aws-sdk 2.1502.0 → 2.1503.0

package/clients/secretsmanager.d.ts

@@ -11,6 +11,14 @@ declare class SecretsManager extends Service {
    */
   constructor(options?: SecretsManager.Types.ClientConfiguration)
   config: Config & SecretsManager.Types.ClientConfiguration;
+  /**
+   * Retrieves the contents of the encrypted fields SecretString or SecretBinary for up to 20 secrets. To retrieve a single secret, call GetSecretValue.  To choose which secrets to retrieve, you can specify a list of secrets by name or ARN, or you can use filters. If Secrets Manager encounters errors such as AccessDeniedException while attempting to retrieve any of the secrets, you can see the errors in Errors in the response. Secrets Manager generates CloudTrail GetSecretValue log entries for each secret you request when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:BatchGetSecretValue, and you must have secretsmanager:GetSecretValue for each secret. If you use filters, you must also have secretsmanager:ListSecrets. If the secrets are encrypted using customer-managed keys instead of the Amazon Web Services managed key aws/secretsmanager, then you also need kms:Decrypt permissions for the keys. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. 
+   */
+  batchGetSecretValue(params: SecretsManager.Types.BatchGetSecretValueRequest, callback?: (err: AWSError, data: SecretsManager.Types.BatchGetSecretValueResponse) => void): Request<SecretsManager.Types.BatchGetSecretValueResponse, AWSError>;
+  /**
+   * Retrieves the contents of the encrypted fields SecretString or SecretBinary for up to 20 secrets. To retrieve a single secret, call GetSecretValue.  To choose which secrets to retrieve, you can specify a list of secrets by name or ARN, or you can use filters. If Secrets Manager encounters errors such as AccessDeniedException while attempting to retrieve any of the secrets, you can see the errors in Errors in the response. Secrets Manager generates CloudTrail GetSecretValue log entries for each secret you request when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:BatchGetSecretValue, and you must have secretsmanager:GetSecretValue for each secret. If you use filters, you must also have secretsmanager:ListSecrets. If the secrets are encrypted using customer-managed keys instead of the Amazon Web Services managed key aws/secretsmanager, then you also need kms:Decrypt permissions for the keys. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. 
+   */
+  batchGetSecretValue(callback?: (err: AWSError, data: SecretsManager.Types.BatchGetSecretValueResponse) => void): Request<SecretsManager.Types.BatchGetSecretValueResponse, AWSError>;
   /**
    * Turns off automatic rotation, and if a rotation is currently in progress, cancels the rotation. If you cancel a rotation in progress, it can leave the VersionStage labels in an unexpected state. You might need to remove the staging label AWSPENDING from the partially created version. You also need to determine whether to roll back to the previous version of the secret by moving the staging label AWSCURRENT to the version that has AWSPENDING. To determine which version has a specific staging label, call ListSecretVersionIds. Then use UpdateSecretVersionStage to change staging labels. For more information, see How rotation works. To turn on automatic rotation again, call RotateSecret. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:CancelRotateSecret. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. 
    */
@@ -68,11 +76,11 @@ declare class SecretsManager extends Service {
    */
   getResourcePolicy(callback?: (err: AWSError, data: SecretsManager.Types.GetResourcePolicyResponse) => void): Request<SecretsManager.Types.GetResourcePolicyResponse, AWSError>;
   /**
-   * Retrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret, whichever contains content. We recommend that you cache your secret values by using client-side caching. Caching secrets improves speed and reduces your costs. For more information, see Cache secrets for your applications. To retrieve the previous version of a secret, use VersionStage and specify AWSPREVIOUS. To revert to the previous version of a secret, call UpdateSecretVersionStage. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:GetSecretValue. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key aws/secretsmanager, then you also need kms:Decrypt permissions for that key. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. 
+   * Retrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret, whichever contains content. To retrieve the values for a group of secrets, call BatchGetSecretValue. We recommend that you cache your secret values by using client-side caching. Caching secrets improves speed and reduces your costs. For more information, see Cache secrets for your applications. To retrieve the previous version of a secret, use VersionStage and specify AWSPREVIOUS. To revert to the previous version of a secret, call UpdateSecretVersionStage. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:GetSecretValue. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key aws/secretsmanager, then you also need kms:Decrypt permissions for that key. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. 
    */
   getSecretValue(params: SecretsManager.Types.GetSecretValueRequest, callback?: (err: AWSError, data: SecretsManager.Types.GetSecretValueResponse) => void): Request<SecretsManager.Types.GetSecretValueResponse, AWSError>;
   /**
-   * Retrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret, whichever contains content. We recommend that you cache your secret values by using client-side caching. Caching secrets improves speed and reduces your costs. For more information, see Cache secrets for your applications. To retrieve the previous version of a secret, use VersionStage and specify AWSPREVIOUS. To revert to the previous version of a secret, call UpdateSecretVersionStage. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:GetSecretValue. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key aws/secretsmanager, then you also need kms:Decrypt permissions for that key. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. 
+   * Retrieves the contents of the encrypted fields SecretString or SecretBinary from the specified version of a secret, whichever contains content. To retrieve the values for a group of secrets, call BatchGetSecretValue. We recommend that you cache your secret values by using client-side caching. Caching secrets improves speed and reduces your costs. For more information, see Cache secrets for your applications. To retrieve the previous version of a secret, use VersionStage and specify AWSPREVIOUS. To revert to the previous version of a secret, call UpdateSecretVersionStage. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:GetSecretValue. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key aws/secretsmanager, then you also need kms:Decrypt permissions for that key. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. 
    */
   getSecretValue(callback?: (err: AWSError, data: SecretsManager.Types.GetSecretValueResponse) => void): Request<SecretsManager.Types.GetSecretValueResponse, AWSError>;
   /**
@@ -84,11 +92,11 @@ declare class SecretsManager extends Service {
    */
   listSecretVersionIds(callback?: (err: AWSError, data: SecretsManager.Types.ListSecretVersionIdsResponse) => void): Request<SecretsManager.Types.ListSecretVersionIdsResponse, AWSError>;
   /**
-   * Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager console. ListSecrets is eventually consistent, however it might not reflect changes from the last five minutes. To get the latest information for a specific secret, use DescribeSecret. To list the versions of a secret, use ListSecretVersionIds. To get the secret value from SecretString or SecretBinary, call GetSecretValue. For information about finding secrets in the console, see Find secrets in Secrets Manager. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:ListSecrets. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. 
+   * Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager console. ListSecrets is eventually consistent, however it might not reflect changes from the last five minutes. To get the latest information for a specific secret, use DescribeSecret. To list the versions of a secret, use ListSecretVersionIds. To retrieve the values for the secrets, call BatchGetSecretValue or GetSecretValue. For information about finding secrets in the console, see Find secrets in Secrets Manager. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:ListSecrets. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. 
    */
   listSecrets(params: SecretsManager.Types.ListSecretsRequest, callback?: (err: AWSError, data: SecretsManager.Types.ListSecretsResponse) => void): Request<SecretsManager.Types.ListSecretsResponse, AWSError>;
   /**
-   * Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager console. ListSecrets is eventually consistent, however it might not reflect changes from the last five minutes. To get the latest information for a specific secret, use DescribeSecret. To list the versions of a secret, use ListSecretVersionIds. To get the secret value from SecretString or SecretBinary, call GetSecretValue. For information about finding secrets in the console, see Find secrets in Secrets Manager. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:ListSecrets. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. 
+   * Lists the secrets that are stored by Secrets Manager in the Amazon Web Services account, not including secrets that are marked for deletion. To see secrets marked for deletion, use the Secrets Manager console. ListSecrets is eventually consistent, however it might not reflect changes from the last five minutes. To get the latest information for a specific secret, use DescribeSecret. To list the versions of a secret, use ListSecretVersionIds. To retrieve the values for the secrets, call BatchGetSecretValue or GetSecretValue. For information about finding secrets in the console, see Find secrets in Secrets Manager. Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.  Required permissions:  secretsmanager:ListSecrets. For more information, see  IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager. 
    */
   listSecrets(callback?: (err: AWSError, data: SecretsManager.Types.ListSecretsResponse) => void): Request<SecretsManager.Types.ListSecretsResponse, AWSError>;
   /**
@@ -189,8 +197,55 @@ declare class SecretsManager extends Service {
   validateResourcePolicy(callback?: (err: AWSError, data: SecretsManager.Types.ValidateResourcePolicyResponse) => void): Request<SecretsManager.Types.ValidateResourcePolicyResponse, AWSError>;
 }
 declare namespace SecretsManager {
+  export type APIErrorListType = APIErrorType[];
+  export interface APIErrorType {
+    /**
+     * The ARN or name of the secret.
+     */
+    SecretId?: SecretIdType;
+    /**
+     * The error Secrets Manager encountered while retrieving an individual secret as part of BatchGetSecretValue, for example ResourceNotFoundException,InvalidParameterException, InvalidRequestException, DecryptionFailure, or AccessDeniedException.
+     */
+    ErrorCode?: ErrorCode;
+    /**
+     * A message describing the error.
+     */
+    Message?: ErrorMessage;
+  }
   export type AddReplicaRegionListType = ReplicaRegionType[];
   export type AutomaticallyRotateAfterDaysType = number;
+  export interface BatchGetSecretValueRequest {
+    /**
+     * The ARN or names of the secrets to retrieve. You must include Filters or SecretIdList, but not both.
+     */
+    SecretIdList?: SecretIdListType;
+    /**
+     * The filters to choose which secrets to retrieve. You must include Filters or SecretIdList, but not both.
+     */
+    Filters?: FiltersListType;
+    /**
+     * The number of results to include in the response. If there are more results available, in the response, Secrets Manager includes NextToken. To get the next results, call BatchGetSecretValue again with the value from NextToken.
+     */
+    MaxResults?: MaxResultsBatchType;
+    /**
+     * A token that indicates where the output should continue from, if a previous call did not show all results. To get the next results, call BatchGetSecretValue again with this value.
+     */
+    NextToken?: NextTokenType;
+  }
+  export interface BatchGetSecretValueResponse {
+    /**
+     * A list of secret values.
+     */
+    SecretValues?: SecretValuesType;
+    /**
+     * Secrets Manager includes this value if there's more output available than what is included in the current response. This can occur even when the response includes no values at all, such as when you ask for a filtered view of a long list. To get the next results, call BatchGetSecretValue again with this value.
+     */
+    NextToken?: NextTokenType;
+    /**
+     * A list of errors Secrets Manager encountered while attempting to retrieve individual secrets.
+     */
+    Errors?: APIErrorListType;
+  }
   export type BooleanType = boolean;
   export interface CancelRotateSecretRequest {
     /**
@@ -398,6 +453,7 @@ declare namespace SecretsManager {
   }
   export type DescriptionType = string;
   export type DurationType = string;
+  export type ErrorCode = string;
   export type ErrorMessage = string;
   export type ExcludeCharactersType = string;
   export type ExcludeLowercaseType = boolean;
@@ -596,6 +652,7 @@ declare namespace SecretsManager {
      */
     NextToken?: NextTokenType;
   }
+  export type MaxResultsBatchType = number;
   export type MaxResultsType = number;
   export type NameType = string;
   export type NextRotationDateType = Date;
@@ -820,6 +877,7 @@ declare namespace SecretsManager {
   export type ScheduleExpressionType = string;
   export type SecretARNType = string;
   export type SecretBinaryType = Buffer|Uint8Array|Blob|string;
+  export type SecretIdListType = SecretIdType[];
   export type SecretIdType = string;
   export interface SecretListEntry {
     /**
@@ -827,7 +885,7 @@ declare namespace SecretsManager {
      */
     ARN?: SecretARNType;
     /**
-     * The friendly name of the secret. You can use forward slashes in the name to represent a path hierarchy. For example, /prod/databases/dbserver1 could represent the secret for a server named dbserver1 in the folder databases in the folder prod. 
+     * The friendly name of the secret. 
      */
     Name?: SecretNameType;
     /**
@@ -894,6 +952,37 @@ declare namespace SecretsManager {
   export type SecretListType = SecretListEntry[];
   export type SecretNameType = string;
   export type SecretStringType = string;
+  export interface SecretValueEntry {
+    /**
+     * The Amazon Resource Name (ARN) of the secret.
+     */
+    ARN?: SecretARNType;
+    /**
+     * The friendly name of the secret. 
+     */
+    Name?: SecretNameType;
+    /**
+     * The unique version identifier of this version of the secret.
+     */
+    VersionId?: SecretVersionIdType;
+    /**
+     * The decrypted secret value, if the secret value was originally provided as binary data in the form of a byte array. The parameter represents the binary data as a base64-encoded string.
+     */
+    SecretBinary?: SecretBinaryType;
+    /**
+     * The decrypted secret value, if the secret value was originally provided as a string or through the Secrets Manager console.
+     */
+    SecretString?: SecretStringType;
+    /**
+     * A list of all of the staging labels currently attached to this version of the secret.
+     */
+    VersionStages?: SecretVersionStagesType;
+    /**
+     * The date the secret was created.
+     */
+    CreatedDate?: CreatedDateType;
+  }
+  export type SecretValuesType = SecretValueEntry[];
   export type SecretVersionIdType = string;
   export type SecretVersionStageType = string;
   export type SecretVersionStagesType = SecretVersionStageType[];

package/clients/securityhub.d.ts

@@ -395,6 +395,14 @@ declare class SecurityHub extends Service {
    * Returns the details for the Security Hub member accounts for the specified account IDs. An administrator account can be either the delegated Security Hub administrator account for an organization or an administrator account that enabled Security Hub manually. The results include both member accounts that are managed using Organizations and accounts that were invited manually.
    */
   getMembers(callback?: (err: AWSError, data: SecurityHub.Types.GetMembersResponse) => void): Request<SecurityHub.Types.GetMembersResponse, AWSError>;
+  /**
+   *  Retrieves the definition of a security control. The definition includes the control title, description, Region availability, parameter definitions, and other details. 
+   */
+  getSecurityControlDefinition(params: SecurityHub.Types.GetSecurityControlDefinitionRequest, callback?: (err: AWSError, data: SecurityHub.Types.GetSecurityControlDefinitionResponse) => void): Request<SecurityHub.Types.GetSecurityControlDefinitionResponse, AWSError>;
+  /**
+   *  Retrieves the definition of a security control. The definition includes the control title, description, Region availability, parameter definitions, and other details. 
+   */
+  getSecurityControlDefinition(callback?: (err: AWSError, data: SecurityHub.Types.GetSecurityControlDefinitionResponse) => void): Request<SecurityHub.Types.GetSecurityControlDefinitionResponse, AWSError>;
   /**
    * Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that the invitation is sent from. This operation is only used to invite accounts that do not belong to an organization. Organization accounts do not receive invitations. Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub. When the account owner enables Security Hub and accepts the invitation to become a member account, the administrator account can view the findings generated from the member account.
    */
@@ -531,6 +539,14 @@ declare class SecurityHub extends Service {
    * Used to update the configuration related to Organizations. Can only be called from a Security Hub administrator account.
    */
   updateOrganizationConfiguration(callback?: (err: AWSError, data: SecurityHub.Types.UpdateOrganizationConfigurationResponse) => void): Request<SecurityHub.Types.UpdateOrganizationConfigurationResponse, AWSError>;
+  /**
+   *  Updates the properties of a security control. 
+   */
+  updateSecurityControl(params: SecurityHub.Types.UpdateSecurityControlRequest, callback?: (err: AWSError, data: SecurityHub.Types.UpdateSecurityControlResponse) => void): Request<SecurityHub.Types.UpdateSecurityControlResponse, AWSError>;
+  /**
+   *  Updates the properties of a security control. 
+   */
+  updateSecurityControl(callback?: (err: AWSError, data: SecurityHub.Types.UpdateSecurityControlResponse) => void): Request<SecurityHub.Types.UpdateSecurityControlResponse, AWSError>;
   /**
    * Updates configuration options for Security Hub.
    */
@@ -696,6 +712,7 @@ declare namespace SecurityHub {
   export type AdminAccounts = AdminAccount[];
   export type AdminStatus = "ENABLED"|"DISABLE_IN_PROGRESS"|string;
   export type AdminsMaxResults = number;
+  export type AlphaNumericNonEmptyString = string;
   export type ArnList = NonEmptyString[];
   export interface AssociatedStandard {
     /**
@@ -10805,6 +10822,22 @@ declare namespace SecurityHub {
      *  The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response. 
      */
     ComplianceAssociatedStandardsId?: StringFilterList;
+    /**
+     *  Indicates whether a software vulnerability in your environment has a known exploit. You can filter findings by this field only if you use Security Hub and Amazon Inspector. 
+     */
+    VulnerabilitiesExploitAvailable?: StringFilterList;
+    /**
+     *  Indicates whether a vulnerability is fixed in a newer version of the affected software packages. You can filter findings by this field only if you use Security Hub and Amazon Inspector. 
+     */
+    VulnerabilitiesFixAvailable?: StringFilterList;
+    /**
+     *  The name of a security control parameter. 
+     */
+    ComplianceSecurityControlParametersName?: StringFilterList;
+    /**
+     *  The current value of a security control parameter. 
+     */
+    ComplianceSecurityControlParametersValue?: StringFilterList;
   }
   export interface AwsSecurityFindingIdentifier {
     /**
@@ -11806,6 +11839,12 @@ declare namespace SecurityHub {
     UnprocessedAssociationUpdates?: UnprocessedStandardsControlAssociationUpdates;
   }
   export type Boolean = boolean;
+  export interface BooleanConfigurationOptions {
+    /**
+     *  The Security Hub default value for a boolean parameter. 
+     */
+    DefaultValue?: Boolean;
+  }
   export interface BooleanFilter {
     /**
      * The value of the boolean.
@@ -11943,8 +11982,46 @@ declare namespace SecurityHub {
      * The enabled security standards in which a security control is currently enabled. 
      */
     AssociatedStandards?: AssociatedStandardsList;
+    /**
+     *  An object that includes security control parameter names and values. 
+     */
+    SecurityControlParameters?: SecurityControlParametersList;
   }
   export type ComplianceStatus = "PASSED"|"WARNING"|"FAILED"|"NOT_AVAILABLE"|string;
+  export interface ConfigurationOptions {
+    /**
+     *  The options for customizing a security control parameter that is an integer. 
+     */
+    Integer?: IntegerConfigurationOptions;
+    /**
+     *  The options for customizing a security control parameter that is a list of integers. 
+     */
+    IntegerList?: IntegerListConfigurationOptions;
+    /**
+     *  The options for customizing a security control parameter that is a double. 
+     */
+    Double?: DoubleConfigurationOptions;
+    /**
+     *  The options for customizing a security control parameter that is a string data type. 
+     */
+    String?: StringConfigurationOptions;
+    /**
+     *  The options for customizing a security control parameter that is a list of strings. 
+     */
+    StringList?: StringListConfigurationOptions;
+    /**
+     *  The options for customizing a security control parameter that is a boolean. For a boolean parameter, the options are true and false. 
+     */
+    Boolean?: BooleanConfigurationOptions;
+    /**
+     *  The options for customizing a security control parameter that is an enum. 
+     */
+    Enum?: EnumConfigurationOptions;
+    /**
+     *  The options for customizing a security control parameter that is a list of enums. 
+     */
+    EnumList?: EnumListConfigurationOptions;
+  }
   export interface ContainerDetails {
     /**
      * The runtime of the container. 
@@ -12137,6 +12214,7 @@ declare namespace SecurityHub {
      */
     TotalCount?: Long;
   }
+  export type CustomizableProperties = SecurityControlProperty[];
   export interface Cvss {
     /**
      * The version of CVSS for the CVSS score.
@@ -12447,6 +12525,20 @@ declare namespace SecurityHub {
     Blocked?: Boolean;
   }
   export type Double = number;
+  export interface DoubleConfigurationOptions {
+    /**
+     *  The Security Hub default value for a control parameter that is a double. 
+     */
+    DefaultValue?: Double;
+    /**
+     *  The minimum valid value for a control parameter that is a double. 
+     */
+    Min?: Double;
+    /**
+     *  The maximum valid value for a control parameter that is a double. 
+     */
+    Max?: Double;
+  }
   export interface EnableImportFindingsForProductRequest {
     /**
      * The ARN of the product to enable the integration for.
@@ -12483,6 +12575,30 @@ declare namespace SecurityHub {
   }
   export interface EnableSecurityHubResponse {
   }
+  export interface EnumConfigurationOptions {
+    /**
+     *  The Security Hub default value for a control parameter that is an enum. 
+     */
+    DefaultValue?: NonEmptyString;
+    /**
+     *  The valid values for a control parameter that is an enum. 
+     */
+    AllowedValues?: StringList;
+  }
+  export interface EnumListConfigurationOptions {
+    /**
+     *  The Security Hub default value for a control parameter that is a list of enums. 
+     */
+    DefaultValue?: StringList;
+    /**
+     *  The maximum number of list items that an enum list control parameter can accept. 
+     */
+    MaxItems?: Integer;
+    /**
+     *  The valid values for a control parameter that is a list of enums. 
+     */
+    AllowedValues?: StringList;
+  }
   export type FieldMap = {[key: string]: NonEmptyString};
   export type FilePathList = FilePaths[];
   export interface FilePaths {
@@ -12845,6 +12961,15 @@ declare namespace SecurityHub {
      */
     UnprocessedAccounts?: ResultList;
   }
+  export interface GetSecurityControlDefinitionRequest {
+    /**
+     *  The ID of the security control to retrieve the definition for. This field doesn’t accept an Amazon Resource Name (ARN). 
+     */
+    SecurityControlId: NonEmptyString;
+  }
+  export interface GetSecurityControlDefinitionResponse {
+    SecurityControlDefinition: SecurityControlDefinition;
+  }
   export interface IcmpTypeCode {
     /**
      * The ICMP code for which to deny or allow access. To deny or allow all codes, use the value -1.
@@ -12915,7 +13040,39 @@ declare namespace SecurityHub {
     ResultValues: InsightResultValueList;
   }
   export type Integer = number;
+  export interface IntegerConfigurationOptions {
+    /**
+     *  The Security Hub default value for a control parameter that is an integer. 
+     */
+    DefaultValue?: Integer;
+    /**
+     *  The minimum valid value for a control parameter that is an integer. 
+     */
+    Min?: Integer;
+    /**
+     *  The maximum valid value for a control parameter that is an integer. 
+     */
+    Max?: Integer;
+  }
   export type IntegerList = Integer[];
+  export interface IntegerListConfigurationOptions {
+    /**
+     *  The Security Hub default value for a control parameter that is a list of integers. 
+     */
+    DefaultValue?: IntegerList;
+    /**
+     *  The minimum valid value for a control parameter that is a list of integers. 
+     */
+    Min?: Integer;
+    /**
+     *  The maximum valid value for a control parameter that is a list of integers. 
+     */
+    Max?: Integer;
+    /**
+     *  The maximum number of list items that an interger list control parameter can accept. 
+     */
+    MaxItems?: Integer;
+  }
   export type IntegrationType = "SEND_FINDINGS_TO_SECURITY_HUB"|"RECEIVE_FINDINGS_FROM_SECURITY_HUB"|"UPDATE_FINDINGS_IN_SECURITY_HUB"|string;
   export type IntegrationTypeList = IntegrationType[];
   export interface Invitation {
@@ -13420,6 +13577,14 @@ declare namespace SecurityHub {
      * The equal-to condition to be applied to a single field when querying for findings.
      */
     Eq?: Double;
+    /**
+     *  The greater-than condition to be applied to a single field when querying for findings. 
+     */
+    Gt?: Double;
+    /**
+     *  The less-than condition to be applied to a single field when querying for findings. 
+     */
+    Lt?: Double;
   }
   export type NumberFilterList = NumberFilter[];
   export interface Occurrences {
@@ -13459,6 +13624,63 @@ declare namespace SecurityHub {
     OffsetRange?: Range;
   }
   export type Pages = Page[];
+  export interface ParameterConfiguration {
+    /**
+     *  Identifies whether a control parameter uses a custom user-defined value or the Security Hub default value. 
+     */
+    ValueType: ParameterValueType;
+    /**
+     *  The current value of a control parameter. 
+     */
+    Value?: ParameterValue;
+  }
+  export interface ParameterDefinition {
+    /**
+     *  Description of a control parameter. 
+     */
+    Description: NonEmptyString;
+    /**
+     *  The options for customizing a control parameter. Customization options vary based on the data type of the parameter. 
+     */
+    ConfigurationOptions: ConfigurationOptions;
+  }
+  export type ParameterDefinitions = {[key: string]: ParameterDefinition};
+  export interface ParameterValue {
+    /**
+     *  A control parameter that is an integer. 
+     */
+    Integer?: Integer;
+    /**
+     *  A control parameter that is a list of integers. 
+     */
+    IntegerList?: IntegerList;
+    /**
+     *  A control parameter that is a double. 
+     */
+    Double?: Double;
+    /**
+     *  A control parameter that is a string. 
+     */
+    String?: NonEmptyString;
+    /**
+     *  A control parameter that is a list of strings. 
+     */
+    StringList?: StringList;
+    /**
+     *  A control parameter that is a boolean. 
+     */
+    Boolean?: Boolean;
+    /**
+     *  A control parameter that is an enum. 
+     */
+    Enum?: NonEmptyString;
+    /**
+     *  A control parameter that is a list of enums. 
+     */
+    EnumList?: StringList;
+  }
+  export type ParameterValueType = "DEFAULT"|"CUSTOM"|string;
+  export type Parameters = {[key: string]: ParameterConfiguration};
   export type Partition = "aws"|"aws-cn"|"aws-us-gov"|string;
   export interface PatchSummary {
     /**
@@ -14438,6 +14660,18 @@ declare namespace SecurityHub {
      *  The enablement status of a security control in a specific standard. 
      */
     SecurityControlStatus: ControlStatus;
+    /**
+     *  Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of READY indicates findings include the current parameter values. A status of UPDATING indicates that all findings may not include the current parameter values. 
+     */
+    UpdateStatus?: UpdateStatus;
+    /**
+     *  An object that identifies the name of a control parameter, its current value, and whether it has been customized. 
+     */
+    Parameters?: Parameters;
+    /**
+     *  The most recent reason for updating the customizable properties of a security control. This differs from the UpdateReason field of the  BatchUpdateStandardsControlAssociations  API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores. 
+     */
+    LastUpdateReason?: AlphaNumericNonEmptyString;
   }
   export interface SecurityControlDefinition {
     /**
@@ -14464,8 +14698,28 @@ declare namespace SecurityHub {
      *  Specifies whether a security control is available in the current Amazon Web Services Region. 
      */
     CurrentRegionAvailability: RegionAvailabilityStatus;
+    /**
+     *  Security control properties that you can customize. Currently, only parameter customization is supported for select controls. An empty array is returned for controls that don’t support custom properties. 
+     */
+    CustomizableProperties?: CustomizableProperties;
+    /**
+     *  An object that provides a security control parameter name, description, and the options for customizing it. This object is excluded for a control that doesn't support custom parameters. 
+     */
+    ParameterDefinitions?: ParameterDefinitions;
   }
   export type SecurityControlDefinitions = SecurityControlDefinition[];
+  export interface SecurityControlParameter {
+    /**
+     *  The name of a 
+     */
+    Name?: NonEmptyString;
+    /**
+     *  The current value of a control parameter. 
+     */
+    Value?: TypeList;
+  }
+  export type SecurityControlParametersList = SecurityControlParameter[];
+  export type SecurityControlProperty = "Parameters"|string;
   export type SecurityControls = SecurityControl[];
   export type SecurityGroups = NonEmptyString[];
   export interface SensitiveDataDetections {
@@ -14500,7 +14754,7 @@ declare namespace SecurityHub {
   export type SensitiveDataResultList = SensitiveDataResult[];
   export interface Severity {
     /**
-     * Deprecated. This attribute is being deprecated. Instead of providing Product, provide Original. The native severity as defined by the Amazon Web Services service or integrated partner product that generated the finding.
+     * Deprecated. This attribute isn't included in findings. Instead of providing Product, provide Original. The native severity as defined by the Amazon Web Services service or integrated partner product that generated the finding.
      */
     Product?: Double;
     /**
@@ -14508,7 +14762,7 @@ declare namespace SecurityHub {
      */
     Label?: SeverityLabel;
     /**
-     * Deprecated. The normalized severity of a finding. This attribute is being deprecated. Instead of providing Normalized, provide Label. If you provide Label and do not provide Normalized, then Normalized is set automatically as follows.    INFORMATIONAL - 0    LOW - 1    MEDIUM - 40    HIGH - 70    CRITICAL - 90  
+     * Deprecated. The normalized severity of a finding. Instead of providing Normalized, provide Label. If you provide Label and do not provide Normalized, then Normalized is set automatically as follows.    INFORMATIONAL - 0    LOW - 1    MEDIUM - 40    HIGH - 70    CRITICAL - 90  
      */
     Normalized?: Integer;
     /**
@@ -14855,6 +15109,20 @@ declare namespace SecurityHub {
   }
   export type StatusReasonCode = "NO_AVAILABLE_CONFIGURATION_RECORDER"|"INTERNAL_ERROR"|string;
   export type StatusReasonsList = StatusReason[];
+  export interface StringConfigurationOptions {
+    /**
+     *  The Security Hub default value for a control parameter that is a string. 
+     */
+    DefaultValue?: NonEmptyString;
+    /**
+     *  An RE2 regular expression that Security Hub uses to validate a user-provided control parameter string. 
+     */
+    Re2Expression?: NonEmptyString;
+    /**
+     *  The description of the RE2 regular expression. 
+     */
+    ExpressionDescription?: NonEmptyString;
+  }
   export interface StringFilter {
     /**
      * The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub. If you provide security hub as the filter value, there's no match.
@@ -14868,6 +15136,24 @@ declare namespace SecurityHub {
   export type StringFilterComparison = "EQUALS"|"PREFIX"|"NOT_EQUALS"|"PREFIX_NOT_EQUALS"|"CONTAINS"|"NOT_CONTAINS"|string;
   export type StringFilterList = StringFilter[];
   export type StringList = NonEmptyString[];
+  export interface StringListConfigurationOptions {
+    /**
+     *  The Security Hub default value for a control parameter that is a list of strings. 
+     */
+    DefaultValue?: StringList;
+    /**
+     *  An RE2 regular expression that Security Hub uses to validate a user-provided list of strings for a control parameter. 
+     */
+    Re2Expression?: NonEmptyString;
+    /**
+     *  The maximum number of list items that a string list control parameter can accept. 
+     */
+    MaxItems?: Integer;
+    /**
+     *  The description of the RE2 regular expression. 
+     */
+    ExpressionDescription?: NonEmptyString;
+  }
   export type TagKey = string;
   export type TagKeyList = TagKey[];
   export type TagMap = {[key: string]: TagValue};
@@ -15138,6 +15424,22 @@ declare namespace SecurityHub {
   }
   export interface UpdateOrganizationConfigurationResponse {
   }
+  export interface UpdateSecurityControlRequest {
+    /**
+     *  The Amazon Resource Name (ARN) or ID of the control to update. 
+     */
+    SecurityControlId: NonEmptyString;
+    /**
+     *  An object that specifies which security control parameters to update. 
+     */
+    Parameters: Parameters;
+    /**
+     *  The most recent reason for updating the properties of the security control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores. 
+     */
+    LastUpdateReason?: AlphaNumericNonEmptyString;
+  }
+  export interface UpdateSecurityControlResponse {
+  }
   export interface UpdateSecurityHubConfigurationRequest {
     /**
      * Whether to automatically enable new controls when they are added to standards that are enabled. By default, this is set to true, and new controls are enabled automatically. To not automatically enable new controls, set this to false. 
@@ -15166,6 +15468,7 @@ declare namespace SecurityHub {
   }
   export interface UpdateStandardsControlResponse {
   }
+  export type UpdateStatus = "READY"|"UPDATING"|string;
   export type VerificationState = "UNKNOWN"|"TRUE_POSITIVE"|"FALSE_POSITIVE"|"BENIGN_POSITIVE"|string;
   export interface VolumeMount {
     /**