To attach an Application Load Balancer, Network Load Balancer, or Gateway Load Balancer, use the AttachLoadBalancerTargetGroups API operation instead.
Attaches one or more Classic Load Balancers to the specified Auto Scaling group. Amazon EC2 Auto Scaling registers the running instances with these Classic Load Balancers.
To describe the load balancers for an Auto Scaling group, call the DescribeLoadBalancers API. To detach the load balancer from the Auto Scaling group, call the DetachLoadBalancers API.
For more information, see Elastic Load Balancing and Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.
", "BatchDeleteScheduledAction": "Deletes one or more scheduled actions for the specified Auto Scaling group.
", "BatchPutScheduledUpdateGroupAction": "Creates or updates one or more scheduled scaling actions for an Auto Scaling group.
", - "CancelInstanceRefresh": "Cancels an instance refresh operation in progress. Cancellation does not roll back any replacements that have already been completed, but it prevents new replacements from being started.
For more information, see Replacing Auto Scaling Instances Based on an Instance Refresh.
", + "CancelInstanceRefresh": "Cancels an instance refresh operation in progress. Cancellation does not roll back any replacements that have already been completed, but it prevents new replacements from being started.
For more information, see Replacing Auto Scaling instances based on an instance refresh in the Amazon EC2 Auto Scaling User Guide.
", "CompleteLifecycleAction": "Completes the lifecycle action for the specified token or instance with the specified result.
This step is a part of the procedure for adding a lifecycle hook to an Auto Scaling group:
(Optional) Create a Lambda function and a rule that allows CloudWatch Events to invoke your Lambda function when Amazon EC2 Auto Scaling launches or terminates instances.
(Optional) Create a notification target and an IAM role. The target can be either an Amazon SQS queue or an Amazon SNS topic. The role allows Amazon EC2 Auto Scaling to publish lifecycle notifications to the target.
Create the lifecycle hook. Specify whether the hook is used when the instances launch or terminate.
If you need more time, record the lifecycle action heartbeat to keep the instance in a pending state.
If you finish before the timeout period ends, complete the lifecycle action.
For more information, see Amazon EC2 Auto Scaling lifecycle hooks in the Amazon EC2 Auto Scaling User Guide.
", "CreateAutoScalingGroup": "We strongly recommend using a launch template when calling this operation to ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2.
Creates an Auto Scaling group with the specified name and attributes.
If you exceed your maximum limit of Auto Scaling groups, the call fails. To query this limit, call the DescribeAccountLimits API. For information about updating this limit, see Amazon EC2 Auto Scaling service quotas in the Amazon EC2 Auto Scaling User Guide.
For introductory exercises for creating an Auto Scaling group, see Getting started with Amazon EC2 Auto Scaling and Tutorial: Set up a scaled and load-balanced application in the Amazon EC2 Auto Scaling User Guide. For more information, see Auto Scaling groups in the Amazon EC2 Auto Scaling User Guide.
Every Auto Scaling group has three size parameters (DesiredCapacity, MaxSize, and MinSize). Usually, you set these sizes based on a specific number of instances. However, if you configure a mixed instances policy that defines weights for the instance types, you must specify these sizes with the same units that you use for weighting instances.
Creates a launch configuration.
If you exceed your maximum limit of launch configurations, the call fails. To query this limit, call the DescribeAccountLimits API. For information about updating this limit, see Amazon EC2 Auto Scaling service quotas in the Amazon EC2 Auto Scaling User Guide.
For more information, see Launch configurations in the Amazon EC2 Auto Scaling User Guide.
", @@ -24,7 +24,7 @@ "DescribeAutoScalingGroups": "Describes one or more Auto Scaling groups.
", "DescribeAutoScalingInstances": "Describes one or more Auto Scaling instances.
", "DescribeAutoScalingNotificationTypes": "Describes the notification types that are supported by Amazon EC2 Auto Scaling.
", - "DescribeInstanceRefreshes": "Describes one or more instance refreshes.
You can determine the status of a request by looking at the Status parameter. The following are the possible statuses:
Pending - The request was created, but the operation has not started.
InProgress - The operation is in progress.
Successful - The operation completed successfully.
Failed - The operation failed to complete. You can troubleshoot using the status reason and the scaling activities.
Cancelling - An ongoing operation is being cancelled. Cancellation does not roll back any replacements that have already been completed, but it prevents new replacements from being started.
Cancelled - The operation is cancelled.
For more information, see Replacing Auto Scaling Instances Based on an Instance Refresh.
", + "DescribeInstanceRefreshes": "Describes one or more instance refreshes.
You can determine the status of a request by looking at the Status parameter. The following are the possible statuses:
Pending - The request was created, but the operation has not started.
InProgress - The operation is in progress.
Successful - The operation completed successfully.
Failed - The operation failed to complete. You can troubleshoot using the status reason and the scaling activities.
Cancelling - An ongoing operation is being cancelled. Cancellation does not roll back any replacements that have already been completed, but it prevents new replacements from being started.
Cancelled - The operation is cancelled.
For more information, see Replacing Auto Scaling instances based on an instance refresh in the Amazon EC2 Auto Scaling User Guide.
", "DescribeLaunchConfigurations": "Describes one or more launch configurations.
", "DescribeLifecycleHookTypes": "Describes the available types of lifecycle hooks.
The following hook types are supported:
autoscaling:EC2_INSTANCE_LAUNCHING
autoscaling:EC2_INSTANCE_TERMINATING
Describes the lifecycle hooks for the specified Auto Scaling group.
", @@ -55,7 +55,7 @@ "SetDesiredCapacity": "Sets the size of the specified Auto Scaling group.
If a scale-in activity occurs as a result of a new DesiredCapacity value that is lower than the current size of the group, the Auto Scaling group uses its termination policy to determine which instances to terminate.
For more information, see Manual scaling in the Amazon EC2 Auto Scaling User Guide.
", "SetInstanceHealth": "Sets the health status of the specified instance.
For more information, see Health checks for Auto Scaling instances in the Amazon EC2 Auto Scaling User Guide.
", "SetInstanceProtection": "Updates the instance protection settings of the specified instances.
For more information about preventing instances that are part of an Auto Scaling group from terminating on scale in, see Instance scale-in protection in the Amazon EC2 Auto Scaling User Guide.
If you exceed your maximum limit of instance IDs, which is 50 per Auto Scaling group, the call fails.
", - "StartInstanceRefresh": "Starts a new instance refresh operation, which triggers a rolling replacement of all previously launched instances in the Auto Scaling group with a new group of instances.
If successful, this call creates a new instance refresh request with a unique ID that you can use to track its progress. To query its status, call the DescribeInstanceRefreshes API. To describe the instance refreshes that have already run, call the DescribeInstanceRefreshes API. To cancel an instance refresh operation in progress, use the CancelInstanceRefresh API.
For more information, see Replacing Auto Scaling Instances Based on an Instance Refresh.
", + "StartInstanceRefresh": "Starts a new instance refresh operation, which triggers a rolling replacement of all previously launched instances in the Auto Scaling group with a new group of instances.
If successful, this call creates a new instance refresh request with a unique ID that you can use to track its progress. To query its status, call the DescribeInstanceRefreshes API. To describe the instance refreshes that have already run, call the DescribeInstanceRefreshes API. To cancel an instance refresh operation in progress, use the CancelInstanceRefresh API.
For more information, see Replacing Auto Scaling instances based on an instance refresh in the Amazon EC2 Auto Scaling User Guide.
", "SuspendProcesses": "Suspends the specified auto scaling processes, or all processes, for the specified Auto Scaling group.
If you suspend either the Launch or Terminate process types, it can prevent other process types from functioning properly. For more information, see Suspending and resuming scaling processes in the Amazon EC2 Auto Scaling User Guide.
To resume processes that have been suspended, call the ResumeProcesses API.
", "TerminateInstanceInAutoScalingGroup": "Terminates the specified instance and optionally adjusts the desired group size.
This call simply makes a termination request. The instance is not terminated immediately. When an instance is terminated, the instance status changes to terminated. You can't connect to or start an instance after you've terminated it.
If you do not specify the option to decrement the desired capacity, Amazon EC2 Auto Scaling launches instances to replace the ones that are terminated.
By default, Amazon EC2 Auto Scaling balances instances across all Availability Zones. If you decrement the desired capacity, your Auto Scaling group can become unbalanced between Availability Zones. Amazon EC2 Auto Scaling tries to rebalance the group, and rebalancing might terminate instances in other zones. For more information, see Rebalancing activities in the Amazon EC2 Auto Scaling User Guide.
", "UpdateAutoScalingGroup": "We strongly recommend that all Auto Scaling groups use launch templates to ensure full functionality for Amazon EC2 Auto Scaling and Amazon EC2.
Updates the configuration for the specified Auto Scaling group.
To update an Auto Scaling group, specify the name of the group and the parameter that you want to change. Any parameters that you don't specify are not changed by this update request. The new settings take effect on any scaling activities after this call returns.
If you associate a new launch configuration or template with an Auto Scaling group, all new instances will get the updated configuration. Existing instances continue to run with the configuration that they were originally launched with. When you update a group to specify a mixed instances policy instead of a launch configuration or template, existing instances may be replaced to match the new purchasing options that you specified in the policy. For example, if the group currently has 100% On-Demand capacity and the policy specifies 50% Spot capacity, this means that half of your instances will be gradually terminated and relaunched as Spot Instances. When replacing instances, Amazon EC2 Auto Scaling launches new instances before terminating the old ones, so that updating your group does not compromise the performance or availability of your application.
Note the following about changing DesiredCapacity, MaxSize, or MinSize:
If a scale-in activity occurs as a result of a new DesiredCapacity value that is lower than the current size of the group, the Auto Scaling group uses its termination policy to determine which instances to terminate.
If you specify a new value for MinSize without specifying a value for DesiredCapacity, and the new MinSize is larger than the current size of the group, this sets the group's DesiredCapacity to the new MinSize value.
If you specify a new value for MaxSize without specifying a value for DesiredCapacity, and the new MaxSize is smaller than the current size of the group, this sets the group's DesiredCapacity to the new MaxSize value.
To see which parameters have been set, call the DescribeAutoScalingGroups API. To view the scaling policies for an Auto Scaling group, call the DescribePolicies API. If the group has scaling policies, you can update them by calling the PutScalingPolicy API.
" @@ -355,6 +355,18 @@ "UpdateAutoScalingGroupType$CapacityRebalance": "Enables or disables Capacity Rebalancing. For more information, see Amazon EC2 Auto Scaling Capacity Rebalancing in the Amazon EC2 Auto Scaling User Guide.
" } }, + "CheckpointDelay": { + "base": null, + "refs": { + "RefreshPreferences$CheckpointDelay": "The amount of time, in seconds, to wait after a checkpoint before continuing. This property is optional, but if you specify a value for it, you must also specify a value for CheckpointPercentages. If you specify a value for CheckpointPercentages and not for CheckpointDelay, the CheckpointDelay defaults to 3600 (1 hour).
Threshold values for each checkpoint in ascending order. Each number must be unique. To replace all instances in the Auto Scaling group, the last number in the array must be 100.
For usage examples, see Adding checkpoints to an instance refresh in the Amazon EC2 Auto Scaling User Guide.
" + } + }, "ClassicLinkVPCSecurityGroups": { "base": null, "refs": { @@ -1162,6 +1174,12 @@ "BlockDeviceMapping$NoDevice": "Setting this value to true suppresses the specified device included in the block device mapping of the AMI.
If NoDevice is true for the root device, instances might fail the EC2 health check. In that case, Amazon EC2 Auto Scaling launches replacement instances.
If you specify NoDevice, you cannot specify Ebs.
Describes a notification.
", "refs": { @@ -1332,7 +1350,7 @@ } }, "RefreshPreferences": { - "base": "Describes information used to start an instance refresh.
", + "base": "Describes information used to start an instance refresh.
All properties are optional. However, if you specify a value for CheckpointDelay, you must also provide a value for CheckpointPercentages.
Set of preferences associated with the instance refresh request.
If not provided, the default values are used. For MinHealthyPercentage, the default value is 90. For InstanceWarmup, the default is to use the value specified for the health check grace period for the Auto Scaling group.
For more information, see RefreshPreferences in the Amazon EC2 Auto Scaling API Reference.
" } diff --git a/models/apis/redshift/2012-12-01/api-2.json b/models/apis/redshift/2012-12-01/api-2.json index 5595bf13cdd..6ee575ea0b3 100644 --- a/models/apis/redshift/2012-12-01/api-2.json +++ b/models/apis/redshift/2012-12-01/api-2.json @@ -1901,7 +1901,8 @@ "NextMaintenanceWindowStartTime":{"shape":"TStamp"}, "ResizeInfo":{"shape":"ResizeInfo"}, "AvailabilityZoneRelocationStatus":{"shape":"String"}, - "ClusterNamespaceArn":{"shape":"String"} + "ClusterNamespaceArn":{"shape":"String"}, + "TotalStorageCapacityInMegaBytes":{"shape":"LongOptional"} }, "wrapper":true }, @@ -4064,6 +4065,22 @@ "BreachAction":{"shape":"UsageLimitBreachAction"} } }, + "NetworkInterface":{ + "type":"structure", + "members":{ + "NetworkInterfaceId":{"shape":"String"}, + "SubnetId":{"shape":"String"}, + "PrivateIpAddress":{"shape":"String"}, + "AvailabilityZone":{"shape":"String"} + } + }, + "NetworkInterfaceList":{ + "type":"list", + "member":{ + "shape":"NetworkInterface", + "locationName":"NetworkInterface" + } + }, "NodeConfigurationOption":{ "type":"structure", "members":{ @@ -5519,7 +5536,9 @@ "VpcEndpoint":{ "type":"structure", "members":{ - "VpcEndpointId":{"shape":"String"} + "VpcEndpointId":{"shape":"String"}, + "VpcId":{"shape":"String"}, + "NetworkInterfaces":{"shape":"NetworkInterfaceList"} } }, "VpcEndpointsList":{ diff --git a/models/apis/redshift/2012-12-01/docs-2.json b/models/apis/redshift/2012-12-01/docs-2.json index 977b23e42a3..445749c7b0d 100644 --- a/models/apis/redshift/2012-12-01/docs-2.json +++ b/models/apis/redshift/2012-12-01/docs-2.json @@ -1356,7 +1356,7 @@ "refs": { "BatchModifyClusterSnapshotsMessage$ManualSnapshotRetentionPeriod": "The number of days that a manual snapshot is retained. If you specify the value -1, the manual snapshot is retained indefinitely.
The number must be either -1 or an integer between 1 and 3,653.
If you decrease the manual snapshot retention period from its current value, existing manual snapshots that fall outside of the new retention period will return an error. If you want to suppress the errors and delete the snapshots, use the force option.
", "CopyClusterSnapshotMessage$ManualSnapshotRetentionPeriod": "The number of days that a manual snapshot is retained. If the value is -1, the manual snapshot is retained indefinitely.
The value must be either -1 or an integer between 1 and 3,653.
The default value is -1.
", - "CreateClusterMessage$AutomatedSnapshotRetentionPeriod": "The number of days that automated snapshots are retained. If the value is 0, automated snapshots are disabled. Even if automated snapshots are disabled, you can still create manual snapshots when you want with CreateClusterSnapshot.
Default: 1
Constraints: Must be a value from 0 to 35.
", + "CreateClusterMessage$AutomatedSnapshotRetentionPeriod": "The number of days that automated snapshots are retained. If the value is 0, automated snapshots are disabled. Even if automated snapshots are disabled, you can still create manual snapshots when you want with CreateClusterSnapshot.
You can't disable automated snapshots for RA3 node types. Set the automated retention period from 1-35 days.
Default: 1
Constraints: Must be a value from 0 to 35.
", "CreateClusterMessage$ManualSnapshotRetentionPeriod": "The default number of days to retain a manual snapshot. If the value is -1, the snapshot is retained indefinitely. This setting doesn't change the retention period of existing snapshots.
The value must be either -1 or an integer between 1 and 3,653.
", "CreateClusterMessage$Port": "The port number on which the cluster accepts incoming connections.
The cluster is accessible only via the JDBC and ODBC connection strings. Part of the connection string requires the port on which the cluster will listen for incoming connections.
Default: 5439
Valid Values: 1150-65535
The number of compute nodes in the cluster. This parameter is required when the ClusterType parameter is specified as multi-node.
For information about determining how many nodes you need, go to Working with Clusters in the Amazon Redshift Cluster Management Guide.
If you don't specify this parameter, you get a single-node cluster. When requesting a multi-node cluster, you must specify the number of nodes that you want in the cluster.
Default: 1
Constraints: Value must be at least 1 and no more than 100.
", @@ -1394,7 +1394,7 @@ "GetReservedNodeExchangeOfferingsInputMessage$MaxRecords": "An integer setting the maximum number of ReservedNodeOfferings to retrieve.
", "ModifyClusterMaintenanceMessage$DeferMaintenanceDuration": "An integer indicating the duration of the maintenance window in days. If you specify a duration, you can't specify an end time. The duration must be 45 days or less.
", "ModifyClusterMessage$NumberOfNodes": "The new number of nodes of the cluster. If you specify a new number of nodes, you must also specify the node type parameter.
For more information about resizing clusters, go to Resizing Clusters in Amazon Redshift in the Amazon Redshift Cluster Management Guide.
Valid Values: Integer greater than 0.
The number of days that automated snapshots are retained. If the value is 0, automated snapshots are disabled. Even if automated snapshots are disabled, you can still create manual snapshots when you want with CreateClusterSnapshot.
If you decrease the automated snapshot retention period from its current value, existing automated snapshots that fall outside of the new retention period will be immediately deleted.
Default: Uses existing setting.
Constraints: Must be a value from 0 to 35.
", + "ModifyClusterMessage$AutomatedSnapshotRetentionPeriod": "The number of days that automated snapshots are retained. If the value is 0, automated snapshots are disabled. Even if automated snapshots are disabled, you can still create manual snapshots when you want with CreateClusterSnapshot.
If you decrease the automated snapshot retention period from its current value, existing automated snapshots that fall outside of the new retention period will be immediately deleted.
You can't disable automated snapshots for RA3 node types. Set the automated retention period from 1-35 days.
Default: Uses existing setting.
Constraints: Must be a value from 0 to 35.
", "ModifyClusterMessage$ManualSnapshotRetentionPeriod": "The default for number of days that a newly created manual snapshot is retained. If the value is -1, the manual snapshot is retained indefinitely. This value doesn't retroactively change the retention periods of existing manual snapshots.
The value must be either -1 or an integer between 1 and 3,653.
The default value is -1.
", "ModifyClusterMessage$Port": "The option to change the port of an Amazon Redshift cluster.
", "ModifyClusterSnapshotMessage$ManualSnapshotRetentionPeriod": "The number of days that a manual snapshot is retained. If the value is -1, the manual snapshot is retained indefinitely.
If the manual snapshot falls outside of the new retention period, you can specify the force option to immediately delete the snapshot.
The value must be either -1 or an integer between 1 and 3,653.
", @@ -1404,7 +1404,7 @@ "ResizeClusterMessage$NumberOfNodes": "The new number of nodes for the cluster. If not specified, the cluster's current number of nodes is used.
", "ResizeProgressMessage$TargetNumberOfNodes": "The number of nodes that the cluster will have after the resize operation is complete.
", "RestoreFromClusterSnapshotMessage$Port": "The port number on which the cluster accepts connections.
Default: The same port as the original cluster.
Constraints: Must be between 1115 and 65535.
The number of days that automated snapshots are retained. If the value is 0, automated snapshots are disabled. Even if automated snapshots are disabled, you can still create manual snapshots when you want with CreateClusterSnapshot.
Default: The value selected for the cluster from which the snapshot was taken.
Constraints: Must be a value from 0 to 35.
", + "RestoreFromClusterSnapshotMessage$AutomatedSnapshotRetentionPeriod": "The number of days that automated snapshots are retained. If the value is 0, automated snapshots are disabled. Even if automated snapshots are disabled, you can still create manual snapshots when you want with CreateClusterSnapshot.
You can't disable automated snapshots for RA3 node types. Set the automated retention period from 1-35 days.
Default: The value selected for the cluster from which the snapshot was taken.
Constraints: Must be a value from 0 to 35.
", "RestoreFromClusterSnapshotMessage$ManualSnapshotRetentionPeriod": "The default number of days to retain a manual snapshot. If the value is -1, the snapshot is retained indefinitely. This setting doesn't change the retention period of existing snapshots.
The value must be either -1 or an integer between 1 and 3,653.
", "RestoreFromClusterSnapshotMessage$NumberOfNodes": "The number of nodes specified when provisioning the restored cluster.
", "Snapshot$ManualSnapshotRetentionPeriod": "The number of days that a manual snapshot is retained. If the value is -1, the manual snapshot is retained indefinitely.
The value must be either -1 or an integer between 1 and 3,653.
", @@ -1566,6 +1566,7 @@ "LongOptional": { "base": null, "refs": { + "Cluster$TotalStorageCapacityInMegaBytes": "The total storage capacity of the cluster in megabytes.
", "DataTransferProgress$EstimatedTimeToCompletionInSeconds": "Describes the estimated number of seconds remaining to complete the transfer.
", "DataTransferProgress$ElapsedTimeInSeconds": "Describes the number of seconds that have elapsed during the data transfer.
", "ModifyUsageLimitMessage$Amount": "The new limit amount. For more information about this parameter, see UsageLimit.
", @@ -1694,6 +1695,18 @@ "refs": { } }, + "NetworkInterface": { + "base": "Describes a network interface.
", + "refs": { + "NetworkInterfaceList$member": null + } + }, + "NetworkInterfaceList": { + "base": null, + "refs": { + "VpcEndpoint$NetworkInterfaces": "One or more network interfaces of the endpoint. Also known as an interface endpoint.
" + } + }, "NodeConfigurationOption": { "base": "A list of node configurations.
", "refs": { @@ -2636,6 +2649,10 @@ "ModifySnapshotCopyRetentionPeriodMessage$ClusterIdentifier": "The unique identifier of the cluster for which you want to change the retention period for either automated or manual snapshots that are copied to a destination AWS Region.
Constraints: Must be the valid name of an existing cluster that has cross-region snapshot copy enabled.
", "ModifySnapshotScheduleMessage$ScheduleIdentifier": "A unique alphanumeric identifier of the schedule to modify.
", "ModifyUsageLimitMessage$UsageLimitId": "The identifier of the usage limit to modify.
", + "NetworkInterface$NetworkInterfaceId": "The network interface identifier.
", + "NetworkInterface$SubnetId": "The subnet identifier.
", + "NetworkInterface$PrivateIpAddress": "The IPv4 address of the network interface within the subnet.
", + "NetworkInterface$AvailabilityZone": "The Availability Zone.
", "NodeConfigurationOption$NodeType": "The node type, such as, \"ds2.8xlarge\".
", "NodeConfigurationOptionsMessage$Marker": "A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned marker value in the Marker parameter and retrying the command. If the Marker field is empty, all response records have been retrieved for the request.
The version of the orderable cluster.
", @@ -2643,7 +2660,7 @@ "OrderableClusterOption$NodeType": "The node type for the orderable cluster.
", "OrderableClusterOptionsMessage$Marker": "A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned marker value in the Marker parameter and retrying the command. If the Marker field is empty, all response records have been retrieved for the request.
The name of the parameter.
", - "Parameter$ParameterValue": "The value of the parameter.
", + "Parameter$ParameterValue": "The value of the parameter. If ParameterName is wlm_json_configuration, then the maximum size of ParameterValue is 8000 characters.
A description of the parameter.
", "Parameter$Source": "The source of the parameter value, such as \"engine-default\" or \"user\".
", "Parameter$DataType": "The data type of the parameter.
", @@ -2785,6 +2802,7 @@ "UsageLimitList$Marker": "A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned marker value in the Marker parameter and retrying the command. If the Marker field is empty, all response records have been retrieved for the request.
The connection endpoint ID for connecting an Amazon Redshift cluster through the proxy.
", + "VpcEndpoint$VpcId": "The VPC identifier that the endpoint is associated.
", "VpcSecurityGroupIdList$member": null, "VpcSecurityGroupMembership$VpcSecurityGroupId": "The identifier of the VPC security group.
", "VpcSecurityGroupMembership$Status": "The status of the VPC security group.
" diff --git a/models/apis/securityhub/2018-10-26/api-2.json b/models/apis/securityhub/2018-10-26/api-2.json index 791e0adeb46..c4b74d5b509 100644 --- a/models/apis/securityhub/2018-10-26/api-2.json +++ b/models/apis/securityhub/2018-10-26/api-2.json @@ -2693,13 +2693,23 @@ "type":"list", "member":{"shape":"AwsRedshiftClusterVpcSecurityGroup"} }, + "AwsS3AccountPublicAccessBlockDetails":{ + "type":"structure", + "members":{ + "BlockPublicAcls":{"shape":"Boolean"}, + "BlockPublicPolicy":{"shape":"Boolean"}, + "IgnorePublicAcls":{"shape":"Boolean"}, + "RestrictPublicBuckets":{"shape":"Boolean"} + } + }, "AwsS3BucketDetails":{ "type":"structure", "members":{ "OwnerId":{"shape":"NonEmptyString"}, "OwnerName":{"shape":"NonEmptyString"}, "CreatedAt":{"shape":"NonEmptyString"}, - "ServerSideEncryptionConfiguration":{"shape":"AwsS3BucketServerSideEncryptionConfiguration"} + "ServerSideEncryptionConfiguration":{"shape":"AwsS3BucketServerSideEncryptionConfiguration"}, + "PublicAccessBlockConfiguration":{"shape":"AwsS3AccountPublicAccessBlockDetails"} } }, "AwsS3BucketServerSideEncryptionByDefault":{ @@ -2763,10 +2773,8 @@ "ProductArn", "GeneratorId", "AwsAccountId", - "Types", "CreatedAt", "UpdatedAt", - "Severity", "Title", "Description", "Resources" @@ -2806,7 +2814,8 @@ "Note":{"shape":"Note"}, "Vulnerabilities":{"shape":"VulnerabilityList"}, "PatchSummary":{"shape":"PatchSummary"}, - "Action":{"shape":"Action"} + "Action":{"shape":"Action"}, + "FindingProviderFields":{"shape":"FindingProviderFields"} } }, "AwsSecurityFindingFilters":{ @@ -2821,8 +2830,16 @@ "LastObservedAt":{"shape":"DateFilterList"}, "CreatedAt":{"shape":"DateFilterList"}, "UpdatedAt":{"shape":"DateFilterList"}, - "SeverityProduct":{"shape":"NumberFilterList"}, - "SeverityNormalized":{"shape":"NumberFilterList"}, + "SeverityProduct":{ + "shape":"NumberFilterList", + "deprecated":true, + "deprecatedMessage":"This filter is deprecated, use FindingProviiltersSeverityOriginal instead." + }, + "SeverityNormalized":{ + "shape":"NumberFilterList", + "deprecated":true, + "deprecatedMessage":"This filter is deprecated, use SeverityLabel or FindingProviderFieldsSeverityLabel instead." + }, "SeverityLabel":{"shape":"StringFilterList"}, "Confidence":{"shape":"NumberFilterList"}, "Criticality":{"shape":"NumberFilterList"}, @@ -2895,7 +2912,14 @@ "NoteText":{"shape":"StringFilterList"}, "NoteUpdatedAt":{"shape":"DateFilterList"}, "NoteUpdatedBy":{"shape":"StringFilterList"}, - "Keyword":{"shape":"KeywordFilterList"} + "Keyword":{"shape":"KeywordFilterList"}, + "FindingProviderFieldsConfidence":{"shape":"NumberFilterList"}, + "FindingProviderFieldsCriticality":{"shape":"NumberFilterList"}, + "FindingProviderFieldsRelatedFindingsId":{"shape":"StringFilterList"}, + "FindingProviderFieldsRelatedFindingsProductArn":{"shape":"StringFilterList"}, + "FindingProviderFieldsSeverityLabel":{"shape":"StringFilterList"}, + "FindingProviderFieldsSeverityOriginal":{"shape":"StringFilterList"}, + "FindingProviderFieldsTypes":{"shape":"StringFilterList"} } }, "AwsSecurityFindingIdentifier":{ @@ -3035,9 +3059,15 @@ "type":"structure", "required":["Findings"], "members":{ - "Findings":{"shape":"AwsSecurityFindingList"} + "Findings":{"shape":"BatchImportFindingsRequestFindingList"} } }, + "BatchImportFindingsRequestFindingList":{ + "type":"list", + "member":{"shape":"AwsSecurityFinding"}, + "max":100, + "min":1 + }, "BatchImportFindingsResponse":{ "type":"structure", "required":[ @@ -3099,6 +3129,19 @@ "type":"list", "member":{"shape":"NonEmptyString"} }, + "Cell":{ + "type":"structure", + "members":{ + "Column":{"shape":"Long"}, + "Row":{"shape":"Long"}, + "ColumnName":{"shape":"NonEmptyString"}, + "CellReference":{"shape":"NonEmptyString"} + } + }, + "Cells":{ + "type":"list", + "member":{"shape":"Cell"} + }, "CidrBlockAssociation":{ "type":"structure", "members":{ @@ -3117,6 +3160,24 @@ "CityName":{"shape":"NonEmptyString"} } }, + "ClassificationResult":{ + "type":"structure", + "members":{ + "MimeType":{"shape":"NonEmptyString"}, + "SizeClassified":{"shape":"Long"}, + "AdditionalOccurrences":{"shape":"Boolean"}, + "Status":{"shape":"ClassificationStatus"}, + "SensitiveData":{"shape":"SensitiveDataResultList"}, + "CustomDataIdentifiers":{"shape":"CustomDataIdentifiersResult"} + } + }, + "ClassificationStatus":{ + "type":"structure", + "members":{ + "Code":{"shape":"NonEmptyString"}, + "Reason":{"shape":"NonEmptyString"} + } + }, "Compliance":{ "type":"structure", "members":{ @@ -3215,6 +3276,26 @@ "max":50, "min":1 }, + "CustomDataIdentifiersDetections":{ + "type":"structure", + "members":{ + "Count":{"shape":"Long"}, + "Arn":{"shape":"NonEmptyString"}, + "Name":{"shape":"NonEmptyString"}, + "Occurrences":{"shape":"Occurrences"} + } + }, + "CustomDataIdentifiersDetectionsList":{ + "type":"list", + "member":{"shape":"CustomDataIdentifiersDetections"} + }, + "CustomDataIdentifiersResult":{ + "type":"structure", + "members":{ + "Detections":{"shape":"CustomDataIdentifiersDetectionsList"}, + "TotalCount":{"shape":"Long"} + } + }, "Cvss":{ "type":"structure", "members":{ @@ -3227,6 +3308,13 @@ "type":"list", "member":{"shape":"Cvss"} }, + "DataClassificationDetails":{ + "type":"structure", + "members":{ + "DetailedResultsLocation":{"shape":"NonEmptyString"}, + "Result":{"shape":"ClassificationResult"} + } + }, "DateFilter":{ "type":"structure", "members":{ @@ -3560,6 +3648,23 @@ "key":{"shape":"NonEmptyString"}, "value":{"shape":"NonEmptyString"} }, + "FindingProviderFields":{ + "type":"structure", + "members":{ + "Confidence":{"shape":"RatioScale"}, + "Criticality":{"shape":"RatioScale"}, + "RelatedFindings":{"shape":"RelatedFindingList"}, + "Severity":{"shape":"FindingProviderSeverity"}, + "Types":{"shape":"TypeList"} + } + }, + "FindingProviderSeverity":{ + "type":"structure", + "members":{ + "Label":{"shape":"SeverityLabel"}, + "Original":{"shape":"NonEmptyString"} + } + }, "GeoLocation":{ "type":"structure", "members":{ @@ -4155,6 +4260,28 @@ "type":"list", "member":{"shape":"NumberFilter"} }, + "Occurrences":{ + "type":"structure", + "members":{ + "LineRanges":{"shape":"Ranges"}, + "OffsetRanges":{"shape":"Ranges"}, + "Pages":{"shape":"Pages"}, + "Records":{"shape":"Records"}, + "Cells":{"shape":"Cells"} + } + }, + "Page":{ + "type":"structure", + "members":{ + "PageNumber":{"shape":"Long"}, + "LineRange":{"shape":"Range"}, + "OffsetRange":{"shape":"Range"} + } + }, + "Pages":{ + "type":"list", + "member":{"shape":"Page"} + }, "Partition":{ "type":"string", "enum":[ @@ -4244,6 +4371,18 @@ "type":"list", "member":{"shape":"Product"} }, + "Range":{ + "type":"structure", + "members":{ + "Start":{"shape":"Long"}, + "End":{"shape":"Long"}, + "StartColumn":{"shape":"Long"} + } + }, + "Ranges":{ + "type":"list", + "member":{"shape":"Range"} + }, "RatioScale":{ "type":"integer", "max":100, @@ -4256,6 +4395,13 @@ "Url":{"shape":"NonEmptyString"} } }, + "Record":{ + "type":"structure", + "members":{ + "JsonPath":{"shape":"NonEmptyString"}, + "RecordIndex":{"shape":"Long"} + } + }, "RecordState":{ "type":"string", "enum":[ @@ -4263,6 +4409,10 @@ "ARCHIVED" ] }, + "Records":{ + "type":"list", + "member":{"shape":"Record"} + }, "RelatedFinding":{ "type":"structure", "required":[ @@ -4301,6 +4451,7 @@ "Region":{"shape":"NonEmptyString"}, "ResourceRole":{"shape":"NonEmptyString"}, "Tags":{"shape":"FieldMap"}, + "DataClassification":{"shape":"DataClassificationDetails"}, "Details":{"shape":"ResourceDetails"} } }, @@ -4332,6 +4483,7 @@ "AwsElbv2LoadBalancer":{"shape":"AwsElbv2LoadBalancerDetails"}, "AwsElasticsearchDomain":{"shape":"AwsElasticsearchDomainDetails"}, "AwsS3Bucket":{"shape":"AwsS3BucketDetails"}, + "AwsS3AccountPublicAccessBlock":{"shape":"AwsS3AccountPublicAccessBlockDetails"}, "AwsS3Object":{"shape":"AwsS3ObjectDetails"}, "AwsSecretsManagerSecret":{"shape":"AwsSecretsManagerSecretDetails"}, "AwsIamAccessKey":{"shape":"AwsIamAccessKeyDetails"}, @@ -4391,6 +4543,30 @@ "type":"list", "member":{"shape":"NonEmptyString"} }, + "SensitiveDataDetections":{ + "type":"structure", + "members":{ + "Count":{"shape":"Long"}, + "Type":{"shape":"NonEmptyString"}, + "Occurrences":{"shape":"Occurrences"} + } + }, + "SensitiveDataDetectionsList":{ + "type":"list", + "member":{"shape":"SensitiveDataDetections"} + }, + "SensitiveDataResult":{ + "type":"structure", + "members":{ + "Category":{"shape":"NonEmptyString"}, + "Detections":{"shape":"SensitiveDataDetectionsList"}, + "TotalCount":{"shape":"Long"} + } + }, + "SensitiveDataResultList":{ + "type":"list", + "member":{"shape":"SensitiveDataResult"} + }, "Severity":{ "type":"structure", "members":{ diff --git a/models/apis/securityhub/2018-10-26/docs-2.json b/models/apis/securityhub/2018-10-26/docs-2.json index 5a19b681155..9f4a7202575 100644 --- a/models/apis/securityhub/2018-10-26/docs-2.json +++ b/models/apis/securityhub/2018-10-26/docs-2.json @@ -5,7 +5,7 @@ "AcceptInvitation": "Accepts the invitation to be a member account and be monitored by the Security Hub master account that the invitation was sent from.
This operation is only used by member accounts that are not added through Organizations.
When the member account accepts the invitation, permission is granted to the master account to view findings generated in the member account.
", "BatchDisableStandards": "Disables the standards specified by the provided StandardsSubscriptionArns.
For more information, see Security Standards section of the AWS Security Hub User Guide.
", "BatchEnableStandards": "Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation.
For more information, see the Security Standards section of the AWS Security Hub User Guide.
", - "BatchImportFindings": "Imports security findings generated from an integrated third-party product into Security Hub. This action is requested by the integrated product to import its findings into Security Hub.
The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.
After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.
Note
UserDefinedFields
VerificationState
Workflow
BatchImportFindings can be used to update the following finding fields and objects only if they have not been updated using BatchUpdateFindings. After they are updated using BatchUpdateFindings, these fields cannot be updated using BatchImportFindings.
Confidence
Criticality
RelatedFindings
Severity
Types
Imports security findings generated from an integrated product into Security Hub. This action is requested by the integrated product to import its findings into Security Hub.
The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.
After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.
Note
UserDefinedFields
VerificationState
Workflow
Finding providers also should not use BatchImportFindings to update the following attributes.
Confidence
Criticality
RelatedFindings
Severity
Types
Instead, finding providers use FindingProviderFields to provide values for these attributes.
Used by Security Hub customers to update information about their investigation into a finding. Requested by master accounts or member accounts. Master accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.
Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding.
Master and member accounts can use BatchUpdateFindings to update the following finding fields and objects.
Confidence
Criticality
Note
RelatedFindings
Severity
Types
UserDefinedFields
VerificationState
Workflow
You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the AWS Security Hub User Guide.
", "CreateActionTarget": "Creates a custom action target in Security Hub.
You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.
", "CreateInsight": "Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.
To group the related findings in the insight, use the GroupByAttribute.
The list of VPC security groups that the cluster belongs to, if the cluster is in a VPC.
" } }, + "AwsS3AccountPublicAccessBlockDetails": { + "base": "provides information about the Amazon S3 Public Access Block configuration for accounts.
", + "refs": { + "AwsS3BucketDetails$PublicAccessBlockConfiguration": "Provides information about the Amazon S3 Public Access Block configuration for the S3 bucket.
", + "ResourceDetails$AwsS3AccountPublicAccessBlock": "Details about the Amazon S3 Public Access Block configuration for an account.
" + } + }, "AwsS3BucketDetails": { "base": "The details of an Amazon S3 bucket.
", "refs": { @@ -1498,7 +1505,8 @@ "AwsSecurityFinding": { "base": "Provides consistent format for the contents of the Security Hub-aggregated findings. AwsSecurityFinding format enables you to share findings between AWS security services and third-party solutions, and security standards checks.
A finding is a potential security issue generated either by AWS services (Amazon GuardDuty, Amazon Inspector, and Amazon Macie) or by the integrated third-party solutions and standards checks.
A list of findings to import. To successfully import a finding, it must follow the AWS Security Finding Format. Maximum of 100 findings per request.
", "GetFindingsResponse$Findings": "The findings that matched the filters specified in the request.
" } }, @@ -1617,6 +1624,12 @@ "refs": { } }, + "BatchImportFindingsRequestFindingList": { + "base": null, + "refs": { + "BatchImportFindingsRequest$Findings": "A list of findings to import. To successfully import a finding, it must follow the AWS Security Finding Format. Maximum of 100 findings per request.
" + } + }, "BatchImportFindingsResponse": { "base": null, "refs": { @@ -1713,9 +1726,14 @@ "AwsRedshiftClusterPendingModifiedValues$EnhancedVpcRouting": "Indicates whether to create the cluster with enhanced VPC routing enabled.
", "AwsRedshiftClusterPendingModifiedValues$PubliclyAccessible": "The pending or in-progress change to whether the cluster can be connected to from the public network.
", "AwsRedshiftClusterResizeInfo$AllowCancelResize": "Indicates whether the resize operation can be canceled.
", + "AwsS3AccountPublicAccessBlockDetails$BlockPublicAcls": "Indicates whether to reject calls to update an S3 bucket if the calls include a public access control list (ACL).
", + "AwsS3AccountPublicAccessBlockDetails$BlockPublicPolicy": "Indicates whether to reject calls to update the access policy for an S3 bucket or access point if the policy allows public access.
", + "AwsS3AccountPublicAccessBlockDetails$IgnorePublicAcls": "Indicates whether Amazon S3 ignores public ACLs that are associated with an S3 bucket.
", + "AwsS3AccountPublicAccessBlockDetails$RestrictPublicBuckets": "Indicates whether to restrict access to an access point or S3 bucket that has a public policy to only AWS service principals and authorized users within the S3 bucket owner's account.
", "AwsSecretsManagerSecretDetails$RotationOccurredWithinFrequency": "Whether the rotation occurred within the specified rotation frequency.
", "AwsSecretsManagerSecretDetails$RotationEnabled": "Whether rotation is enabled.
", "AwsSecretsManagerSecretDetails$Deleted": "Whether the secret is deleted.
", + "ClassificationResult$AdditionalOccurrences": "Indicates whether there are additional occurrences of sensitive data that are not included in the finding. This occurs when the number of occurrences exceeds the maximum that can be included.
", "DescribeHubResponse$AutoEnableControls": "Whether to automatically enable new controls when they are added to standards that are enabled.
If set to true, then new controls for enabled standards are enabled automatically. If set to false, then new controls are not enabled.
Whether to automatically enable Security Hub for new accounts in the organization.
If set to true, then Security Hub is enabled for new accounts. If set to false, then new accounts are not added automatically.
Whether the maximum number of allowed member accounts are already associated with the Security Hub administrator account.
", @@ -1735,6 +1753,18 @@ "Product$Categories": "The categories assigned to the product.
" } }, + "Cell": { + "base": "An occurrence of sensitive data detected in a Microsoft Excel workbook, comma-separated value (CSV) file, or tab-separated value (TSV) file.
", + "refs": { + "Cells$member": null + } + }, + "Cells": { + "base": null, + "refs": { + "Occurrences$Cells": "Occurrences of sensitive data detected in Microsoft Excel workbooks, comma-separated value (CSV) files, or tab-separated value (TSV) files.
" + } + }, "CidrBlockAssociation": { "base": "An IPv4 CIDR block association.
", "refs": { @@ -1753,6 +1783,18 @@ "ActionRemoteIpDetails$City": "The city where the remote IP address is located.
" } }, + "ClassificationResult": { + "base": "Details about the sensitive data that was detected on the resource.
", + "refs": { + "DataClassificationDetails$Result": "The details about the sensitive data that was detected on the resource.
" + } + }, + "ClassificationStatus": { + "base": "Provides details about the current status of the sensitive data detection.
", + "refs": { + "ClassificationResult$Status": "The current status of the sensitive data detection.
" + } + }, "Compliance": { "base": "Contains finding details that are specific to control-based findings. Only returned for findings generated from controls.
", "refs": { @@ -1821,6 +1863,24 @@ "ListMembersRequest$MaxResults": "The maximum number of items to return in the response.
" } }, + "CustomDataIdentifiersDetections": { + "base": "The list of detected instances of sensitive data.
", + "refs": { + "CustomDataIdentifiersDetectionsList$member": null + } + }, + "CustomDataIdentifiersDetectionsList": { + "base": null, + "refs": { + "CustomDataIdentifiersResult$Detections": "The list of detected instances of sensitive data.
" + } + }, + "CustomDataIdentifiersResult": { + "base": "Contains an instance of sensitive data that was detected by a customer-defined identifier.
", + "refs": { + "ClassificationResult$CustomDataIdentifiers": "Provides details about sensitive data that was identified based on customer-defined configuration.
" + } + }, "Cvss": { "base": "CVSS scores from the advisory related to the vulnerability.
", "refs": { @@ -1833,6 +1893,12 @@ "Vulnerability$Cvss": "CVSS scores from the advisory related to the vulnerability.
" } }, + "DataClassificationDetails": { + "base": "Provides details about sensitive data that was detected on a resource.
", + "refs": { + "Resource$DataClassification": "Contains information about sensitive data that was detected on the resource.
" + } + }, "DateFilter": { "base": "A date filter for querying findings.
", "refs": { @@ -2097,6 +2163,18 @@ "ResourceDetails$Other": "Details about a resource that are not available in a type-specific details object. Use the Other object in the following cases.
The type-specific object does not contain all of the fields that you want to populate. In this case, first use the type-specific object to populate those fields. Use the Other object to populate the fields that are missing from the type-specific object.
The resource type does not have a corresponding object. This includes resources for which the type is Other.
In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update values for confidence, criticality, related findings, severity, and types.
In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.
The severity assigned to the finding by the finding provider.
", + "refs": { + "FindingProviderFields$Severity": "The severity of a finding.
" + } + }, "GeoLocation": { "base": "Provides the latitude and longitude coordinates of a location.
", "refs": { @@ -2490,7 +2568,19 @@ "AwsRedshiftClusterRestoreStatus$ElapsedTimeInSeconds": "The amount of time an in-progress restore has been running, or the amount of time it took a completed restore to finish.
This field is only updated when you restore to DC2 and DS2 node types.
", "AwsRedshiftClusterRestoreStatus$EstimatedTimeToCompletionInSeconds": "The estimate of the time remaining before the restore is complete. Returns 0 for a completed restore.
This field is only updated when you restore to DC2 and DS2 node types.
", "AwsRedshiftClusterRestoreStatus$ProgressInMegaBytes": "The number of megabytes that were transferred from snapshot storage.
This field is only updated when you restore to DC2 and DS2 node types.
", - "AwsRedshiftClusterRestoreStatus$SnapshotSizeInMegaBytes": "The size of the set of snapshot data that was used to restore the cluster.
This field is only updated when you restore to DC2 and DS2 node types.
" + "AwsRedshiftClusterRestoreStatus$SnapshotSizeInMegaBytes": "The size of the set of snapshot data that was used to restore the cluster.
This field is only updated when you restore to DC2 and DS2 node types.
", + "Cell$Column": "The column number of the column that contains the data. For a Microsoft Excel workbook, the column number corresponds to the alphabetical column identifiers. For example, a value of 1 for Column corresponds to the A column in the workbook.
", + "Cell$Row": "The row number of the row that contains the data.
", + "ClassificationResult$SizeClassified": "The total size in bytes of the affected data.
", + "CustomDataIdentifiersDetections$Count": "The total number of occurrences of sensitive data that were detected.
", + "CustomDataIdentifiersResult$TotalCount": "The total number of occurrences of sensitive data.
", + "Page$PageNumber": "The page number of the page that contains the sensitive data.
", + "Range$Start": "The number of lines (for a line range) or characters (for an offset range) from the beginning of the file to the end of the sensitive data.
", + "Range$End": "The number of lines (for a line range) or characters (for an offset range) from the beginning of the file to the end of the sensitive data.
", + "Range$StartColumn": "In the line where the sensitive data starts, the column within the line where the sensitive data starts.
", + "Record$RecordIndex": "The record index, starting from 0, for the record that contains the data.
", + "SensitiveDataDetections$Count": "The total number of occurrences of sensitive data that were detected.
", + "SensitiveDataResult$TotalCount": "The total number of occurrences of sensitive data.
" } }, "Malware": { @@ -3191,10 +3281,15 @@ "BatchUpdateFindingsUnprocessedFinding$ErrorCode": "The code associated with the error.
", "BatchUpdateFindingsUnprocessedFinding$ErrorMessage": "The message associated with the error.
", "CategoryList$member": null, + "Cell$ColumnName": "The name of the column that contains the data.
", + "Cell$CellReference": "For a Microsoft Excel workbook, provides the location of the cell, as an absolute cell reference, that contains the data. For example, Sheet2!C5 for cell C5 on Sheet2.
", "CidrBlockAssociation$AssociationId": "The association ID for the IPv4 CIDR block.
", "CidrBlockAssociation$CidrBlock": "The IPv4 CIDR block.
", "CidrBlockAssociation$CidrBlockState": "Information about the state of the IPv4 CIDR block.
", "City$CityName": "The name of the city.
", + "ClassificationResult$MimeType": "The type of content that the finding applies to.
", + "ClassificationStatus$Code": "The code that represents the status of the sensitive data detection.
", + "ClassificationStatus$Reason": "A longer description of the current status of the sensitive data detection.
", "ContainerDetails$Name": "The name of the container related to a finding.
", "ContainerDetails$ImageId": "The identifier of the image related to a finding.
", "ContainerDetails$ImageName": "The name of the image related to a finding.
", @@ -3208,8 +3303,11 @@ "CreateInsightRequest$Name": "The name of the custom insight to create.
", "CreateInsightRequest$GroupByAttribute": "The attribute used to group the findings for the insight. The grouping attribute identifies the type of item that the insight applies to. For example, if an insight is grouped by resource identifier, then the insight produces a list of resource identifiers.
", "CreateInsightResponse$InsightArn": "The ARN of the insight created.
", + "CustomDataIdentifiersDetections$Arn": "The ARN of the custom identifier that was used to detect the sensitive data.
", + "CustomDataIdentifiersDetections$Name": "he name of the custom identifier that detected the sensitive data.
", "Cvss$Version": "The version of CVSS for the CVSS score.
", "Cvss$BaseVector": "The base scoring vector for the CVSS score.
", + "DataClassificationDetails$DetailedResultsLocation": "The path to the folder or file that contains the sensitive data.
", "DateFilter$Start": "A start date for the date filter.
", "DateFilter$End": "An end date for the date filter.
", "DeleteActionTargetRequest$ActionTargetArn": "The ARN of the custom action target to delete.
", @@ -3230,6 +3328,7 @@ "EnableOrganizationAdminAccountRequest$AdminAccountId": "The AWS account identifier of the account to designate as the Security Hub administrator account.
", "FieldMap$key": null, "FieldMap$value": null, + "FindingProviderSeverity$Original": "The finding provider's original value for the severity.
", "GetInsightResultsRequest$InsightArn": "The ARN of the insight for which to return results.
", "ImportFindingsError$Id": "The identifier of the finding that could not be updated.
", "ImportFindingsError$ErrorCode": "The code of the error returned by the BatchImportFindings operation.
Describes the recommended steps to take to remediate an issue identified in a finding.
", "Recommendation$Url": "A URL to a page or site that contains information about how to remediate a finding.
", + "Record$JsonPath": "The path, as a JSONPath expression, to the field in the record that contains the data. If the field name is longer than 20 characters, it is truncated. If the path is longer than 250 characters, it is truncated.
", "RelatedFinding$ProductArn": "The ARN of the product that generated a related finding.
", "RelatedFinding$Id": "The product-generated identifier for a related finding.
", "RelatedRequirementsList$member": null, @@ -3320,6 +3420,8 @@ "ResourceNotFoundException$Code": null, "Result$ProcessingResult": "The reason that the account was not processed.
", "SecurityGroups$member": null, + "SensitiveDataDetections$Type": "The type of sensitive data that was detected. For example, the type might indicate that the data is an email address.
", + "SensitiveDataResult$Category": "The category of sensitive data that was detected. For example, the category can indicate that the sensitive data involved credentials, financial information, or personal information.
", "Severity$Original": "The native severity from the finding product that generated the finding.
", "SoftwarePackage$Name": "The name of the software package.
", "SoftwarePackage$Version": "The version of the software package.
", @@ -3418,7 +3520,28 @@ "AwsSecurityFindingFilters$NetworkSourcePort": "The source port of network-related information about a finding.
", "AwsSecurityFindingFilters$NetworkDestinationPort": "The destination port of network-related information about a finding.
", "AwsSecurityFindingFilters$ProcessPid": "The process ID.
", - "AwsSecurityFindingFilters$ProcessParentPid": "The parent process ID.
" + "AwsSecurityFindingFilters$ProcessParentPid": "The parent process ID.
", + "AwsSecurityFindingFilters$FindingProviderFieldsConfidence": "The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
", + "AwsSecurityFindingFilters$FindingProviderFieldsCriticality": "The finding provider value for the level of importance assigned to the resources associated with the findings.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
" + } + }, + "Occurrences": { + "base": "The detected occurrences of sensitive data.
", + "refs": { + "CustomDataIdentifiersDetections$Occurrences": "Details about the sensitive data that was detected.
", + "SensitiveDataDetections$Occurrences": "Details about the sensitive data that was detected.
" + } + }, + "Page": { + "base": "An occurrence of sensitive data in an Adobe Portable Document Format (PDF) file.
", + "refs": { + "Pages$member": null + } + }, + "Pages": { + "base": null, + "refs": { + "Occurrences$Pages": "Occurrences of sensitive data in an Adobe Portable Document Format (PDF) file.
" } }, "Partition": { @@ -3488,11 +3611,28 @@ "DescribeProductsResponse$Products": "A list of products, including details for each product.
" } }, + "Range": { + "base": "Identifies where the sensitive data begins and ends.
", + "refs": { + "Page$LineRange": "An occurrence of sensitive data detected in a non-binary text file or a Microsoft Word file. Non-binary text files include files such as HTML, XML, JSON, and TXT files.
", + "Page$OffsetRange": "An occurrence of sensitive data detected in a binary text file.
", + "Ranges$member": null + } + }, + "Ranges": { + "base": null, + "refs": { + "Occurrences$LineRanges": "Occurrences of sensitive data detected in a non-binary text file or a Microsoft Word file. Non-binary text files include files such as HTML, XML, JSON, and TXT files.
", + "Occurrences$OffsetRanges": "Occurrences of sensitive data detected in a binary text file.
" + } + }, "RatioScale": { "base": null, "refs": { "BatchUpdateFindingsRequest$Confidence": "The updated value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
", "BatchUpdateFindingsRequest$Criticality": "The updated value for the level of importance assigned to the resources associated with the findings.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
", + "FindingProviderFields$Confidence": "A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
", + "FindingProviderFields$Criticality": "The level of importance assigned to the resources associated with the finding.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
", "SeverityUpdate$Normalized": "The normalized severity for the finding. This attribute is to be deprecated in favor of Label.
If you provide Normalized and do not provide Label, Label is set automatically as follows.
0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL
A recommendation on the steps to take to remediate the issue identified by a finding.
" } }, + "Record": { + "base": "An occurrence of sensitive data in an Apache Avro object container or an Apache Parquet file.
", + "refs": { + "Records$member": null + } + }, "RecordState": { "base": null, "refs": { @@ -3509,6 +3655,12 @@ "UpdateFindingsRequest$RecordState": "The updated record state for the finding.
" } }, + "Records": { + "base": null, + "refs": { + "Occurrences$Records": "Occurrences of sensitive data in an Apache Avro object container or an Apache Parquet file.
" + } + }, "RelatedFinding": { "base": "Details about a related finding.
", "refs": { @@ -3519,7 +3671,8 @@ "base": null, "refs": { "AwsSecurityFinding$RelatedFindings": "A list of related findings.
", - "BatchUpdateFindingsRequest$RelatedFindings": "A list of findings that are related to the updated findings.
" + "BatchUpdateFindingsRequest$RelatedFindings": "A list of findings that are related to the updated findings.
", + "FindingProviderFields$RelatedFindings": "A list of findings that are related to the current finding.
" } }, "RelatedRequirementsList": { @@ -3594,6 +3747,30 @@ "AwsElbv2LoadBalancerDetails$SecurityGroups": "The IDs of the security groups for the load balancer.
" } }, + "SensitiveDataDetections": { + "base": "The list of detected instances of sensitive data.
", + "refs": { + "SensitiveDataDetectionsList$member": null + } + }, + "SensitiveDataDetectionsList": { + "base": null, + "refs": { + "SensitiveDataResult$Detections": "The list of detected instances of sensitive data.
" + } + }, + "SensitiveDataResult": { + "base": "Contains a detected instance of sensitive data that are based on built-in identifiers.
", + "refs": { + "SensitiveDataResultList$member": null + } + }, + "SensitiveDataResultList": { + "base": null, + "refs": { + "ClassificationResult$SensitiveData": "Provides details about sensitive data that was identified based on built-in configuration.
" + } + }, "Severity": { "base": "The severity of the finding.
The finding provider can provide the initial severity. The finding provider can only update the severity if it has not been updated using BatchUpdateFindings.
The finding must have either Label or Normalized populated. If only one of these attributes is populated, then Security Hub automatically populates the other one. If neither attribute is populated, then the finding is invalid. Label is the preferred attribute.
The severity label assigned to the finding by the finding provider.
", "Severity$Label": "The severity value of the finding. The allowed values are the following.
INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.
If you provide Normalized and do not provide Label, then Label is set automatically as follows.
0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL
The severity value of the finding. The allowed values are the following.
INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.
The ARN of the solution that generated a related finding.
", "AwsSecurityFindingFilters$RelatedFindingsId": "The solution-generated identifier for a related finding.
", "AwsSecurityFindingFilters$NoteText": "The text of a note.
", - "AwsSecurityFindingFilters$NoteUpdatedBy": "The principal that created a note.
" + "AwsSecurityFindingFilters$NoteUpdatedBy": "The principal that created a note.
", + "AwsSecurityFindingFilters$FindingProviderFieldsRelatedFindingsId": "The finding identifier of a related finding that is identified by the finding provider.
", + "AwsSecurityFindingFilters$FindingProviderFieldsRelatedFindingsProductArn": "The ARN of the solution that generated a related finding that is identified by the finding provider.
", + "AwsSecurityFindingFilters$FindingProviderFieldsSeverityLabel": "The finding provider value for the severity label.
", + "AwsSecurityFindingFilters$FindingProviderFieldsSeverityOriginal": "The finding provider's original value for the severity.
", + "AwsSecurityFindingFilters$FindingProviderFieldsTypes": "One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
" } }, "StringList": { @@ -3917,7 +4100,8 @@ "base": null, "refs": { "AwsSecurityFinding$Types": "One or more finding types in the format of namespace/category/classifier that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
", - "BatchUpdateFindingsRequest$Types": "One or more finding types in the format of namespace/category/classifier that classify a finding.
Valid namespace values are as follows.
Software and Configuration Checks
TTPs
Effects
Unusual Behaviors
Sensitive Data Identifications
One or more finding types in the format of namespace/category/classifier that classify a finding.
Valid namespace values are as follows.
Software and Configuration Checks
TTPs
Effects
Unusual Behaviors
Sensitive Data Identifications
One or more finding types in the format of namespace/category/classifier that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
" } }, "UntagResourceRequest": { diff --git a/service/autoscaling/api.go b/service/autoscaling/api.go index ccb607ddb17..bfc4770fc45 100644 --- a/service/autoscaling/api.go +++ b/service/autoscaling/api.go @@ -530,8 +530,9 @@ func (c *AutoScaling) CancelInstanceRefreshRequest(input *CancelInstanceRefreshI // roll back any replacements that have already been completed, but it prevents // new replacements from being started. // -// For more information, see Replacing Auto Scaling Instances Based on an Instance -// Refresh (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html). +// For more information, see Replacing Auto Scaling instances based on an instance +// refresh (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) +// in the Amazon EC2 Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2208,8 +2209,9 @@ func (c *AutoScaling) DescribeInstanceRefreshesRequest(input *DescribeInstanceRe // // * Cancelled - The operation is cancelled. // -// For more information, see Replacing Auto Scaling Instances Based on an Instance -// Refresh (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html). +// For more information, see Replacing Auto Scaling instances based on an instance +// refresh (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) +// in the Amazon EC2 Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5322,8 +5324,9 @@ func (c *AutoScaling) StartInstanceRefreshRequest(input *StartInstanceRefreshInp // already run, call the DescribeInstanceRefreshes API. To cancel an instance // refresh operation in progress, use the CancelInstanceRefresh API. // -// For more information, see Replacing Auto Scaling Instances Based on an Instance -// Refresh (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html). +// For more information, see Replacing Auto Scaling instances based on an instance +// refresh (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html) +// in the Amazon EC2 Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13284,9 +13287,26 @@ func (s RecordLifecycleActionHeartbeatOutput) GoString() string { } // Describes information used to start an instance refresh. +// +// All properties are optional. However, if you specify a value for CheckpointDelay, +// you must also provide a value for CheckpointPercentages. type RefreshPreferences struct { _ struct{} `type:"structure"` + // The amount of time, in seconds, to wait after a checkpoint before continuing. + // This property is optional, but if you specify a value for it, you must also + // specify a value for CheckpointPercentages. If you specify a value for CheckpointPercentages + // and not for CheckpointDelay, the CheckpointDelay defaults to 3600 (1 hour). + CheckpointDelay *int64 `type:"integer"` + + // Threshold values for each checkpoint in ascending order. Each number must + // be unique. To replace all instances in the Auto Scaling group, the last number + // in the array must be 100. + // + // For usage examples, see Adding checkpoints to an instance refresh (https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-adding-checkpoints-instance-refresh.html) + // in the Amazon EC2 Auto Scaling User Guide. + CheckpointPercentages []*int64 `type:"list"` + // The number of seconds until a newly launched instance is configured and ready // to use. During this time, Amazon EC2 Auto Scaling does not immediately move // on to the next replacement. The default is to use the value for the health @@ -13310,6 +13330,18 @@ func (s RefreshPreferences) GoString() string { return s.String() } +// SetCheckpointDelay sets the CheckpointDelay field's value. +func (s *RefreshPreferences) SetCheckpointDelay(v int64) *RefreshPreferences { + s.CheckpointDelay = &v + return s +} + +// SetCheckpointPercentages sets the CheckpointPercentages field's value. +func (s *RefreshPreferences) SetCheckpointPercentages(v []*int64) *RefreshPreferences { + s.CheckpointPercentages = v + return s +} + // SetInstanceWarmup sets the InstanceWarmup field's value. func (s *RefreshPreferences) SetInstanceWarmup(v int64) *RefreshPreferences { s.InstanceWarmup = &v diff --git a/service/redshift/api.go b/service/redshift/api.go index 3022b3f6445..7e3362b999c 100644 --- a/service/redshift/api.go +++ b/service/redshift/api.go @@ -11181,6 +11181,9 @@ type Cluster struct { // The list of tags for the cluster. Tags []*Tag `locationNameList:"Tag" type:"list"` + // The total storage capacity of the cluster in megabytes. + TotalStorageCapacityInMegaBytes *int64 `type:"long"` + // The identifier of the VPC the cluster is in, if the cluster is in a VPC. VpcId *string `type:"string"` @@ -11476,6 +11479,12 @@ func (s *Cluster) SetTags(v []*Tag) *Cluster { return s } +// SetTotalStorageCapacityInMegaBytes sets the TotalStorageCapacityInMegaBytes field's value. +func (s *Cluster) SetTotalStorageCapacityInMegaBytes(v int64) *Cluster { + s.TotalStorageCapacityInMegaBytes = &v + return s +} + // SetVpcId sets the VpcId field's value. func (s *Cluster) SetVpcId(v string) *Cluster { s.VpcId = &v @@ -12260,6 +12269,9 @@ type CreateClusterInput struct { // 0, automated snapshots are disabled. Even if automated snapshots are disabled, // you can still create manual snapshots when you want with CreateClusterSnapshot. // + // You can't disable automated snapshots for RA3 node types. Set the automated + // retention period from 1-35 days. + // // Default: 1 // // Constraints: Must be a value from 0 to 35. @@ -20215,6 +20227,9 @@ type ModifyClusterInput struct { // value, existing automated snapshots that fall outside of the new retention // period will be immediately deleted. // + // You can't disable automated snapshots for RA3 node types. Set the automated + // retention period from 1-35 days. + // // Default: Uses existing setting. // // Constraints: Must be a value from 0 to 35. @@ -21800,6 +21815,57 @@ func (s *ModifyUsageLimitOutput) SetUsageLimitId(v string) *ModifyUsageLimitOutp return s } +// Describes a network interface. +type NetworkInterface struct { + _ struct{} `type:"structure"` + + // The Availability Zone. + AvailabilityZone *string `type:"string"` + + // The network interface identifier. + NetworkInterfaceId *string `type:"string"` + + // The IPv4 address of the network interface within the subnet. + PrivateIpAddress *string `type:"string"` + + // The subnet identifier. + SubnetId *string `type:"string"` +} + +// String returns the string representation +func (s NetworkInterface) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s NetworkInterface) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *NetworkInterface) SetAvailabilityZone(v string) *NetworkInterface { + s.AvailabilityZone = &v + return s +} + +// SetNetworkInterfaceId sets the NetworkInterfaceId field's value. +func (s *NetworkInterface) SetNetworkInterfaceId(v string) *NetworkInterface { + s.NetworkInterfaceId = &v + return s +} + +// SetPrivateIpAddress sets the PrivateIpAddress field's value. +func (s *NetworkInterface) SetPrivateIpAddress(v string) *NetworkInterface { + s.PrivateIpAddress = &v + return s +} + +// SetSubnetId sets the SubnetId field's value. +func (s *NetworkInterface) SetSubnetId(v string) *NetworkInterface { + s.SubnetId = &v + return s +} + // A list of node configurations. type NodeConfigurationOption struct { _ struct{} `type:"structure"` @@ -21981,7 +22047,8 @@ type Parameter struct { // The name of the parameter. ParameterName *string `type:"string"` - // The value of the parameter. + // The value of the parameter. If ParameterName is wlm_json_configuration, then + // the maximum size of ParameterValue is 8000 characters. ParameterValue *string `type:"string"` // The source of the parameter value, such as "engine-default" or "user". @@ -22991,6 +23058,9 @@ type RestoreFromClusterSnapshotInput struct { // 0, automated snapshots are disabled. Even if automated snapshots are disabled, // you can still create manual snapshots when you want with CreateClusterSnapshot. // + // You can't disable automated snapshots for RA3 node types. Set the automated + // retention period from 1-35 days. + // // Default: The value selected for the cluster from which the snapshot was taken. // // Constraints: Must be a value from 0 to 35. @@ -25304,9 +25374,16 @@ func (s *UsageLimit) SetUsageLimitId(v string) *UsageLimit { type VpcEndpoint struct { _ struct{} `type:"structure"` + // One or more network interfaces of the endpoint. Also known as an interface + // endpoint. + NetworkInterfaces []*NetworkInterface `locationNameList:"NetworkInterface" type:"list"` + // The connection endpoint ID for connecting an Amazon Redshift cluster through // the proxy. VpcEndpointId *string `type:"string"` + + // The VPC identifier that the endpoint is associated. + VpcId *string `type:"string"` } // String returns the string representation @@ -25319,12 +25396,24 @@ func (s VpcEndpoint) GoString() string { return s.String() } +// SetNetworkInterfaces sets the NetworkInterfaces field's value. +func (s *VpcEndpoint) SetNetworkInterfaces(v []*NetworkInterface) *VpcEndpoint { + s.NetworkInterfaces = v + return s +} + // SetVpcEndpointId sets the VpcEndpointId field's value. func (s *VpcEndpoint) SetVpcEndpointId(v string) *VpcEndpoint { s.VpcEndpointId = &v return s } +// SetVpcId sets the VpcId field's value. +func (s *VpcEndpoint) SetVpcId(v string) *VpcEndpoint { + s.VpcId = &v + return s +} + // Describes the members of a VPC security group. type VpcSecurityGroupMembership struct { _ struct{} `type:"structure"` diff --git a/service/securityhub/api.go b/service/securityhub/api.go index a3b39eb2c01..341958d3cc1 100644 --- a/service/securityhub/api.go +++ b/service/securityhub/api.go @@ -354,9 +354,9 @@ func (c *SecurityHub) BatchImportFindingsRequest(input *BatchImportFindingsInput // BatchImportFindings API operation for AWS SecurityHub. // -// Imports security findings generated from an integrated third-party product -// into Security Hub. This action is requested by the integrated product to -// import its findings into Security Hub. +// Imports security findings generated from an integrated product into Security +// Hub. This action is requested by the integrated product to import its findings +// into Security Hub. // // The maximum allowed size for a finding is 240 Kb. An error is returned for // any finding larger than 240 Kb. @@ -373,10 +373,8 @@ func (c *SecurityHub) BatchImportFindingsRequest(input *BatchImportFindingsInput // // * Workflow // -// BatchImportFindings can be used to update the following finding fields and -// objects only if they have not been updated using BatchUpdateFindings. After -// they are updated using BatchUpdateFindings, these fields cannot be updated -// using BatchImportFindings. +// Finding providers also should not use BatchImportFindings to update the following +// attributes. // // * Confidence // @@ -388,6 +386,9 @@ func (c *SecurityHub) BatchImportFindingsRequest(input *BatchImportFindingsInput // // * Types // +// Instead, finding providers use FindingProviderFields to provide values for +// these attributes. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -16437,6 +16438,63 @@ func (s *AwsRedshiftClusterVpcSecurityGroup) SetVpcSecurityGroupId(v string) *Aw return s } +// provides information about the Amazon S3 Public Access Block configuration +// for accounts. +type AwsS3AccountPublicAccessBlockDetails struct { + _ struct{} `type:"structure"` + + // Indicates whether to reject calls to update an S3 bucket if the calls include + // a public access control list (ACL). + BlockPublicAcls *bool `type:"boolean"` + + // Indicates whether to reject calls to update the access policy for an S3 bucket + // or access point if the policy allows public access. + BlockPublicPolicy *bool `type:"boolean"` + + // Indicates whether Amazon S3 ignores public ACLs that are associated with + // an S3 bucket. + IgnorePublicAcls *bool `type:"boolean"` + + // Indicates whether to restrict access to an access point or S3 bucket that + // has a public policy to only AWS service principals and authorized users within + // the S3 bucket owner's account. + RestrictPublicBuckets *bool `type:"boolean"` +} + +// String returns the string representation +func (s AwsS3AccountPublicAccessBlockDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AwsS3AccountPublicAccessBlockDetails) GoString() string { + return s.String() +} + +// SetBlockPublicAcls sets the BlockPublicAcls field's value. +func (s *AwsS3AccountPublicAccessBlockDetails) SetBlockPublicAcls(v bool) *AwsS3AccountPublicAccessBlockDetails { + s.BlockPublicAcls = &v + return s +} + +// SetBlockPublicPolicy sets the BlockPublicPolicy field's value. +func (s *AwsS3AccountPublicAccessBlockDetails) SetBlockPublicPolicy(v bool) *AwsS3AccountPublicAccessBlockDetails { + s.BlockPublicPolicy = &v + return s +} + +// SetIgnorePublicAcls sets the IgnorePublicAcls field's value. +func (s *AwsS3AccountPublicAccessBlockDetails) SetIgnorePublicAcls(v bool) *AwsS3AccountPublicAccessBlockDetails { + s.IgnorePublicAcls = &v + return s +} + +// SetRestrictPublicBuckets sets the RestrictPublicBuckets field's value. +func (s *AwsS3AccountPublicAccessBlockDetails) SetRestrictPublicBuckets(v bool) *AwsS3AccountPublicAccessBlockDetails { + s.RestrictPublicBuckets = &v + return s +} + // The details of an Amazon S3 bucket. type AwsS3BucketDetails struct { _ struct{} `type:"structure"` @@ -16454,6 +16512,10 @@ type AwsS3BucketDetails struct { // The display name of the owner of the S3 bucket. OwnerName *string `type:"string"` + // Provides information about the Amazon S3 Public Access Block configuration + // for the S3 bucket. + PublicAccessBlockConfiguration *AwsS3AccountPublicAccessBlockDetails `type:"structure"` + // The encryption rules that are applied to the S3 bucket. ServerSideEncryptionConfiguration *AwsS3BucketServerSideEncryptionConfiguration `type:"structure"` } @@ -16486,6 +16548,12 @@ func (s *AwsS3BucketDetails) SetOwnerName(v string) *AwsS3BucketDetails { return s } +// SetPublicAccessBlockConfiguration sets the PublicAccessBlockConfiguration field's value. +func (s *AwsS3BucketDetails) SetPublicAccessBlockConfiguration(v *AwsS3AccountPublicAccessBlockDetails) *AwsS3BucketDetails { + s.PublicAccessBlockConfiguration = v + return s +} + // SetServerSideEncryptionConfiguration sets the ServerSideEncryptionConfiguration field's value. func (s *AwsS3BucketDetails) SetServerSideEncryptionConfiguration(v *AwsS3BucketServerSideEncryptionConfiguration) *AwsS3BucketDetails { s.ServerSideEncryptionConfiguration = v @@ -16817,6 +16885,11 @@ type AwsSecurityFinding struct { // Description is a required field Description *string `type:"string" required:"true"` + // In a BatchImportFindings request, finding providers use FindingProviderFields + // to provide and update their own values for confidence, criticality, related + // findings, severity, and types. + FindingProviderFields *FindingProviderFields `type:"structure"` + // Indicates when the security-findings provider first observed the potential // security issue that a finding captured. // @@ -16897,9 +16970,7 @@ type AwsSecurityFinding struct { SchemaVersion *string `type:"string" required:"true"` // A finding's severity. - // - // Severity is a required field - Severity *Severity `type:"structure" required:"true"` + Severity *Severity `type:"structure"` // A URL that links to a page about the current finding in the security-findings // provider's solution. @@ -16920,9 +16991,7 @@ type AwsSecurityFinding struct { // // Valid namespace values are: Software and Configuration Checks | TTPs | Effects // | Unusual Behaviors | Sensitive Data Identifications - // - // Types is a required field - Types []*string `type:"list" required:"true"` + Types []*string `type:"list"` // Indicates when the security-findings provider last updated the finding record. // @@ -16987,15 +17056,9 @@ func (s *AwsSecurityFinding) Validate() error { if s.SchemaVersion == nil { invalidParams.Add(request.NewErrParamRequired("SchemaVersion")) } - if s.Severity == nil { - invalidParams.Add(request.NewErrParamRequired("Severity")) - } if s.Title == nil { invalidParams.Add(request.NewErrParamRequired("Title")) } - if s.Types == nil { - invalidParams.Add(request.NewErrParamRequired("Types")) - } if s.UpdatedAt == nil { invalidParams.Add(request.NewErrParamRequired("UpdatedAt")) } @@ -17004,6 +17067,11 @@ func (s *AwsSecurityFinding) Validate() error { invalidParams.AddNested("Compliance", err.(request.ErrInvalidParams)) } } + if s.FindingProviderFields != nil { + if err := s.FindingProviderFields.Validate(); err != nil { + invalidParams.AddNested("FindingProviderFields", err.(request.ErrInvalidParams)) + } + } if s.Malware != nil { for i, v := range s.Malware { if v == nil { @@ -17103,6 +17171,12 @@ func (s *AwsSecurityFinding) SetDescription(v string) *AwsSecurityFinding { return s } +// SetFindingProviderFields sets the FindingProviderFields field's value. +func (s *AwsSecurityFinding) SetFindingProviderFields(v *FindingProviderFields) *AwsSecurityFinding { + s.FindingProviderFields = v + return s +} + // SetFirstObservedAt sets the FirstObservedAt field's value. func (s *AwsSecurityFinding) SetFirstObservedAt(v string) *AwsSecurityFinding { s.FirstObservedAt = &v @@ -17312,6 +17386,42 @@ type AwsSecurityFindingFilters struct { // A finding's description. Description []*StringFilter `type:"list"` + // The finding provider value for the finding confidence. Confidence is defined + // as the likelihood that a finding accurately identifies the behavior or issue + // that it was intended to identify. + // + // Confidence is scored on a 0-100 basis using a ratio scale, where 0 means + // zero percent confidence and 100 means 100 percent confidence. + FindingProviderFieldsConfidence []*NumberFilter `type:"list"` + + // The finding provider value for the level of importance assigned to the resources + // associated with the findings. + // + // A score of 0 means that the underlying resources have no criticality, and + // a score of 100 is reserved for the most critical resources. + FindingProviderFieldsCriticality []*NumberFilter `type:"list"` + + // The finding identifier of a related finding that is identified by the finding + // provider. + FindingProviderFieldsRelatedFindingsId []*StringFilter `type:"list"` + + // The ARN of the solution that generated a related finding that is identified + // by the finding provider. + FindingProviderFieldsRelatedFindingsProductArn []*StringFilter `type:"list"` + + // The finding provider value for the severity label. + FindingProviderFieldsSeverityLabel []*StringFilter `type:"list"` + + // The finding provider's original value for the severity. + FindingProviderFieldsSeverityOriginal []*StringFilter `type:"list"` + + // One or more finding types that the finding provider assigned to the finding. + // Uses the format of namespace/category/classifier that classify a finding. + // + // Valid namespace values are: Software and Configuration Checks | TTPs | Effects + // | Unusual Behaviors | Sensitive Data Identifications + FindingProviderFieldsTypes []*StringFilter `type:"list"` + // An ISO8601-formatted timestamp that indicates when the security-findings // provider first observed the potential security issue that a finding captured. FirstObservedAt []*DateFilter `type:"list"` @@ -17507,11 +17617,15 @@ type AwsSecurityFindingFilters struct { SeverityLabel []*StringFilter `type:"list"` // The normalized severity of a finding. - SeverityNormalized []*NumberFilter `type:"list"` + // + // Deprecated: This filter is deprecated, use SeverityLabel or FindingProviderFieldsSeverityLabel instead. + SeverityNormalized []*NumberFilter `deprecated:"true" type:"list"` // The native severity as defined by the security-findings provider's solution // that generated the finding. - SeverityProduct []*NumberFilter `type:"list"` + // + // Deprecated: This filter is deprecated, use FindingProviiltersSeverityOriginal instead. + SeverityProduct []*NumberFilter `deprecated:"true" type:"list"` // A URL that links to a page about the current finding in the security-findings // provider's solution. @@ -17631,6 +17745,48 @@ func (s *AwsSecurityFindingFilters) SetDescription(v []*StringFilter) *AwsSecuri return s } +// SetFindingProviderFieldsConfidence sets the FindingProviderFieldsConfidence field's value. +func (s *AwsSecurityFindingFilters) SetFindingProviderFieldsConfidence(v []*NumberFilter) *AwsSecurityFindingFilters { + s.FindingProviderFieldsConfidence = v + return s +} + +// SetFindingProviderFieldsCriticality sets the FindingProviderFieldsCriticality field's value. +func (s *AwsSecurityFindingFilters) SetFindingProviderFieldsCriticality(v []*NumberFilter) *AwsSecurityFindingFilters { + s.FindingProviderFieldsCriticality = v + return s +} + +// SetFindingProviderFieldsRelatedFindingsId sets the FindingProviderFieldsRelatedFindingsId field's value. +func (s *AwsSecurityFindingFilters) SetFindingProviderFieldsRelatedFindingsId(v []*StringFilter) *AwsSecurityFindingFilters { + s.FindingProviderFieldsRelatedFindingsId = v + return s +} + +// SetFindingProviderFieldsRelatedFindingsProductArn sets the FindingProviderFieldsRelatedFindingsProductArn field's value. +func (s *AwsSecurityFindingFilters) SetFindingProviderFieldsRelatedFindingsProductArn(v []*StringFilter) *AwsSecurityFindingFilters { + s.FindingProviderFieldsRelatedFindingsProductArn = v + return s +} + +// SetFindingProviderFieldsSeverityLabel sets the FindingProviderFieldsSeverityLabel field's value. +func (s *AwsSecurityFindingFilters) SetFindingProviderFieldsSeverityLabel(v []*StringFilter) *AwsSecurityFindingFilters { + s.FindingProviderFieldsSeverityLabel = v + return s +} + +// SetFindingProviderFieldsSeverityOriginal sets the FindingProviderFieldsSeverityOriginal field's value. +func (s *AwsSecurityFindingFilters) SetFindingProviderFieldsSeverityOriginal(v []*StringFilter) *AwsSecurityFindingFilters { + s.FindingProviderFieldsSeverityOriginal = v + return s +} + +// SetFindingProviderFieldsTypes sets the FindingProviderFieldsTypes field's value. +func (s *AwsSecurityFindingFilters) SetFindingProviderFieldsTypes(v []*StringFilter) *AwsSecurityFindingFilters { + s.FindingProviderFieldsTypes = v + return s +} + // SetFirstObservedAt sets the FirstObservedAt field's value. func (s *AwsSecurityFindingFilters) SetFirstObservedAt(v []*DateFilter) *AwsSecurityFindingFilters { s.FirstObservedAt = v @@ -18821,7 +18977,7 @@ type BatchImportFindingsInput struct { // Maximum of 100 findings per request. // // Findings is a required field - Findings []*AwsSecurityFinding `type:"list" required:"true"` + Findings []*AwsSecurityFinding `min:"1" type:"list" required:"true"` } // String returns the string representation @@ -18840,6 +18996,9 @@ func (s *BatchImportFindingsInput) Validate() error { if s.Findings == nil { invalidParams.Add(request.NewErrParamRequired("Findings")) } + if s.Findings != nil && len(s.Findings) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Findings", 1)) + } if s.Findings != nil { for i, v := range s.Findings { if v == nil { @@ -19179,6 +19338,62 @@ func (s *BatchUpdateFindingsUnprocessedFinding) SetFindingIdentifier(v *AwsSecur return s } +// An occurrence of sensitive data detected in a Microsoft Excel workbook, comma-separated +// value (CSV) file, or tab-separated value (TSV) file. +type Cell struct { + _ struct{} `type:"structure"` + + // For a Microsoft Excel workbook, provides the location of the cell, as an + // absolute cell reference, that contains the data. For example, Sheet2!C5 for + // cell C5 on Sheet2. + CellReference *string `type:"string"` + + // The column number of the column that contains the data. For a Microsoft Excel + // workbook, the column number corresponds to the alphabetical column identifiers. + // For example, a value of 1 for Column corresponds to the A column in the workbook. + Column *int64 `type:"long"` + + // The name of the column that contains the data. + ColumnName *string `type:"string"` + + // The row number of the row that contains the data. + Row *int64 `type:"long"` +} + +// String returns the string representation +func (s Cell) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Cell) GoString() string { + return s.String() +} + +// SetCellReference sets the CellReference field's value. +func (s *Cell) SetCellReference(v string) *Cell { + s.CellReference = &v + return s +} + +// SetColumn sets the Column field's value. +func (s *Cell) SetColumn(v int64) *Cell { + s.Column = &v + return s +} + +// SetColumnName sets the ColumnName field's value. +func (s *Cell) SetColumnName(v string) *Cell { + s.ColumnName = &v + return s +} + +// SetRow sets the Row field's value. +func (s *Cell) SetRow(v int64) *Cell { + s.Row = &v + return s +} + // An IPv4 CIDR block association. type CidrBlockAssociation struct { _ struct{} `type:"structure"` @@ -19245,6 +19460,112 @@ func (s *City) SetCityName(v string) *City { return s } +// Details about the sensitive data that was detected on the resource. +type ClassificationResult struct { + _ struct{} `type:"structure"` + + // Indicates whether there are additional occurrences of sensitive data that + // are not included in the finding. This occurs when the number of occurrences + // exceeds the maximum that can be included. + AdditionalOccurrences *bool `type:"boolean"` + + // Provides details about sensitive data that was identified based on customer-defined + // configuration. + CustomDataIdentifiers *CustomDataIdentifiersResult `type:"structure"` + + // The type of content that the finding applies to. + MimeType *string `type:"string"` + + // Provides details about sensitive data that was identified based on built-in + // configuration. + SensitiveData []*SensitiveDataResult `type:"list"` + + // The total size in bytes of the affected data. + SizeClassified *int64 `type:"long"` + + // The current status of the sensitive data detection. + Status *ClassificationStatus `type:"structure"` +} + +// String returns the string representation +func (s ClassificationResult) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ClassificationResult) GoString() string { + return s.String() +} + +// SetAdditionalOccurrences sets the AdditionalOccurrences field's value. +func (s *ClassificationResult) SetAdditionalOccurrences(v bool) *ClassificationResult { + s.AdditionalOccurrences = &v + return s +} + +// SetCustomDataIdentifiers sets the CustomDataIdentifiers field's value. +func (s *ClassificationResult) SetCustomDataIdentifiers(v *CustomDataIdentifiersResult) *ClassificationResult { + s.CustomDataIdentifiers = v + return s +} + +// SetMimeType sets the MimeType field's value. +func (s *ClassificationResult) SetMimeType(v string) *ClassificationResult { + s.MimeType = &v + return s +} + +// SetSensitiveData sets the SensitiveData field's value. +func (s *ClassificationResult) SetSensitiveData(v []*SensitiveDataResult) *ClassificationResult { + s.SensitiveData = v + return s +} + +// SetSizeClassified sets the SizeClassified field's value. +func (s *ClassificationResult) SetSizeClassified(v int64) *ClassificationResult { + s.SizeClassified = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *ClassificationResult) SetStatus(v *ClassificationStatus) *ClassificationResult { + s.Status = v + return s +} + +// Provides details about the current status of the sensitive data detection. +type ClassificationStatus struct { + _ struct{} `type:"structure"` + + // The code that represents the status of the sensitive data detection. + Code *string `type:"string"` + + // A longer description of the current status of the sensitive data detection. + Reason *string `type:"string"` +} + +// String returns the string representation +func (s ClassificationStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ClassificationStatus) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *ClassificationStatus) SetCode(v string) *ClassificationStatus { + s.Code = &v + return s +} + +// SetReason sets the Reason field's value. +func (s *ClassificationStatus) SetReason(v string) *ClassificationStatus { + s.Reason = &v + return s +} + // Contains finding details that are specific to control-based findings. Only // returned for findings generated from controls. type Compliance struct { @@ -19671,6 +19992,91 @@ func (s *CreateMembersOutput) SetUnprocessedAccounts(v []*Result) *CreateMembers return s } +// The list of detected instances of sensitive data. +type CustomDataIdentifiersDetections struct { + _ struct{} `type:"structure"` + + // The ARN of the custom identifier that was used to detect the sensitive data. + Arn *string `type:"string"` + + // The total number of occurrences of sensitive data that were detected. + Count *int64 `type:"long"` + + // he name of the custom identifier that detected the sensitive data. + Name *string `type:"string"` + + // Details about the sensitive data that was detected. + Occurrences *Occurrences `type:"structure"` +} + +// String returns the string representation +func (s CustomDataIdentifiersDetections) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CustomDataIdentifiersDetections) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *CustomDataIdentifiersDetections) SetArn(v string) *CustomDataIdentifiersDetections { + s.Arn = &v + return s +} + +// SetCount sets the Count field's value. +func (s *CustomDataIdentifiersDetections) SetCount(v int64) *CustomDataIdentifiersDetections { + s.Count = &v + return s +} + +// SetName sets the Name field's value. +func (s *CustomDataIdentifiersDetections) SetName(v string) *CustomDataIdentifiersDetections { + s.Name = &v + return s +} + +// SetOccurrences sets the Occurrences field's value. +func (s *CustomDataIdentifiersDetections) SetOccurrences(v *Occurrences) *CustomDataIdentifiersDetections { + s.Occurrences = v + return s +} + +// Contains an instance of sensitive data that was detected by a customer-defined +// identifier. +type CustomDataIdentifiersResult struct { + _ struct{} `type:"structure"` + + // The list of detected instances of sensitive data. + Detections []*CustomDataIdentifiersDetections `type:"list"` + + // The total number of occurrences of sensitive data. + TotalCount *int64 `type:"long"` +} + +// String returns the string representation +func (s CustomDataIdentifiersResult) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CustomDataIdentifiersResult) GoString() string { + return s.String() +} + +// SetDetections sets the Detections field's value. +func (s *CustomDataIdentifiersResult) SetDetections(v []*CustomDataIdentifiersDetections) *CustomDataIdentifiersResult { + s.Detections = v + return s +} + +// SetTotalCount sets the TotalCount field's value. +func (s *CustomDataIdentifiersResult) SetTotalCount(v int64) *CustomDataIdentifiersResult { + s.TotalCount = &v + return s +} + // CVSS scores from the advisory related to the vulnerability. type Cvss struct { _ struct{} `type:"structure"` @@ -19713,6 +20119,39 @@ func (s *Cvss) SetVersion(v string) *Cvss { return s } +// Provides details about sensitive data that was detected on a resource. +type DataClassificationDetails struct { + _ struct{} `type:"structure"` + + // The path to the folder or file that contains the sensitive data. + DetailedResultsLocation *string `type:"string"` + + // The details about the sensitive data that was detected on the resource. + Result *ClassificationResult `type:"structure"` +} + +// String returns the string representation +func (s DataClassificationDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DataClassificationDetails) GoString() string { + return s.String() +} + +// SetDetailedResultsLocation sets the DetailedResultsLocation field's value. +func (s *DataClassificationDetails) SetDetailedResultsLocation(v string) *DataClassificationDetails { + s.DetailedResultsLocation = &v + return s +} + +// SetResult sets the Result field's value. +func (s *DataClassificationDetails) SetResult(v *ClassificationResult) *DataClassificationDetails { + s.Result = v + return s +} + // A date filter for querying findings. type DateFilter struct { _ struct{} `type:"structure"` @@ -21025,6 +21464,132 @@ func (s EnableSecurityHubOutput) GoString() string { return s.String() } +// In a BatchImportFindings request, finding providers use FindingProviderFields +// to provide and update values for confidence, criticality, related findings, +// severity, and types. +type FindingProviderFields struct { + _ struct{} `type:"structure"` + + // A finding's confidence. Confidence is defined as the likelihood that a finding + // accurately identifies the behavior or issue that it was intended to identify. + // + // Confidence is scored on a 0-100 basis using a ratio scale, where 0 means + // zero percent confidence and 100 means 100 percent confidence. + Confidence *int64 `type:"integer"` + + // The level of importance assigned to the resources associated with the finding. + // + // A score of 0 means that the underlying resources have no criticality, and + // a score of 100 is reserved for the most critical resources. + Criticality *int64 `type:"integer"` + + // A list of findings that are related to the current finding. + RelatedFindings []*RelatedFinding `type:"list"` + + // The severity of a finding. + Severity *FindingProviderSeverity `type:"structure"` + + // One or more finding types in the format of namespace/category/classifier + // that classify a finding. + // + // Valid namespace values are: Software and Configuration Checks | TTPs | Effects + // | Unusual Behaviors | Sensitive Data Identifications + Types []*string `type:"list"` +} + +// String returns the string representation +func (s FindingProviderFields) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s FindingProviderFields) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *FindingProviderFields) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "FindingProviderFields"} + if s.RelatedFindings != nil { + for i, v := range s.RelatedFindings { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "RelatedFindings", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetConfidence sets the Confidence field's value. +func (s *FindingProviderFields) SetConfidence(v int64) *FindingProviderFields { + s.Confidence = &v + return s +} + +// SetCriticality sets the Criticality field's value. +func (s *FindingProviderFields) SetCriticality(v int64) *FindingProviderFields { + s.Criticality = &v + return s +} + +// SetRelatedFindings sets the RelatedFindings field's value. +func (s *FindingProviderFields) SetRelatedFindings(v []*RelatedFinding) *FindingProviderFields { + s.RelatedFindings = v + return s +} + +// SetSeverity sets the Severity field's value. +func (s *FindingProviderFields) SetSeverity(v *FindingProviderSeverity) *FindingProviderFields { + s.Severity = v + return s +} + +// SetTypes sets the Types field's value. +func (s *FindingProviderFields) SetTypes(v []*string) *FindingProviderFields { + s.Types = v + return s +} + +// The severity assigned to the finding by the finding provider. +type FindingProviderSeverity struct { + _ struct{} `type:"structure"` + + // The severity label assigned to the finding by the finding provider. + Label *string `type:"string" enum:"SeverityLabel"` + + // The finding provider's original value for the severity. + Original *string `type:"string"` +} + +// String returns the string representation +func (s FindingProviderSeverity) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s FindingProviderSeverity) GoString() string { + return s.String() +} + +// SetLabel sets the Label field's value. +func (s *FindingProviderSeverity) SetLabel(v string) *FindingProviderSeverity { + s.Label = &v + return s +} + +// SetOriginal sets the Original field's value. +func (s *FindingProviderSeverity) SetOriginal(v string) *FindingProviderSeverity { + s.Original = &v + return s +} + // Provides the latitude and longitude coordinates of a location. type GeoLocation struct { _ struct{} `type:"structure"` @@ -23418,6 +23983,116 @@ func (s *NumberFilter) SetLte(v float64) *NumberFilter { return s } +// The detected occurrences of sensitive data. +type Occurrences struct { + _ struct{} `type:"structure"` + + // Occurrences of sensitive data detected in Microsoft Excel workbooks, comma-separated + // value (CSV) files, or tab-separated value (TSV) files. + Cells []*Cell `type:"list"` + + // Occurrences of sensitive data detected in a non-binary text file or a Microsoft + // Word file. Non-binary text files include files such as HTML, XML, JSON, and + // TXT files. + LineRanges []*Range `type:"list"` + + // Occurrences of sensitive data detected in a binary text file. + OffsetRanges []*Range `type:"list"` + + // Occurrences of sensitive data in an Adobe Portable Document Format (PDF) + // file. + Pages []*Page `type:"list"` + + // Occurrences of sensitive data in an Apache Avro object container or an Apache + // Parquet file. + Records []*Record `type:"list"` +} + +// String returns the string representation +func (s Occurrences) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Occurrences) GoString() string { + return s.String() +} + +// SetCells sets the Cells field's value. +func (s *Occurrences) SetCells(v []*Cell) *Occurrences { + s.Cells = v + return s +} + +// SetLineRanges sets the LineRanges field's value. +func (s *Occurrences) SetLineRanges(v []*Range) *Occurrences { + s.LineRanges = v + return s +} + +// SetOffsetRanges sets the OffsetRanges field's value. +func (s *Occurrences) SetOffsetRanges(v []*Range) *Occurrences { + s.OffsetRanges = v + return s +} + +// SetPages sets the Pages field's value. +func (s *Occurrences) SetPages(v []*Page) *Occurrences { + s.Pages = v + return s +} + +// SetRecords sets the Records field's value. +func (s *Occurrences) SetRecords(v []*Record) *Occurrences { + s.Records = v + return s +} + +// An occurrence of sensitive data in an Adobe Portable Document Format (PDF) +// file. +type Page struct { + _ struct{} `type:"structure"` + + // An occurrence of sensitive data detected in a non-binary text file or a Microsoft + // Word file. Non-binary text files include files such as HTML, XML, JSON, and + // TXT files. + LineRange *Range `type:"structure"` + + // An occurrence of sensitive data detected in a binary text file. + OffsetRange *Range `type:"structure"` + + // The page number of the page that contains the sensitive data. + PageNumber *int64 `type:"long"` +} + +// String returns the string representation +func (s Page) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Page) GoString() string { + return s.String() +} + +// SetLineRange sets the LineRange field's value. +func (s *Page) SetLineRange(v *Range) *Page { + s.LineRange = v + return s +} + +// SetOffsetRange sets the OffsetRange field's value. +func (s *Page) SetOffsetRange(v *Range) *Page { + s.OffsetRange = v + return s +} + +// SetPageNumber sets the PageNumber field's value. +func (s *Page) SetPageNumber(v int64) *Page { + s.PageNumber = &v + return s +} + // Provides an overview of the patch compliance status for an instance against // a selected compliance standard. type PatchSummary struct { @@ -23854,6 +24529,51 @@ func (s *Product) SetProductSubscriptionResourcePolicy(v string) *Product { return s } +// Identifies where the sensitive data begins and ends. +type Range struct { + _ struct{} `type:"structure"` + + // The number of lines (for a line range) or characters (for an offset range) + // from the beginning of the file to the end of the sensitive data. + End *int64 `type:"long"` + + // The number of lines (for a line range) or characters (for an offset range) + // from the beginning of the file to the end of the sensitive data. + Start *int64 `type:"long"` + + // In the line where the sensitive data starts, the column within the line where + // the sensitive data starts. + StartColumn *int64 `type:"long"` +} + +// String returns the string representation +func (s Range) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Range) GoString() string { + return s.String() +} + +// SetEnd sets the End field's value. +func (s *Range) SetEnd(v int64) *Range { + s.End = &v + return s +} + +// SetStart sets the Start field's value. +func (s *Range) SetStart(v int64) *Range { + s.Start = &v + return s +} + +// SetStartColumn sets the StartColumn field's value. +func (s *Range) SetStartColumn(v int64) *Range { + s.StartColumn = &v + return s +} + // A recommendation on how to remediate the issue identified in a finding. type Recommendation struct { _ struct{} `type:"structure"` @@ -23889,6 +24609,42 @@ func (s *Recommendation) SetUrl(v string) *Recommendation { return s } +// An occurrence of sensitive data in an Apache Avro object container or an +// Apache Parquet file. +type Record struct { + _ struct{} `type:"structure"` + + // The path, as a JSONPath expression, to the field in the record that contains + // the data. If the field name is longer than 20 characters, it is truncated. + // If the path is longer than 250 characters, it is truncated. + JsonPath *string `type:"string"` + + // The record index, starting from 0, for the record that contains the data. + RecordIndex *int64 `type:"long"` +} + +// String returns the string representation +func (s Record) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Record) GoString() string { + return s.String() +} + +// SetJsonPath sets the JsonPath field's value. +func (s *Record) SetJsonPath(v string) *Record { + s.JsonPath = &v + return s +} + +// SetRecordIndex sets the RecordIndex field's value. +func (s *Record) SetRecordIndex(v int64) *Record { + s.RecordIndex = &v + return s +} + // Details about a related finding. type RelatedFinding struct { _ struct{} `type:"structure"` @@ -23971,6 +24727,9 @@ func (s *Remediation) SetRecommendation(v *Recommendation) *Remediation { type Resource struct { _ struct{} `type:"structure"` + // Contains information about sensitive data that was detected on the resource. + DataClassification *DataClassificationDetails `type:"structure"` + // Additional details about the resource related to a finding. Details *ResourceDetails `type:"structure"` @@ -24035,6 +24794,12 @@ func (s *Resource) Validate() error { return nil } +// SetDataClassification sets the DataClassification field's value. +func (s *Resource) SetDataClassification(v *DataClassificationDetails) *Resource { + s.DataClassification = v + return s +} + // SetDetails sets the Details field's value. func (s *Resource) SetDetails(v *ResourceDetails) *Resource { s.Details = v @@ -24245,6 +25010,9 @@ type ResourceDetails struct { // Contains details about an Amazon Redshift cluster. AwsRedshiftCluster *AwsRedshiftClusterDetails `type:"structure"` + // Details about the Amazon S3 Public Access Block configuration for an account. + AwsS3AccountPublicAccessBlock *AwsS3AccountPublicAccessBlockDetails `type:"structure"` + // Details about an Amazon S3 bucket related to a finding. AwsS3Bucket *AwsS3BucketDetails `type:"structure"` @@ -24500,6 +25268,12 @@ func (s *ResourceDetails) SetAwsRedshiftCluster(v *AwsRedshiftClusterDetails) *R return s } +// SetAwsS3AccountPublicAccessBlock sets the AwsS3AccountPublicAccessBlock field's value. +func (s *ResourceDetails) SetAwsS3AccountPublicAccessBlock(v *AwsS3AccountPublicAccessBlockDetails) *ResourceDetails { + s.AwsS3AccountPublicAccessBlock = v + return s +} + // SetAwsS3Bucket sets the AwsS3Bucket field's value. func (s *ResourceDetails) SetAwsS3Bucket(v *AwsS3BucketDetails) *ResourceDetails { s.AwsS3Bucket = v @@ -24645,6 +25419,94 @@ func (s *Result) SetProcessingResult(v string) *Result { return s } +// The list of detected instances of sensitive data. +type SensitiveDataDetections struct { + _ struct{} `type:"structure"` + + // The total number of occurrences of sensitive data that were detected. + Count *int64 `type:"long"` + + // Details about the sensitive data that was detected. + Occurrences *Occurrences `type:"structure"` + + // The type of sensitive data that was detected. For example, the type might + // indicate that the data is an email address. + Type *string `type:"string"` +} + +// String returns the string representation +func (s SensitiveDataDetections) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SensitiveDataDetections) GoString() string { + return s.String() +} + +// SetCount sets the Count field's value. +func (s *SensitiveDataDetections) SetCount(v int64) *SensitiveDataDetections { + s.Count = &v + return s +} + +// SetOccurrences sets the Occurrences field's value. +func (s *SensitiveDataDetections) SetOccurrences(v *Occurrences) *SensitiveDataDetections { + s.Occurrences = v + return s +} + +// SetType sets the Type field's value. +func (s *SensitiveDataDetections) SetType(v string) *SensitiveDataDetections { + s.Type = &v + return s +} + +// Contains a detected instance of sensitive data that are based on built-in +// identifiers. +type SensitiveDataResult struct { + _ struct{} `type:"structure"` + + // The category of sensitive data that was detected. For example, the category + // can indicate that the sensitive data involved credentials, financial information, + // or personal information. + Category *string `type:"string"` + + // The list of detected instances of sensitive data. + Detections []*SensitiveDataDetections `type:"list"` + + // The total number of occurrences of sensitive data. + TotalCount *int64 `type:"long"` +} + +// String returns the string representation +func (s SensitiveDataResult) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SensitiveDataResult) GoString() string { + return s.String() +} + +// SetCategory sets the Category field's value. +func (s *SensitiveDataResult) SetCategory(v string) *SensitiveDataResult { + s.Category = &v + return s +} + +// SetDetections sets the Detections field's value. +func (s *SensitiveDataResult) SetDetections(v []*SensitiveDataDetections) *SensitiveDataResult { + s.Detections = v + return s +} + +// SetTotalCount sets the TotalCount field's value. +func (s *SensitiveDataResult) SetTotalCount(v int64) *SensitiveDataResult { + s.TotalCount = &v + return s +} + // The severity of the finding. // // The finding provider can provide the initial severity. The finding provider