfilter.html#cfn-securityhub-automationrulev2-mapfilter-key}
+     */
+    Key: string;
+    /**
+     * The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called `Department` might be `Security` . If you provide `security` as the filter value, then there's no match.
+     * @minLength 1
+     * @maxLength 4096
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-mapfilter.html#cfn-securityhub-automationrulev2-mapfilter-value}
+     */
+    Value: string;
+};
+/**
+ * A number filter for querying findings.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-numberfilter.html}
+ */
+export type NumberFilter = {
+    /**
+     * The equal-to condition to be applied to a single field when querying for findings.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-numberfilter.html#cfn-securityhub-automationrulev2-numberfilter-eq}
+     */
+    Eq?: number | undefined;
+    /**
+     * The greater-than-equal condition to be applied to a single field when querying for findings.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-numberfilter.html#cfn-securityhub-automationrulev2-numberfilter-gte}
+     */
+    Gte?: number | undefined;
+    /**
+     * The less-than-equal condition to be applied to a single field when querying for findings.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-numberfilter.html#cfn-securityhub-automationrulev2-numberfilter-lte}
+     */
+    Lte?: number | undefined;
+};
+/**
+ * Enables filtering of security findings based on boolean field values in OCSF.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfbooleanfilter.html}
+ */
+export type OcsfBooleanFilter = {
+    /**
+     * The name of the field.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfbooleanfilter.html#cfn-securityhub-automationrulev2-ocsfbooleanfilter-fieldname}
+     */
+    FieldName: "compliance.assessments.meets_criteria" | "vulnerabilities.is_exploit_available" | "vulnerabilities.is_fix_available";
+    /**
+     * Enables filtering of security findings based on boolean field values in OCSF.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfbooleanfilter.html#cfn-securityhub-automationrulev2-ocsfbooleanfilter-filter}
+     */
+    Filter: BooleanFilter;
+};
+/**
+ * Enables filtering of security findings based on date and timestamp fields in OCSF.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfdatefilter.html}
+ */
+export type OcsfDateFilter = {
+    /**
+     * The name of the field.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfdatefilter.html#cfn-securityhub-automationrulev2-ocsfdatefilter-fieldname}
+     */
+    FieldName: "finding_info.created_time_dt" | "finding_info.first_seen_time_dt" | "finding_info.last_seen_time_dt" | "finding_info.modified_time_dt";
+    /**
+     * Enables filtering of security findings based on date and timestamp fields in OCSF.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfdatefilter.html#cfn-securityhub-automationrulev2-ocsfdatefilter-filter}
+     */
+    Filter: DateFilter;
+};
+/**
+ * Specifies the filtering criteria for security findings using OCSF.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsffindingfilters.html}
+ */
+export type OcsfFindingFilters = {
+    /**
+     * Enables the creation of complex filtering conditions by combining filter criteria.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsffindingfilters.html#cfn-securityhub-automationrulev2-ocsffindingfilters-compositefilters}
+     */
+    CompositeFilters?: CompositeFilter[] | undefined;
+    /**
+     * The logical operators used to combine the filtering on multiple `CompositeFilters` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsffindingfilters.html#cfn-securityhub-automationrulev2-ocsffindingfilters-compositeoperator}
+     */
+    CompositeOperator?: AllowedOperators | undefined;
+};
+/**
+ * Enables filtering of security findings based on map field values in OCSF.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfmapfilter.html}
+ */
+export type OcsfMapFilter = {
+    /**
+     * The name of the field.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfmapfilter.html#cfn-securityhub-automationrulev2-ocsfmapfilter-fieldname}
+     */
+    FieldName: "resources.tags";
+    /**
+     * Enables filtering of security findings based on map field values in OCSF.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfmapfilter.html#cfn-securityhub-automationrulev2-ocsfmapfilter-filter}
+     */
+    Filter: MapFilter;
+};
+/**
+ * Enables filtering of security findings based on numerical field values in OCSF.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfnumberfilter.html}
+ */
+export type OcsfNumberFilter = {
+    /**
+     * The name of the field.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfnumberfilter.html#cfn-securityhub-automationrulev2-ocsfnumberfilter-fieldname}
+     */
+    FieldName: "activity_id" | "compliance.status_id" | "confidence_score" | "severity_id" | "status_id" | "finding_info.related_events_count";
+    /**
+     * Enables filtering of security findings based on numerical field values in OCSF.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfnumberfilter.html#cfn-securityhub-automationrulev2-ocsfnumberfilter-filter}
+     */
+    Filter: NumberFilter;
+};
+/**
+ * The name of the field
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfstringfield.html}
+ */
+export type OcsfStringField = "metadata.uid" | "activity_name" | "cloud.account.name" | "cloud.account.uid" | "cloud.provider" | "cloud.region" | "compliance.assessments.category" | "compliance.assessments.name" | "compliance.control" | "compliance.status" | "compliance.standards" | "finding_info.desc" | "finding_info.src_url" | "finding_info.title" | "finding_info.types" | "finding_info.uid" | "finding_info.related_events.uid" | "finding_info.related_events.product.uid" | "finding_info.related_events.title" | "metadata.product.feature.uid" | "metadata.product.name" | "metadata.product.uid" | "metadata.product.vendor_name" | "remediation.desc" | "remediation.references" | "resources.cloud_partition" | "resources.name" | "resources.region" | "resources.type" | "resources.uid" | "severity" | "status" | "comment" | "vulnerabilities.fix_coverage" | "class_name";
+/**
+ * Enables filtering of security findings based on string field values in OCSF.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfstringfilter.html}
+ */
+export type OcsfStringFilter = {
+    /**
+     * The name of the field.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfstringfilter.html#cfn-securityhub-automationrulev2-ocsfstringfilter-fieldname}
+     */
+    FieldName: OcsfStringField;
+    /**
+     * Enables filtering of security findings based on string field values in OCSF.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-ocsfstringfilter.html#cfn-securityhub-automationrulev2-ocsfstringfilter-filter}
+     */
+    Filter: StringFilter;
+};
+/**
+ * A string filter for filtering AWS Security Hub findings.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-stringfilter.html}
+ */
+export type StringFilter = {
+    /**
+     * The condition to apply to a string value when filtering Security Hub findings.
+     *
+     * To search for values that have the filter value, use one of the following comparison operators:
+     *
+     * - To search for values that include the filter value, use `CONTAINS` . For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront.
+     * - To search for values that exactly match the filter value, use `EQUALS` . For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012` .
+     * - To search for values that start with the filter value, use `PREFIX` . For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us` . A `ResourceRegion` that starts with a different value, such as `af` , `ap` , or `ca` , doesn't match.
+     *
+     * `CONTAINS` , `EQUALS` , and `PREFIX` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront` , `CloudWatch` , or both strings in the title.
+     *
+     * To search for values that don’t have the filter value, use one of the following comparison operators:
+     *
+     * - To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront.
+     * - To search for values other than the filter value, use `NOT_EQUALS` . For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012` .
+     * - To search for values that don't start with the filter value, use `PREFIX_NOT_EQUALS` . For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us` .
+     *
+     * `NOT_CONTAINS` , `NOT_EQUALS` , and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title.
+     *
+     * You can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can't provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.
+     *
+     * You can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters.
+     *
+     * For example, for the following filters, Security Hub first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` .
+     *
+     * - `ResourceType PREFIX AwsIam`
+     * - `ResourceType PREFIX AwsEc2`
+     * - `ResourceType NOT_EQUALS AwsIamPolicy`
+     * - `ResourceType NOT_EQUALS AwsEc2NetworkInterface`
+     *
+     * `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-stringfilter.html#cfn-securityhub-automationrulev2-stringfilter-comparison}
+     */
+    Comparison: "EQUALS" | "PREFIX" | "NOT_EQUALS" | "PREFIX_NOT_EQUALS" | "CONTAINS";
+    /**
+     * The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub` . If you provide `security hub` as the filter value, there's no match.
+     * @minLength 1
+     * @maxLength 4096
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-automationrulev2-stringfilter.html#cfn-securityhub-automationrulev2-stringfilter-value}
+     */
+    Value: string;
+};
+//# sourceMappingURL=aws-securityhub-automationrulev2.d.ts.map

package/out/exports/resources.generated/aws-securityhub-hubv2.d.ts

@@ -0,0 +1,34 @@
+import type { ResourceDefinitionWithAttributes } from "../main.ts";
+/**
+ * Returns details about the service resource in your account. This API is in private preview and subject to change.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-hubv2.html}
+ */
+export type SecurityHubHubV2 = ResourceDefinitionWithAttributes<"AWS::SecurityHub::HubV2", SecurityHubHubV2Props, SecurityHubHubV2Attribs>;
+/**
+ * Returns details about the service resource in your account. This API is in private preview and subject to change.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-hubv2.html}
+ */
+export type SecurityHubHubV2Props = {
+    /**
+     * The tags to add to the hub V2 resource when you enable Security Hub.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-hubv2.html#cfn-securityhub-hubv2-tags}
+     */
+    Tags?: Record<string, string> | undefined;
+};
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-hubv2.html#aws-resource-securityhub-hubv2-return-values}
+ */
+export type SecurityHubHubV2Attribs = {
+    /**
+     * The ARN of the service resource.
+     * @pattern arn:aws(?:-[a-z]+)*:securityhub:[a-z0-9-]+:\d{12}:hubv2/[^/](.{0,1022}[^/:])?$
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-hubv2.html#cfn-securityhub-hubv2-hubv2arn}
+     */
+    HubV2Arn: string;
+    /**
+     * The date and time when the service was enabled in the account.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-securityhub-hubv2.html#cfn-securityhub-hubv2-subscribedat}
+     */
+    SubscribedAt: string;
+};
+//# sourceMappingURL=aws-securityhub-hubv2.d.ts.map

package/out/exports/resources.generated/aws-securityhub-insight.d.ts

@@ -807,7 +807,7 @@ export type StringFilter = {
      * - `ResourceType NOT_EQUALS AwsIamPolicy`
      * - `ResourceType NOT_EQUALS AwsEc2NetworkInterface`
      *
-     * `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .
+     * `CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules V1. `CONTAINS_WORD` operator is only supported in `GetFindingsV2` , `GetFindingStatisticsV2` , `GetResourcesV2` , and `GetResourceStatisticsV2` APIs. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-securityhub-insight-stringfilter.html#cfn-securityhub-insight-stringfilter-comparison}
      */
     Comparison: StringFilterComparison;

package/out/exports/resources.generated/aws-synthetics-canary.d.ts

@@ -277,6 +277,11 @@ export type RunConfig = {
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-synthetics-canary-runconfig.html#cfn-synthetics-canary-runconfig-environmentvariables}
      */
     EnvironmentVariables?: Record<string, string> | undefined;
+    /**
+     * Specifies the amount of ephemeral storage (in MB) to allocate for the canary run during execution. This temporary storage is used for storing canary run artifacts (which are uploaded to an Amazon S3 bucket at the end of the run), and any canary browser operations. This temporary storage is cleared after the run is completed. Default storage value is 1024 MB.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-synthetics-canary-runconfig.html#cfn-synthetics-canary-runconfig-ephemeralstorage}
+     */
+    EphemeralStorage?: number | undefined;
     /**
      * The maximum amount of memory that the canary can use while running. This value must be a multiple of 64. The range is 960 to 3008.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-synthetics-canary-runconfig.html#cfn-synthetics-canary-runconfig-memoryinmb}

package/out/exports/resources.generated/aws-wafv2-rulegroup.d.ts

@@ -122,14 +122,19 @@ export type AndStatement = {
     Statements: Statement[];
 };
 /**
+ * A rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address.
+ *
+ * For additional details, see [ASN match rule statement](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-asn-match.html) in the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-asnmatchstatement.html}
  */
 export type AsnMatchStatement = {
     /**
+     * Contains one or more Autonomous System Numbers (ASNs). ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-asnmatchstatement.html#cfn-wafv2-rulegroup-asnmatchstatement-asnlist}
      */
     AsnList?: number[] | undefined;
     /**
+     * The configuration for inspecting IP addresses to match against an ASN in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-asnmatchstatement.html#cfn-wafv2-rulegroup-asnmatchstatement-forwardedipconfig}
      */
     ForwardedIPConfig?: ForwardedIPConfiguration | undefined;
@@ -1111,7 +1116,7 @@ export type RateBasedStatement = {
  */
 export type RateBasedStatementCustomKey = {
     /**
-     * Specifies the request's ASN as an aggregate key for a rate-based rule.
+     * Use an Autonomous System Number (ASN) derived from the request's originating or forwarded IP address as an aggregate key. Each distinct ASN contributes to the aggregation instance.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratebasedstatementcustomkey.html#cfn-wafv2-rulegroup-ratebasedstatementcustomkey-asn}
      */
     ASN?: Record<string, unknown> | undefined;
@@ -1546,6 +1551,9 @@ export type Statement = {
      */
     AndStatement?: AndStatement | undefined;
     /**
+     * A rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address.
+     *
+     * For additional details, see [ASN match rule statement](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-asn-match.html) in the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-statement.html#cfn-wafv2-rulegroup-statement-asnmatchstatement}
      */
     AsnMatchStatement?: AsnMatchStatement | undefined;