npm - cdk-lambda-subminute - Versions diffs - 2.0.310 → 2.0.312 - Mend

cdk-lambda-subminute 2.0.310 → 2.0.312

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (176) hide show

package/node_modules/aws-sdk/apis/securityhub-2018-10-26.examples.json CHANGED Viewed

@@ -208,6 +208,57 @@
         "title": "To update one ore more automation rules"
       }
     ],
+    "BatchGetConfigurationPolicyAssociations": [
+      {
+        "input": {
+          "ConfigurationPolicyAssociationIdentifiers": [
+            {
+              "Target": {
+                "AccountId": "111122223333"
+              }
+            },
+            {
+              "Target": {
+                "RootId": "r-f6g7h8i9j0example"
+              }
+            }
+          ]
+        },
+        "output": {
+          "ConfigurationPolicyAssociations": [
+            {
+              "AssociationStatus": "SUCCESS",
+              "AssociationStatusMessage": "This field is only populated for a failed association",
+              "AssociationType": "INHERITED",
+              "ConfigurationPolicyId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+              "TargetId": "111122223333",
+              "TargetType": "ACCOUNT",
+              "UpdatedAt": "2023-01-11T06:17:17.154Z"
+            }
+          ],
+          "UnprocessedConfigurationPolicyAssociations": [
+            {
+              "ConfigurationPolicyAssociationIdentifiers": {
+                "Target": {
+                  "RootId": "r-f6g7h8i9j0example"
+                }
+              },
+              "ErrorCode": "400",
+              "ErrorReason": "You do not have sufficient access to perform this action."
+            }
+          ]
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "This operation provides details about configuration associations for a batch of target accounts, organizational units, or the root.",
+        "id": "to-get-configuration-associations-for-a-batch-of-targets-1695178953302",
+        "title": "To get configuration associations for a batch of targets"
+      }
+    ],
     "BatchGetSecurityControls": [
       {
         "input": {
@@ -220,21 +271,41 @@
           "SecurityControls": [
             {
               "Description": "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.",
+              "LastUpdateReason": "Stayed with default value",
+              "Parameters": {
+                "daysToExpiration": {
+                  "Value": {
+                    "Integer": 30
+                  },
+                  "ValueType": "DEFAULT"
+                }
+              },
               "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation",
               "SecurityControlArn": "arn:aws:securityhub:us-west-2:123456789012:security-control/ACM.1",
               "SecurityControlId": "ACM.1",
               "SecurityControlStatus": "ENABLED",
               "SeverityRating": "MEDIUM",
-              "Title": "Imported and ACM-issued certificates should be renewed after a specified time period"
+              "Title": "Imported and ACM-issued certificates should be renewed after a specified time period",
+              "UpdateStatus": "UPDATING"
             },
             {
               "Description": "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.",
+              "LastUpdateReason": "Updated control parameters to comply with internal requirements",
+              "Parameters": {
+                "loggingLevel": {
+                  "Value": {
+                    "Enum": "ERROR"
+                  },
+                  "ValueType": "CUSTOM"
+                }
+              },
               "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation",
               "SecurityControlArn": "arn:aws:securityhub:us-west-2:123456789012:security-control/APIGateway.1",
               "SecurityControlId": "APIGateway.1",
               "SecurityControlStatus": "ENABLED",
               "SeverityRating": "MEDIUM",
-              "Title": "API Gateway REST and WebSocket API execution logging should be enabled"
+              "Title": "API Gateway REST and WebSocket API execution logging should be enabled",
+              "UpdateStatus": "UPDATING"
             }
           ]
         },
@@ -587,6 +658,85 @@
         "title": "To create an automation rule"
       }
     ],
+    "CreateConfigurationPolicy": [
+      {
+        "input": {
+          "ConfigurationPolicy": {
+            "SecurityHub": {
+              "EnabledStandardIdentifiers": [
+                "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
+                "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
+              ],
+              "SecurityControlsConfiguration": {
+                "DisabledSecurityControlIdentifiers": [
+                  "CloudWatch.1"
+                ],
+                "SecurityControlCustomParameters": [
+                  {
+                    "Parameters": {
+                      "daysToExpiration": {
+                        "Value": {
+                          "Integer": 14
+                        },
+                        "ValueType": "CUSTOM"
+                      }
+                    },
+                    "SecurityControlId": "ACM.1"
+                  }
+                ]
+              },
+              "ServiceEnabled": true
+            }
+          },
+          "Description": "Configuration policy for testing FSBP and CIS",
+          "Name": "TestConfigurationPolicy"
+        },
+        "output": {
+          "Arn": "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+          "ConfigurationPolicy": {
+            "SecurityHub": {
+              "EnabledStandardIdentifiers": [
+                "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
+                "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
+              ],
+              "SecurityControlsConfiguration": {
+                "DisabledSecurityControlIdentifiers": [
+                  "CloudWatch.1"
+                ],
+                "SecurityControlCustomParameters": [
+                  {
+                    "Parameters": {
+                      "daysToExpiration": {
+                        "Value": {
+                          "Integer": 14
+                        },
+                        "ValueType": "CUSTOM"
+                      }
+                    },
+                    "SecurityControlId": "ACM.1"
+                  }
+                ]
+              },
+              "ServiceEnabled": true
+            }
+          },
+          "CreatedAt": "2023-01-11T06:17:17.154Z",
+          "Description": "Configuration policy for testing FSBP and CIS",
+          "Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+          "Name": "TestConfigurationPolicy",
+          "UpdatedAt": "2023-01-11T06:17:17.154Z"
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "This operation creates a configuration policy in Security Hub.",
+        "id": "to-create-a-configuration-policy-1695172470099",
+        "title": "To create a configuration policy"
+      }
+    ],
     "CreateFindingAggregator": [
       {
         "input": {
@@ -721,6 +871,22 @@
         "title": "To delete a custom action target"
       }
     ],
+    "DeleteConfigurationPolicy": [
+      {
+        "input": {
+          "Identifier": "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "This operation deletes the specified configuration policy.",
+        "id": "to-delete-a-configuration-policy-1695174614062",
+        "title": "To delete a configuration policy"
+      }
+    ],
     "DeleteFindingAggregator": [
       {
         "input": {
@@ -857,9 +1023,13 @@
         "input": {
         },
         "output": {
-          "AutoEnable": true,
-          "AutoEnableStandards": "DEFAULT",
-          "MemberAccountLimitReached": true
+          "AutoEnable": false,
+          "AutoEnableStandards": "NONE",
+          "MemberAccountLimitReached": false,
+          "OrganizationConfiguration": {
+            "ConfigurationType": "CENTRAL",
+            "Status": "ENABLED"
+          }
         },
         "comments": {
           "input": {
@@ -867,9 +1037,9 @@
           "output": {
           }
         },
-        "description": "The following example returns details about the way in which AWS Organizations is configured for a Security Hub account that belongs to an organization. Only a Security Hub administrator account can call this operation.",
-        "id": "to-get-information-about-organizations-configuration-1676059786304",
-        "title": "To get information about Organizations configuration"
+        "description": "This operation provides information about the way your organization is configured in Security Hub. Only a Security Hub administrator account can invoke this operation.",
+        "id": "to-get-information-about-organization-configuration-1676059786304",
+        "title": "To get information about organization configuration"
       }
     ],
     "DescribeProducts": [
@@ -1158,6 +1328,84 @@
         "title": "To get details about the Security Hub administrator account"
       }
     ],
+    "GetConfigurationPolicy": [
+      {
+        "input": {
+          "Identifier": "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
+        },
+        "output": {
+          "Arn": "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+          "ConfigurationPolicy": {
+            "SecurityHub": {
+              "EnabledStandardIdentifiers": [
+                "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
+                "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
+              ],
+              "SecurityControlsConfiguration": {
+                "DisabledSecurityControlIdentifiers": [
+                  "CloudWatch.1"
+                ],
+                "SecurityControlCustomParameters": [
+                  {
+                    "Parameters": {
+                      "daysToExpiration": {
+                        "Value": {
+                          "Integer": 14
+                        },
+                        "ValueType": "CUSTOM"
+                      }
+                    },
+                    "SecurityControlId": "ACM.1"
+                  }
+                ]
+              },
+              "ServiceEnabled": true
+            }
+          },
+          "CreatedAt": "2023-01-11T06:17:17.154Z",
+          "Description": "Configuration policy for testing FSBP and CIS",
+          "Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+          "Name": "TestConfigurationPolicy",
+          "UpdatedAt": "2023-01-11T06:17:17.154Z"
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "This operation provides details about the specified configuration policy.",
+        "id": "to-get-details-about-a-configuration-policy-1695173701103",
+        "title": "To get details about a configuration policy"
+      }
+    ],
+    "GetConfigurationPolicyAssociation": [
+      {
+        "input": {
+          "Target": {
+            "AccountId": "111122223333"
+          }
+        },
+        "output": {
+          "AssociationStatus": "FAILED",
+          "AssociationStatusMessage": "Configuration Policy a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 couldn’t be applied to account 111122223333 in us-east-1 Region. Retry your request.",
+          "AssociationType": "INHERITED",
+          "ConfigurationPolicyId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+          "TargetId": "111122223333",
+          "TargetType": "ACCOUNT",
+          "UpdatedAt": "2023-01-11T06:17:17.154Z"
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "This operation provides details about configuration associations for a specific target account, organizational unit, or the root.",
+        "id": "to-get-details-about-a-configuration-association-1695177816371",
+        "title": "To get details about a configuration association"
+      }
+    ],
     "GetEnabledStandards": [
       {
         "input": {
@@ -1502,6 +1750,44 @@
         "title": "To get member account details"
       }
     ],
+    "GetSecurityControlDefinition": [
+      {
+        "input": {
+          "SecurityControlId": "EC2.4"
+        },
+        "output": {
+          "SecurityControlDefinition": {
+            "CurrentRegionAvailability": "AVAILABLE",
+            "Description": "This control checks whether an Amazon EC2 instance has been stopped for longer than the allowed number of days. The control fails if an EC2 instance is stopped for longer than the maximum allowed time period. Unless you provide a custom parameter value for the maximum allowed time period, Security Hub uses a default value of 30 days.",
+            "ParameterDefinitions": {
+              "AllowedDays": {
+                "ConfigurationOptions": {
+                  "Integer": {
+                    "DefaultValue": 30,
+                    "Max": 365,
+                    "Min": 1
+                  }
+                },
+                "Description": "Number of days the EC2 instance is allowed to be in a stopped state before generating a failed finding"
+              }
+            },
+            "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/EC2.4/remediation",
+            "SecurityControlId": "EC2.4",
+            "SeverityRating": "MEDIUM",
+            "Title": "Stopped Amazon EC2 instances should be removed after a specified time period"
+          }
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "The following example retrieves definition details for the specified security control.",
+        "id": "to-get-the-definition-of-a-security-control-1699283789356",
+        "title": "To get the definition of a security control."
+      }
+    ],
     "InviteMembers": [
       {
         "input": {
@@ -1568,6 +1854,69 @@
         "title": "To list automation rules"
       }
     ],
+    "ListConfigurationPolicies": [
+      {
+        "input": {
+          "MaxResults": 1,
+          "NextToken": "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf"
+        },
+        "output": {
+          "ConfigurationPolicySummaries": [
+            {
+              "Arn": "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+              "Description": "Configuration policy for testing FSBP and CIS",
+              "Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+              "Name": "TestConfigurationPolicy",
+              "ServiceEnabled": true,
+              "UpdatedAt": "2023-01-11T06:17:17.154Z"
+            }
+          ],
+          "NextToken": "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef"
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "This operation provides a list of your configuration policies, including metadata for each policy.",
+        "id": "to-view-a-list-of-configuration-policies-1695173268602",
+        "title": "To view a list of configuration policies"
+      }
+    ],
+    "ListConfigurationPolicyAssociations": [
+      {
+        "input": {
+          "Filters": {
+            "AssociationType": "APPLIED"
+          },
+          "MaxResults": 1,
+          "NextToken": "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf"
+        },
+        "output": {
+          "ConfigurationPolicyAssociationSummaries": [
+            {
+              "AssociationStatus": "PENDING",
+              "AssociationType": "APPLIED",
+              "ConfigurationPolicyId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+              "TargetId": "123456789012",
+              "TargetType": "ACCOUNT",
+              "UpdatedAt": "2023-01-11T06:17:17.154Z"
+            }
+          ],
+          "NextToken": "U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef"
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "This operation lists all of the associations between targets and configuration policies or self-managed behavior. Targets can include accounts, organizational units, or the root.",
+        "id": "to-list-configuration-associations-1695177309791",
+        "title": "To list configuration associations"
+      }
+    ],
     "ListEnabledProductsForImport": [
       {
         "output": {
@@ -1700,6 +2049,9 @@
           "SecurityControlDefinitions": [
             {
               "CurrentRegionAvailability": "AVAILABLE",
+              "CustomizableProperties": [
+                "Parameters"
+              ],
               "Description": "This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.",
               "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation",
               "SecurityControlId": "ACM.1",
@@ -1708,6 +2060,9 @@
             },
             {
               "CurrentRegionAvailability": "AVAILABLE",
+              "CustomizableProperties": [
+                "Parameters"
+              ],
               "Description": "This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.",
               "RemediationUrl": "https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation",
               "SecurityControlId": "APIGateway.1",
@@ -1806,6 +2161,53 @@
         "title": "To get a list of tags for a resource"
       }
     ],
+    "StartConfigurationPolicyAssociation": [
+      {
+        "input": {
+          "ConfigurationPolicyIdentifier": "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+          "Target": {
+            "AccountId": "111122223333"
+          }
+        },
+        "output": {
+          "AssociationStatus": "SUCCESS",
+          "AssociationStatusMessage": "This field is populated only if the association fails",
+          "AssociationType": "APPLIED",
+          "ConfigurationPolicyId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+          "TargetId": "111122223333",
+          "TargetType": "ACCOUNT",
+          "UpdatedAt": "2023-01-11T06:17:17.154Z"
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "This operation associates a configuration policy or self-managed behavior with the target account, organizational unit, or the root.",
+        "id": "to-associate-a-configuration-with-a-target-1695176455638",
+        "title": "To associate a configuration with a target"
+      }
+    ],
+    "StartConfigurationPolicyDisassociation": [
+      {
+        "input": {
+          "ConfigurationPolicyIdentifier": "SELF_MANAGED_SECURITY_HUB",
+          "Target": {
+            "RootId": "r-f6g7h8i9j0example"
+          }
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "This operation disassociates a configuration policy or self-managed behavior from the target account, organizational unit, or the root.",
+        "id": "to-disassociate-a-configuration-from-a-target-1695177176748",
+        "title": "To disassociate a configuration from a target"
+      }
+    ],
     "TagResource": [
       {
         "input": {
@@ -1863,6 +2265,89 @@
         "title": "To update the name and description of a custom action target"
       }
     ],
+    "UpdateConfigurationPolicy": [
+      {
+        "input": {
+          "ConfigurationPolicy": {
+            "SecurityHub": {
+              "EnabledStandardIdentifiers": [
+                "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
+                "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
+              ],
+              "SecurityControlsConfiguration": {
+                "DisabledSecurityControlIdentifiers": [
+                  "CloudWatch.1",
+                  "CloudWatch.2"
+                ],
+                "SecurityControlCustomParameters": [
+                  {
+                    "Parameters": {
+                      "daysToExpiration": {
+                        "Value": {
+                          "Integer": 21
+                        },
+                        "ValueType": "CUSTOM"
+                      }
+                    },
+                    "SecurityControlId": "ACM.1"
+                  }
+                ]
+              },
+              "ServiceEnabled": true
+            }
+          },
+          "Description": "Updated configuration policy for testing FSBP and CIS",
+          "Identifier": "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+          "Name": "TestConfigurationPolicy",
+          "UpdatedReason": "Enabling ACM.2"
+        },
+        "output": {
+          "Arn": "arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+          "ConfigurationPolicy": {
+            "SecurityHub": {
+              "EnabledStandardIdentifiers": [
+                "arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0",
+                "arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0"
+              ],
+              "SecurityControlsConfiguration": {
+                "DisabledSecurityControlIdentifiers": [
+                  "CloudWatch.1",
+                  "CloudWatch.2"
+                ],
+                "SecurityControlCustomParameters": [
+                  {
+                    "Parameters": {
+                      "daysToExpiration": {
+                        "Value": {
+                          "Integer": 21
+                        },
+                        "ValueType": "CUSTOM"
+                      }
+                    },
+                    "SecurityControlId": "ACM.1"
+                  }
+                ]
+              },
+              "ServiceEnabled": true
+            }
+          },
+          "CreatedAt": "2023-01-11T06:17:17.154Z",
+          "Description": "Updated configuration policy for testing FSBP and CIS",
+          "Id": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
+          "Name": "TestConfigurationPolicy",
+          "UpdatedAt": "2023-01-12T06:17:17.154Z"
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "This operation updates the specified configuration policy.",
+        "id": "to-update-a-configuration-policy-1695174120555",
+        "title": "To update a configuration policy"
+      }
+    ],
     "UpdateFindingAggregator": [
       {
         "input": {
@@ -1927,7 +2412,11 @@
     "UpdateOrganizationConfiguration": [
       {
         "input": {
-          "AutoEnable": true
+          "AutoEnable": false,
+          "AutoEnableStandards": "NONE",
+          "OrganizationConfiguration": {
+            "ConfigurationType": "CENTRAL"
+          }
         },
         "comments": {
           "input": {
@@ -1935,11 +2424,38 @@
           "output": {
           }
         },
-        "description": "The following example updates the configuration for an organization so that Security Hub is automatically activated for new member accounts. Only the Security Hub administrator account can call this operation.",
+        "description": "This operation updates the way your organization is configured in Security Hub. Only a Security Hub administrator account can invoke this operation.",
         "id": "to-update-organization-configuration-1678911630846",
         "title": "To update organization configuration"
       }
     ],
+    "UpdateSecurityControl": [
+      {
+        "input": {
+          "LastUpdateReason": "Comply with internal requirements",
+          "Parameters": {
+            "maxCredentialUsageAge": {
+              "Value": {
+                "Integer": 15
+              },
+              "ValueType": "CUSTOM"
+            }
+          },
+          "SecurityControlId": "ACM.1"
+        },
+        "output": {
+        },
+        "comments": {
+          "input": {
+          },
+          "output": {
+          }
+        },
+        "description": "The following example updates the specified security control. Specifically, this example updates control parameters.",
+        "id": "to-update-security-control-properties-1699282942434",
+        "title": "To update security control properties"
+      }
+    ],
     "UpdateSecurityHubConfiguration": [
       {
         "input": {