cdk-docker-image-deployment 0.0.174 → 0.0.176

package/node_modules/aws-sdk/clients/securityhub.d.ts

@@ -43,6 +43,22 @@ declare class SecurityHub extends Service {
    * Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation. For more information, see the Security Standards section of the Security Hub User Guide.
    */
   batchEnableStandards(callback?: (err: AWSError, data: SecurityHub.Types.BatchEnableStandardsResponse) => void): Request<SecurityHub.Types.BatchEnableStandardsResponse, AWSError>;
+  /**
+   *  Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region. 
+   */
+  batchGetSecurityControls(params: SecurityHub.Types.BatchGetSecurityControlsRequest, callback?: (err: AWSError, data: SecurityHub.Types.BatchGetSecurityControlsResponse) => void): Request<SecurityHub.Types.BatchGetSecurityControlsResponse, AWSError>;
+  /**
+   *  Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region. 
+   */
+  batchGetSecurityControls(callback?: (err: AWSError, data: SecurityHub.Types.BatchGetSecurityControlsResponse) => void): Request<SecurityHub.Types.BatchGetSecurityControlsResponse, AWSError>;
+  /**
+   *  For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard. 
+   */
+  batchGetStandardsControlAssociations(params: SecurityHub.Types.BatchGetStandardsControlAssociationsRequest, callback?: (err: AWSError, data: SecurityHub.Types.BatchGetStandardsControlAssociationsResponse) => void): Request<SecurityHub.Types.BatchGetStandardsControlAssociationsResponse, AWSError>;
+  /**
+   *  For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard. 
+   */
+  batchGetStandardsControlAssociations(callback?: (err: AWSError, data: SecurityHub.Types.BatchGetStandardsControlAssociationsResponse) => void): Request<SecurityHub.Types.BatchGetStandardsControlAssociationsResponse, AWSError>;
   /**
    * Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.  BatchImportFindings must be called by one of the following:   The Amazon Web Services account that is associated with a finding if you are using the default product ARN or are a partner sending findings from within a customer's Amazon Web Services account. In these cases, the identifier of the account that you are calling BatchImportFindings from needs to be the same as the AwsAccountId attribute for the finding.   An Amazon Web Services account that Security Hub has allow-listed for an official partner integration. In this case, you can call BatchImportFindings from the allow-listed account and send findings from different customer accounts in the same batch.   The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb. After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.    Note     UserDefinedFields     VerificationState     Workflow    Finding providers also should not use BatchImportFindings to update the following attributes.    Confidence     Criticality     RelatedFindings     Severity     Types    Instead, finding providers use FindingProviderFields to provide values for these attributes.
    */
@@ -59,6 +75,14 @@ declare class SecurityHub extends Service {
    * Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account. Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding. Administrator and member accounts can use BatchUpdateFindings to update the following finding fields and objects.    Confidence     Criticality     Note     RelatedFindings     Severity     Types     UserDefinedFields     VerificationState     Workflow    You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the Security Hub User Guide.
    */
   batchUpdateFindings(callback?: (err: AWSError, data: SecurityHub.Types.BatchUpdateFindingsResponse) => void): Request<SecurityHub.Types.BatchUpdateFindingsResponse, AWSError>;
+  /**
+   *  For a batch of security controls and standards, this operation updates the enablement status of a control in a standard. 
+   */
+  batchUpdateStandardsControlAssociations(params: SecurityHub.Types.BatchUpdateStandardsControlAssociationsRequest, callback?: (err: AWSError, data: SecurityHub.Types.BatchUpdateStandardsControlAssociationsResponse) => void): Request<SecurityHub.Types.BatchUpdateStandardsControlAssociationsResponse, AWSError>;
+  /**
+   *  For a batch of security controls and standards, this operation updates the enablement status of a control in a standard. 
+   */
+  batchUpdateStandardsControlAssociations(callback?: (err: AWSError, data: SecurityHub.Types.BatchUpdateStandardsControlAssociationsResponse) => void): Request<SecurityHub.Types.BatchUpdateStandardsControlAssociationsResponse, AWSError>;
   /**
    * Creates a custom action target in Security Hub. You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.
    */
@@ -379,6 +403,22 @@ declare class SecurityHub extends Service {
    * Lists the Security Hub administrator accounts. Can only be called by the organization management account.
    */
   listOrganizationAdminAccounts(callback?: (err: AWSError, data: SecurityHub.Types.ListOrganizationAdminAccountsResponse) => void): Request<SecurityHub.Types.ListOrganizationAdminAccountsResponse, AWSError>;
+  /**
+   *  Lists all of the security controls that apply to a specified standard. 
+   */
+  listSecurityControlDefinitions(params: SecurityHub.Types.ListSecurityControlDefinitionsRequest, callback?: (err: AWSError, data: SecurityHub.Types.ListSecurityControlDefinitionsResponse) => void): Request<SecurityHub.Types.ListSecurityControlDefinitionsResponse, AWSError>;
+  /**
+   *  Lists all of the security controls that apply to a specified standard. 
+   */
+  listSecurityControlDefinitions(callback?: (err: AWSError, data: SecurityHub.Types.ListSecurityControlDefinitionsResponse) => void): Request<SecurityHub.Types.ListSecurityControlDefinitionsResponse, AWSError>;
+  /**
+   *  Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account. 
+   */
+  listStandardsControlAssociations(params: SecurityHub.Types.ListStandardsControlAssociationsRequest, callback?: (err: AWSError, data: SecurityHub.Types.ListStandardsControlAssociationsResponse) => void): Request<SecurityHub.Types.ListStandardsControlAssociationsResponse, AWSError>;
+  /**
+   *  Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account. 
+   */
+  listStandardsControlAssociations(callback?: (err: AWSError, data: SecurityHub.Types.ListStandardsControlAssociationsResponse) => void): Request<SecurityHub.Types.ListStandardsControlAssociationsResponse, AWSError>;
   /**
    * Returns a list of tags associated with a resource.
    */
@@ -615,6 +655,7 @@ declare namespace SecurityHub {
     StandardsId?: NonEmptyString;
   }
   export type AssociatedStandardsList = AssociatedStandard[];
+  export type AssociationStatus = "ENABLED"|"DISABLED"|string;
   export type AutoEnableStandards = "NONE"|"DEFAULT"|string;
   export interface AvailabilityZone {
     /**
@@ -1378,7 +1419,7 @@ declare namespace SecurityHub {
      */
     BackupVaultEvents?: NonEmptyStringList;
     /**
-     * An ARN that uniquely identifies the Amazon SNS topic for a backup vault’s events. 
+     * The Amazon Resource Name (ARN) that uniquely identifies the Amazon SNS topic for a backup vault's events. 
      */
     SnsTopicArn?: NonEmptyString;
   }
@@ -3153,7 +3194,7 @@ declare namespace SecurityHub {
      */
     NetworkInterfaceCount?: AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails;
     /**
-     *  The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance, expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold. The parameter accepts an integer, which Amazon EC2 interprets as a percentage. A high value, such as 999999, turns off price protection.
+     *  The price protection threshold for On-Demand Instances. This is the maximum you'll pay for an On-Demand Instance, expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold. The parameter accepts an integer, which Amazon EC2 interprets as a percentage. A high value, such as 999999, turns off price protection.
      */
     OnDemandMaxPricePercentageOverLowestPrice?: Integer;
     /**
@@ -3161,7 +3202,7 @@ declare namespace SecurityHub {
      */
     RequireHibernateSupport?: Boolean;
     /**
-     *  The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.  The parameter accepts an integer, which Amazon EC2 interprets as a percentage. A high value, such as 999999, turns off price protection.
+     *  The price protection threshold for Spot Instances. This is the maximum you'll pay for a Spot Instance, expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.  The parameter accepts an integer, which Amazon EC2 interprets as a percentage. A high value, such as 999999, turns off price protection.
      */
     SpotMaxPricePercentageOverLowestPrice?: Integer;
     /**
@@ -3238,7 +3279,7 @@ declare namespace SecurityHub {
   }
   export interface AwsEc2LaunchTemplateDataMetadataOptionsDetails {
     /**
-     *  Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is enabled, and you won’t be able to access your instance metadata. 
+     *  Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is enabled, and you won't be able to access your instance metadata. 
      */
     HttpEndpoint?: NonEmptyString;
     /**
@@ -7929,7 +7970,7 @@ declare namespace SecurityHub {
      */
     DestinationRegion?: NonEmptyString;
     /**
-     * The number of days that manual snapshots are retained in the destination region after they are copied from a source region. If the value is -1, then the manual snapshot is retained indefinitely. Valid values: Either -1 or an integer between 1 and 3,653
+     * The number of days that manual snapshots are retained in the destination Region after they are copied from a source Region. If the value is -1, then the manual snapshot is retained indefinitely. Valid values: Either -1 or an integer between 1 and 3,653
      */
     ManualSnapshotRetentionPeriod?: Integer;
     /**
@@ -10139,6 +10180,38 @@ declare namespace SecurityHub {
      */
     StandardsSubscriptions?: StandardsSubscriptions;
   }
+  export interface BatchGetSecurityControlsRequest {
+    /**
+     *  A list of security controls (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters). The security control ID or Amazon Resource Name (ARN) is the same across standards. 
+     */
+    SecurityControlIds: StringList;
+  }
+  export interface BatchGetSecurityControlsResponse {
+    /**
+     *  An array that returns the identifier, Amazon Resource Name (ARN), and other details about a security control. The same information is returned whether the request includes SecurityControlId or SecurityControlArn. 
+     */
+    SecurityControls: SecurityControls;
+    /**
+     *  A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) for which details cannot be returned. 
+     */
+    UnprocessedIds?: UnprocessedSecurityControls;
+  }
+  export interface BatchGetStandardsControlAssociationsRequest {
+    /**
+     *  An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This field is used to query the enablement status of a control in a specified standard. The security control ID or ARN is the same across standards. 
+     */
+    StandardsControlAssociationIds: StandardsControlAssociationIds;
+  }
+  export interface BatchGetStandardsControlAssociationsResponse {
+    /**
+     * Provides the enablement status of a security control in a specified standard and other details for the control in relation to the specified standard. 
+     */
+    StandardsControlAssociationDetails: StandardsControlAssociationDetails;
+    /**
+     *  A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) whose enablement status in a specified standard cannot be returned. 
+     */
+    UnprocessedAssociations?: UnprocessedStandardsControlAssociations;
+  }
   export interface BatchImportFindingsRequest {
     /**
      * A list of findings to import. To successfully import a finding, it must follow the Amazon Web Services Security Finding Format. Maximum of 100 findings per request.
@@ -10224,6 +10297,18 @@ declare namespace SecurityHub {
     ErrorMessage: NonEmptyString;
   }
   export type BatchUpdateFindingsUnprocessedFindingsList = BatchUpdateFindingsUnprocessedFinding[];
+  export interface BatchUpdateStandardsControlAssociationsRequest {
+    /**
+     *  Updates the enablement status of a security control in a specified standard. 
+     */
+    StandardsControlAssociationUpdates: StandardsControlAssociationUpdates;
+  }
+  export interface BatchUpdateStandardsControlAssociationsResponse {
+    /**
+     *  A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) whose enablement status in a specified standard couldn't be updated. 
+     */
+    UnprocessedAssociationUpdates?: UnprocessedStandardsControlAssociationUpdates;
+  }
   export type Boolean = boolean;
   export interface BooleanFilter {
     /**
@@ -10362,6 +10447,7 @@ declare namespace SecurityHub {
      */
     Privileged?: Boolean;
   }
+  export type ControlFindingGenerator = "STANDARD_CONTROL"|"SECURITY_CONTROL"|string;
   export type ControlStatus = "ENABLED"|"DISABLED"|string;
   export interface Country {
     /**
@@ -10389,7 +10475,7 @@ declare namespace SecurityHub {
   }
   export interface CreateActionTargetResponse {
     /**
-     * The ARN for the custom action target.
+     * The Amazon Resource Name (ARN) for the custom action target.
      */
     ActionTargetArn: NonEmptyString;
   }
@@ -10556,7 +10642,7 @@ declare namespace SecurityHub {
   }
   export interface DeleteActionTargetRequest {
     /**
-     * The ARN of the custom action target to delete.
+     * The Amazon Resource Name (ARN) of the custom action target to delete.
      */
     ActionTargetArn: NonEmptyString;
   }
@@ -10653,6 +10739,10 @@ declare namespace SecurityHub {
      * Whether to automatically enable new controls when they are added to standards that are enabled. If set to true, then new controls for enabled standards are enabled automatically. If set to false, then new controls are not enabled.
      */
     AutoEnableControls?: Boolean;
+    /**
+     * Specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards. The value for this field in a member account matches the value in the administrator account. For accounts that aren't part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 9, 2023.
+     */
+    ControlFindingGenerator?: ControlFindingGenerator;
   }
   export interface DescribeOrganizationConfigurationRequest {
   }
@@ -10818,6 +10908,10 @@ declare namespace SecurityHub {
      * Whether to enable the security standards that Security Hub has designated as automatically enabled. If you do not provide a value for EnableDefaultStandards, it is set to true. To not enable the automatically enabled standards, set EnableDefaultStandards to false.
      */
     EnableDefaultStandards?: Boolean;
+    /**
+     * This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards. The value for this field in a member account matches the value in the administrator account. For accounts that aren't part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 9, 2023.
+     */
+    ControlFindingGenerator?: ControlFindingGenerator;
   }
   export interface EnableSecurityHubResponse {
   }
@@ -11345,6 +11439,54 @@ declare namespace SecurityHub {
      */
     NextToken?: NextToken;
   }
+  export interface ListSecurityControlDefinitionsRequest {
+    /**
+     *  The Amazon Resource Name (ARN) of the standard that you want to view controls for. 
+     */
+    StandardsArn?: NonEmptyString;
+    /**
+     *  Optional pagination parameter. 
+     */
+    NextToken?: NextToken;
+    /**
+     *  An optional parameter that limits the total results of the API response to the specified number. If this parameter isn't provided in the request, the results include the first 25 security controls that apply to the specified standard. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 controls. This repeats until all controls for the standard are returned. 
+     */
+    MaxResults?: MaxResults;
+  }
+  export interface ListSecurityControlDefinitionsResponse {
+    /**
+     *  An array of controls that apply to the specified standard. 
+     */
+    SecurityControlDefinitions: SecurityControlDefinitions;
+    /**
+     *  A pagination parameter that's included in the response only if it was included in the request. 
+     */
+    NextToken?: NextToken;
+  }
+  export interface ListStandardsControlAssociationsRequest {
+    /**
+     *  The identifier of the control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) that you want to determine the enablement status of in each enabled standard. 
+     */
+    SecurityControlId: NonEmptyString;
+    /**
+     *  Optional pagination parameter. 
+     */
+    NextToken?: NextToken;
+    /**
+     *  An optional parameter that limits the total results of the API response to the specified number. If this parameter isn't provided in the request, the results include the first 25 standard and control associations. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 associations. This repeats until all associations for the specified control are returned. The number of results is limited by the number of supported Security Hub standards that you've enabled in the calling account. 
+     */
+    MaxResults?: MaxResults;
+  }
+  export interface ListStandardsControlAssociationsResponse {
+    /**
+     *  An array that provides the enablement status and other details for each security control that applies to each enabled standard. 
+     */
+    StandardsControlAssociationSummaries: StandardsControlAssociationSummaries;
+    /**
+     *  A pagination parameter that's included in the response only if it was included in the request. 
+     */
+    NextToken?: NextToken;
+  }
   export interface ListTagsForResourceRequest {
     /**
      * The ARN of the resource to retrieve tags for.
@@ -11833,6 +11975,7 @@ declare namespace SecurityHub {
   }
   export type RecordState = "ACTIVE"|"ARCHIVED"|string;
   export type Records = Record[];
+  export type RegionAvailabilityStatus = "AVAILABLE"|"UNAVAILABLE"|string;
   export interface RelatedFinding {
     /**
      * The ARN of the product that generated a related finding.
@@ -12453,6 +12596,64 @@ declare namespace SecurityHub {
      */
     Definition?: NonEmptyStringList;
   }
+  export interface SecurityControl {
+    /**
+     *  The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number, such as APIGateway.3. 
+     */
+    SecurityControlId: NonEmptyString;
+    /**
+     *  The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard. 
+     */
+    SecurityControlArn: NonEmptyString;
+    /**
+     * The title of a security control. 
+     */
+    Title: NonEmptyString;
+    /**
+     *  The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard. 
+     */
+    Description: NonEmptyString;
+    /**
+     *  A link to Security Hub documentation that explains how to remediate a failed finding for a security control. 
+     */
+    RemediationUrl: NonEmptyString;
+    /**
+     *  The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide. 
+     */
+    SeverityRating: SeverityRating;
+    /**
+     *  The status of a security control based on the compliance status of its findings. For more information about how control status is determined, see Determining the overall status of a control from its findings in the Security Hub User Guide. 
+     */
+    SecurityControlStatus: ControlStatus;
+  }
+  export interface SecurityControlDefinition {
+    /**
+     *  The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3). 
+     */
+    SecurityControlId: NonEmptyString;
+    /**
+     *  The title of a security control. 
+     */
+    Title: NonEmptyString;
+    /**
+     *  The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard. 
+     */
+    Description: NonEmptyString;
+    /**
+     *  A link to Security Hub documentation that explains how to remediate a failed finding for a security control. 
+     */
+    RemediationUrl: NonEmptyString;
+    /**
+     *  The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide. 
+     */
+    SeverityRating: SeverityRating;
+    /**
+     *  Specifies whether a security control is available in the current Amazon Web Services Region. 
+     */
+    CurrentRegionAvailability: RegionAvailabilityStatus;
+  }
+  export type SecurityControlDefinitions = SecurityControlDefinition[];
+  export type SecurityControls = SecurityControl[];
   export type SecurityGroups = NonEmptyString[];
   export interface SensitiveDataDetections {
     /**
@@ -12643,6 +12844,119 @@ declare namespace SecurityHub {
      */
     RelatedRequirements?: RelatedRequirementsList;
   }
+  export type StandardsControlArnList = NonEmptyString[];
+  export interface StandardsControlAssociationDetail {
+    /**
+     *  The Amazon Resource Name (ARN) of a security standard. 
+     */
+    StandardsArn: NonEmptyString;
+    /**
+     *  The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number, such as APIGateway.3. 
+     */
+    SecurityControlId: NonEmptyString;
+    /**
+     *  The ARN of a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard. 
+     */
+    SecurityControlArn: NonEmptyString;
+    /**
+     *  Specifies whether a control is enabled or disabled in a specified standard. 
+     */
+    AssociationStatus: AssociationStatus;
+    /**
+     *  The requirement that underlies a control in the compliance framework related to the standard. 
+     */
+    RelatedRequirements?: RelatedRequirementsList;
+    /**
+     *  The time at which the enablement status of the control in the specified standard was last updated. 
+     */
+    UpdatedAt?: Timestamp;
+    /**
+     *  The reason for updating the enablement status of a control in a specified standard. 
+     */
+    UpdatedReason?: NonEmptyString;
+    /**
+     *  The title of a control. This field may reference a specific standard. 
+     */
+    StandardsControlTitle?: NonEmptyString;
+    /**
+     *  The description of a control. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter may reference a specific standard. 
+     */
+    StandardsControlDescription?: NonEmptyString;
+    /**
+     *  Provides the input parameter that Security Hub uses to call the UpdateStandardsControl API. This API can be used to enable or disable a control in a specified standard. 
+     */
+    StandardsControlArns?: StandardsControlArnList;
+  }
+  export type StandardsControlAssociationDetails = StandardsControlAssociationDetail[];
+  export interface StandardsControlAssociationId {
+    /**
+     *  The unique identifier (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) of a security control across standards. 
+     */
+    SecurityControlId: NonEmptyString;
+    /**
+     *  The ARN of a standard. 
+     */
+    StandardsArn: NonEmptyString;
+  }
+  export type StandardsControlAssociationIds = StandardsControlAssociationId[];
+  export type StandardsControlAssociationSummaries = StandardsControlAssociationSummary[];
+  export interface StandardsControlAssociationSummary {
+    /**
+     *  The Amazon Resource Name (ARN) of a standard. 
+     */
+    StandardsArn: NonEmptyString;
+    /**
+     *  A unique standard-agnostic identifier for a control. Values for this field typically consist of an Amazon Web Service and a number, such as APIGateway.5. This field doesn't reference a specific standard. 
+     */
+    SecurityControlId: NonEmptyString;
+    /**
+     *  The ARN of a control, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard. 
+     */
+    SecurityControlArn: NonEmptyString;
+    /**
+     *  The enablement status of a control in a specific standard. 
+     */
+    AssociationStatus: AssociationStatus;
+    /**
+     *  The requirement that underlies this control in the compliance framework related to the standard. 
+     */
+    RelatedRequirements?: RelatedRequirementsList;
+    /**
+     *  The last time that a control's enablement status in a specified standard was updated. 
+     */
+    UpdatedAt?: Timestamp;
+    /**
+     *  The reason for updating the control's enablement status in a specified standard. 
+     */
+    UpdatedReason?: NonEmptyString;
+    /**
+     *  The title of a control. 
+     */
+    StandardsControlTitle?: NonEmptyString;
+    /**
+     *  The description of a control. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. The parameter may reference a specific standard. 
+     */
+    StandardsControlDescription?: NonEmptyString;
+  }
+  export interface StandardsControlAssociationUpdate {
+    /**
+     * The Amazon Resource Name (ARN) of the standard in which you want to update the control's enablement status.
+     */
+    StandardsArn: NonEmptyString;
+    /**
+     * The unique identifier for the security control whose enablement status you want to update.
+     */
+    SecurityControlId: NonEmptyString;
+    /**
+     * The desired enablement status of the control in the standard.
+     */
+    AssociationStatus: AssociationStatus;
+    /**
+     * The reason for updating the control's enablement status in the standard.
+     */
+    UpdatedReason?: NonEmptyString;
+  }
+  export type StandardsControlAssociationUpdates = StandardsControlAssociationUpdate[];
   export type StandardsControls = StandardsControl[];
   export type StandardsInputParameterMap = {[key: string]: NonEmptyString};
   export interface StandardsManagedBy {
@@ -12807,6 +13121,52 @@ declare namespace SecurityHub {
   export type ThreatList = Threat[];
   export type Timestamp = Date;
   export type TypeList = NonEmptyString[];
+  export type UnprocessedErrorCode = "INVALID_INPUT"|"ACCESS_DENIED"|"NOT_FOUND"|"LIMIT_EXCEEDED"|string;
+  export interface UnprocessedSecurityControl {
+    /**
+     *  The control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) for which a response couldn't be returned. 
+     */
+    SecurityControlId: NonEmptyString;
+    /**
+     *  The error code for the unprocessed security control. 
+     */
+    ErrorCode: UnprocessedErrorCode;
+    /**
+     *  The reason why the security control was unprocessed. 
+     */
+    ErrorReason?: NonEmptyString;
+  }
+  export type UnprocessedSecurityControls = UnprocessedSecurityControl[];
+  export interface UnprocessedStandardsControlAssociation {
+    /**
+     *  An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This parameter shows the specific controls for which the enablement status couldn't be retrieved in specified standards when calling BatchUpdateStandardsControlAssociations. 
+     */
+    StandardsControlAssociationId: StandardsControlAssociationId;
+    /**
+     * The error code for the unprocessed standard and control association. 
+     */
+    ErrorCode: UnprocessedErrorCode;
+    /**
+     * The reason why the standard and control association was unprocessed. 
+     */
+    ErrorReason?: NonEmptyString;
+  }
+  export interface UnprocessedStandardsControlAssociationUpdate {
+    /**
+     * An array of control and standard associations for which an update failed when calling BatchUpdateStandardsControlAssociations. 
+     */
+    StandardsControlAssociationUpdate: StandardsControlAssociationUpdate;
+    /**
+     * The error code for the unprocessed update of the control's enablement status in the specified standard.
+     */
+    ErrorCode: UnprocessedErrorCode;
+    /**
+     * The reason why a control's enablement status in the specified standard couldn't be updated. 
+     */
+    ErrorReason?: NonEmptyString;
+  }
+  export type UnprocessedStandardsControlAssociationUpdates = UnprocessedStandardsControlAssociationUpdate[];
+  export type UnprocessedStandardsControlAssociations = UnprocessedStandardsControlAssociation[];
   export interface UntagResourceRequest {
     /**
      * The ARN of the resource to remove the tags from.
@@ -12920,6 +13280,10 @@ declare namespace SecurityHub {
      * Whether to automatically enable new controls when they are added to standards that are enabled. By default, this is set to true, and new controls are enabled automatically. To not automatically enable new controls, set this to false. 
      */
     AutoEnableControls?: Boolean;
+    /**
+     * Updates whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards. If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards. For accounts that are part of an organization, this value can only be updated in the administrator account.
+     */
+    ControlFindingGenerator?: ControlFindingGenerator;
   }
   export interface UpdateSecurityHubConfigurationResponse {
   }

package/node_modules/aws-sdk/clients/servicecatalog.d.ts

@@ -252,11 +252,11 @@ declare class ServiceCatalog extends Service {
    */
   describePortfolioShares(callback?: (err: AWSError, data: ServiceCatalog.Types.DescribePortfolioSharesOutput) => void): Request<ServiceCatalog.Types.DescribePortfolioSharesOutput, AWSError>;
   /**
-   * Gets information about the specified product.
+   * Gets information about the specified product.   Running this operation with administrator access results in a failure. DescribeProductAsAdmin should be used instead.  
    */
   describeProduct(params: ServiceCatalog.Types.DescribeProductInput, callback?: (err: AWSError, data: ServiceCatalog.Types.DescribeProductOutput) => void): Request<ServiceCatalog.Types.DescribeProductOutput, AWSError>;
   /**
-   * Gets information about the specified product.
+   * Gets information about the specified product.   Running this operation with administrator access results in a failure. DescribeProductAsAdmin should be used instead.  
    */
   describeProduct(callback?: (err: AWSError, data: ServiceCatalog.Types.DescribeProductOutput) => void): Request<ServiceCatalog.Types.DescribeProductOutput, AWSError>;
   /**
@@ -428,11 +428,11 @@ declare class ServiceCatalog extends Service {
    */
   getProvisionedProductOutputs(callback?: (err: AWSError, data: ServiceCatalog.Types.GetProvisionedProductOutputsOutput) => void): Request<ServiceCatalog.Types.GetProvisionedProductOutputsOutput, AWSError>;
   /**
-   * Requests the import of a resource as an Service Catalog provisioned product that is associated to an Service Catalog product and provisioning artifact. Once imported, all supported Service Catalog governance actions are supported on the provisioned product. Resource import only supports CloudFormation stack ARNs. CloudFormation StackSets and non-root nested stacks are not supported. The CloudFormation stack must have one of the following statuses to be imported: CREATE_COMPLETE, UPDATE_COMPLETE, UPDATE_ROLLBACK_COMPLETE, IMPORT_COMPLETE, IMPORT_ROLLBACK_COMPLETE. Import of the resource requires that the CloudFormation stack template matches the associated Service Catalog product provisioning artifact.  The user or role that performs this operation must have the cloudformation:GetTemplate and cloudformation:DescribeStacks IAM policy permissions. 
+   *  Requests the import of a resource as an Service Catalog provisioned product that is associated to an Service Catalog product and provisioning artifact. Once imported, all supported governance actions are supported on the provisioned product.   Resource import only supports CloudFormation stack ARNs. CloudFormation StackSets, and non-root nested stacks are not supported.   The CloudFormation stack must have one of the following statuses to be imported: CREATE_COMPLETE, UPDATE_COMPLETE, UPDATE_ROLLBACK_COMPLETE, IMPORT_COMPLETE, and IMPORT_ROLLBACK_COMPLETE.   Import of the resource requires that the CloudFormation stack template matches the associated Service Catalog product provisioning artifact.    When you import an existing CloudFormation stack into a portfolio, constraints that are associated with the product aren't applied during the import process. The constraints are applied after you call UpdateProvisionedProduct for the provisioned product.    The user or role that performs this operation must have the cloudformation:GetTemplate and cloudformation:DescribeStacks IAM policy permissions. 
    */
   importAsProvisionedProduct(params: ServiceCatalog.Types.ImportAsProvisionedProductInput, callback?: (err: AWSError, data: ServiceCatalog.Types.ImportAsProvisionedProductOutput) => void): Request<ServiceCatalog.Types.ImportAsProvisionedProductOutput, AWSError>;
   /**
-   * Requests the import of a resource as an Service Catalog provisioned product that is associated to an Service Catalog product and provisioning artifact. Once imported, all supported Service Catalog governance actions are supported on the provisioned product. Resource import only supports CloudFormation stack ARNs. CloudFormation StackSets and non-root nested stacks are not supported. The CloudFormation stack must have one of the following statuses to be imported: CREATE_COMPLETE, UPDATE_COMPLETE, UPDATE_ROLLBACK_COMPLETE, IMPORT_COMPLETE, IMPORT_ROLLBACK_COMPLETE. Import of the resource requires that the CloudFormation stack template matches the associated Service Catalog product provisioning artifact.  The user or role that performs this operation must have the cloudformation:GetTemplate and cloudformation:DescribeStacks IAM policy permissions. 
+   *  Requests the import of a resource as an Service Catalog provisioned product that is associated to an Service Catalog product and provisioning artifact. Once imported, all supported governance actions are supported on the provisioned product.   Resource import only supports CloudFormation stack ARNs. CloudFormation StackSets, and non-root nested stacks are not supported.   The CloudFormation stack must have one of the following statuses to be imported: CREATE_COMPLETE, UPDATE_COMPLETE, UPDATE_ROLLBACK_COMPLETE, IMPORT_COMPLETE, and IMPORT_ROLLBACK_COMPLETE.   Import of the resource requires that the CloudFormation stack template matches the associated Service Catalog product provisioning artifact.    When you import an existing CloudFormation stack into a portfolio, constraints that are associated with the product aren't applied during the import process. The constraints are applied after you call UpdateProvisionedProduct for the provisioned product.    The user or role that performs this operation must have the cloudformation:GetTemplate and cloudformation:DescribeStacks IAM policy permissions. 
    */
   importAsProvisionedProduct(callback?: (err: AWSError, data: ServiceCatalog.Types.ImportAsProvisionedProductOutput) => void): Request<ServiceCatalog.Types.ImportAsProvisionedProductOutput, AWSError>;
   /**
@@ -460,11 +460,11 @@ declare class ServiceCatalog extends Service {
    */
   listConstraintsForPortfolio(callback?: (err: AWSError, data: ServiceCatalog.Types.ListConstraintsForPortfolioOutput) => void): Request<ServiceCatalog.Types.ListConstraintsForPortfolioOutput, AWSError>;
   /**
-   * Lists the paths to the specified product. A path is how the user has access to a specified product, and is necessary when provisioning a product. A path also determines the constraints put on the product.
+   *  Lists the paths to the specified product. A path describes how the user gets access to a specified product and is necessary when provisioning a product. A path also determines the constraints that are put on a product. A path is dependent on a specific product, porfolio, and principal.    When provisioning a product that's been added to a portfolio, you must grant your user, group, or role access to the portfolio. For more information, see Granting users access in the Service Catalog User Guide.  
    */
   listLaunchPaths(params: ServiceCatalog.Types.ListLaunchPathsInput, callback?: (err: AWSError, data: ServiceCatalog.Types.ListLaunchPathsOutput) => void): Request<ServiceCatalog.Types.ListLaunchPathsOutput, AWSError>;
   /**
-   * Lists the paths to the specified product. A path is how the user has access to a specified product, and is necessary when provisioning a product. A path also determines the constraints put on the product.
+   *  Lists the paths to the specified product. A path describes how the user gets access to a specified product and is necessary when provisioning a product. A path also determines the constraints that are put on a product. A path is dependent on a specific product, porfolio, and principal.    When provisioning a product that's been added to a portfolio, you must grant your user, group, or role access to the portfolio. For more information, see Granting users access in the Service Catalog User Guide.  
    */
   listLaunchPaths(callback?: (err: AWSError, data: ServiceCatalog.Types.ListLaunchPathsOutput) => void): Request<ServiceCatalog.Types.ListLaunchPathsOutput, AWSError>;
   /**
@@ -580,11 +580,11 @@ declare class ServiceCatalog extends Service {
    */
   listTagOptions(callback?: (err: AWSError, data: ServiceCatalog.Types.ListTagOptionsOutput) => void): Request<ServiceCatalog.Types.ListTagOptionsOutput, AWSError>;
   /**
-   * Provisions the specified product. A provisioned product is a resourced instance of a product. For example, provisioning a product based on a CloudFormation template launches a CloudFormation stack and its underlying resources. You can check the status of this request using DescribeRecord. If the request contains a tag key with an empty list of values, there is a tag conflict for that key. Do not include conflicted keys as tags, or this causes the error "Parameter validation failed: Missing required parameter in Tags[N]:Value".
+   *  Provisions the specified product.   A provisioned product is a resourced instance of a product. For example, provisioning a product that's based on an CloudFormation template launches an CloudFormation stack and its underlying resources. You can check the status of this request using DescribeRecord.   If the request contains a tag key with an empty list of values, there's a tag conflict for that key. Don't include conflicted keys as tags, or this will cause the error "Parameter validation failed: Missing required parameter in Tags[N]:Value".    When provisioning a product that's been added to a portfolio, you must grant your user, group, or role access to the portfolio. For more information, see Granting users access in the Service Catalog User Guide.  
    */
   provisionProduct(params: ServiceCatalog.Types.ProvisionProductInput, callback?: (err: AWSError, data: ServiceCatalog.Types.ProvisionProductOutput) => void): Request<ServiceCatalog.Types.ProvisionProductOutput, AWSError>;
   /**
-   * Provisions the specified product. A provisioned product is a resourced instance of a product. For example, provisioning a product based on a CloudFormation template launches a CloudFormation stack and its underlying resources. You can check the status of this request using DescribeRecord. If the request contains a tag key with an empty list of values, there is a tag conflict for that key. Do not include conflicted keys as tags, or this causes the error "Parameter validation failed: Missing required parameter in Tags[N]:Value".
+   *  Provisions the specified product.   A provisioned product is a resourced instance of a product. For example, provisioning a product that's based on an CloudFormation template launches an CloudFormation stack and its underlying resources. You can check the status of this request using DescribeRecord.   If the request contains a tag key with an empty list of values, there's a tag conflict for that key. Don't include conflicted keys as tags, or this will cause the error "Parameter validation failed: Missing required parameter in Tags[N]:Value".    When provisioning a product that's been added to a portfolio, you must grant your user, group, or role access to the portfolio. For more information, see Granting users access in the Service Catalog User Guide.  
    */
   provisionProduct(callback?: (err: AWSError, data: ServiceCatalog.Types.ProvisionProductOutput) => void): Request<ServiceCatalog.Types.ProvisionProductOutput, AWSError>;
   /**
@@ -620,11 +620,11 @@ declare class ServiceCatalog extends Service {
    */
   searchProductsAsAdmin(callback?: (err: AWSError, data: ServiceCatalog.Types.SearchProductsAsAdminOutput) => void): Request<ServiceCatalog.Types.SearchProductsAsAdminOutput, AWSError>;
   /**
-   * Gets information about the provisioned products that meet the specified criteria.  To ensure a complete list of provisioned products and remove duplicate products, use sort-by createdTime.  Here is a CLI example:     aws servicecatalog search-provisioned-products --sort-by createdTime   
+   * Gets information about the provisioned products that meet the specified criteria.
    */
   searchProvisionedProducts(params: ServiceCatalog.Types.SearchProvisionedProductsInput, callback?: (err: AWSError, data: ServiceCatalog.Types.SearchProvisionedProductsOutput) => void): Request<ServiceCatalog.Types.SearchProvisionedProductsOutput, AWSError>;
   /**
-   * Gets information about the provisioned products that meet the specified criteria.  To ensure a complete list of provisioned products and remove duplicate products, use sort-by createdTime.  Here is a CLI example:     aws servicecatalog search-provisioned-products --sort-by createdTime   
+   * Gets information about the provisioned products that meet the specified criteria.
    */
   searchProvisionedProducts(callback?: (err: AWSError, data: ServiceCatalog.Types.SearchProvisionedProductsOutput) => void): Request<ServiceCatalog.Types.SearchProvisionedProductsOutput, AWSError>;
   /**

package/node_modules/aws-sdk/dist/aws-sdk-core-react-native.js

@@ -83,7 +83,7 @@ return /******/ (function(modules) { // webpackBootstrap
 	  /**
 	   * @constant
 	   */
-	  VERSION: '2.1322.0',
+	  VERSION: '2.1323.0',
 
 	  /**
 	   * @api private