# frozen_string_literal: true # WARNING ABOUT GENERATED CODE # # This file is generated. See the contributing guide for more information: # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md # # WARNING ABOUT GENERATED CODE module Aws::SecurityHub module Types # @note When making an API call, you may pass AcceptAdministratorInvitationRequest # data as a hash: # # { # administrator_id: "NonEmptyString", # required # invitation_id: "NonEmptyString", # required # } # # @!attribute [rw] administrator_id # The account ID of the Security Hub administrator account that sent # the invitation. # @return [String] # # @!attribute [rw] invitation_id # The identifier of the invitation sent from the Security Hub # administrator account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AcceptAdministratorInvitationRequest AWS API Documentation # class AcceptAdministratorInvitationRequest < Struct.new( :administrator_id, :invitation_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AcceptAdministratorInvitationResponse AWS API Documentation # class AcceptAdministratorInvitationResponse < Aws::EmptyStructure; end # @note When making an API call, you may pass AcceptInvitationRequest # data as a hash: # # { # master_id: "NonEmptyString", # required # invitation_id: "NonEmptyString", # required # } # # @!attribute [rw] master_id # The account ID of the Security Hub administrator account that sent # the invitation. # @return [String] # # @!attribute [rw] invitation_id # The identifier of the invitation sent from the Security Hub # administrator account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AcceptInvitationRequest AWS API Documentation # class AcceptInvitationRequest < Struct.new( :master_id, :invitation_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AcceptInvitationResponse AWS API Documentation # class AcceptInvitationResponse < Aws::EmptyStructure; end # You don't have permission to perform the action specified in the # request. # # @!attribute [rw] message # @return [String] # # @!attribute [rw] code # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AccessDeniedException AWS API Documentation # class AccessDeniedException < Struct.new( :message, :code) SENSITIVE = [] include Aws::Structure end # The details of an Amazon Web Services account. # # @note When making an API call, you may pass AccountDetails # data as a hash: # # { # account_id: "AccountId", # required # email: "NonEmptyString", # } # # @!attribute [rw] account_id # The ID of an Amazon Web Services account. # @return [String] # # @!attribute [rw] email # The email of an Amazon Web Services account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AccountDetails AWS API Documentation # class AccountDetails < Struct.new( :account_id, :email) SENSITIVE = [] include Aws::Structure end # Provides details about one of the following actions that affects or # that was taken on a resource: # # * A remote IP address issued an Amazon Web Services API call # # * A DNS request was received # # * A remote IP address attempted to connect to an EC2 instance # # * A remote IP address attempted a port probe on an EC2 instance # # @note When making an API call, you may pass Action # data as a hash: # # { # action_type: "NonEmptyString", # network_connection_action: { # connection_direction: "NonEmptyString", # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # remote_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # local_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # protocol: "NonEmptyString", # blocked: false, # }, # aws_api_call_action: { # api: "NonEmptyString", # service_name: "NonEmptyString", # caller_type: "NonEmptyString", # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # domain_details: { # domain: "NonEmptyString", # }, # affected_resources: { # "NonEmptyString" => "NonEmptyString", # }, # first_seen: "NonEmptyString", # last_seen: "NonEmptyString", # }, # dns_request_action: { # domain: "NonEmptyString", # protocol: "NonEmptyString", # blocked: false, # }, # port_probe_action: { # port_probe_details: [ # { # local_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # local_ip_details: { # ip_address_v4: "NonEmptyString", # }, # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # }, # ], # blocked: false, # }, # } # # @!attribute [rw] action_type # The type of action that was detected. The possible action types are: # # * `NETWORK_CONNECTION` # # * `AWS_API_CALL` # # * `DNS_REQUEST` # # * `PORT_PROBE` # @return [String] # # @!attribute [rw] network_connection_action # Included if `ActionType` is `NETWORK_CONNECTION`. Provides details # about the network connection that was detected. # @return [Types::NetworkConnectionAction] # # @!attribute [rw] aws_api_call_action # Included if `ActionType` is `AWS_API_CALL`. Provides details about # the API call that was detected. # @return [Types::AwsApiCallAction] # # @!attribute [rw] dns_request_action # Included if `ActionType` is `DNS_REQUEST`. Provides details about # the DNS request that was detected. # @return [Types::DnsRequestAction] # # @!attribute [rw] port_probe_action # Included if `ActionType` is `PORT_PROBE`. Provides details about the # port probe that was detected. # @return [Types::PortProbeAction] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Action AWS API Documentation # class Action < Struct.new( :action_type, :network_connection_action, :aws_api_call_action, :dns_request_action, :port_probe_action) SENSITIVE = [] include Aws::Structure end # Provides information about the IP address where the scanned port is # located. # # @note When making an API call, you may pass ActionLocalIpDetails # data as a hash: # # { # ip_address_v4: "NonEmptyString", # } # # @!attribute [rw] ip_address_v4 # The IP address. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionLocalIpDetails AWS API Documentation # class ActionLocalIpDetails < Struct.new( :ip_address_v4) SENSITIVE = [] include Aws::Structure end # For `NetworkConnectionAction` and `PortProbeDetails`, # `LocalPortDetails` provides information about the local port that was # involved in the action. # # @note When making an API call, you may pass ActionLocalPortDetails # data as a hash: # # { # port: 1, # port_name: "NonEmptyString", # } # # @!attribute [rw] port # The number of the port. # @return [Integer] # # @!attribute [rw] port_name # The port name of the local connection. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionLocalPortDetails AWS API Documentation # class ActionLocalPortDetails < Struct.new( :port, :port_name) SENSITIVE = [] include Aws::Structure end # For `AwsApiAction`, `NetworkConnectionAction`, and `PortProbeAction`, # `RemoteIpDetails` provides information about the remote IP address # that was involved in the action. # # @note When making an API call, you may pass ActionRemoteIpDetails # data as a hash: # # { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # } # # @!attribute [rw] ip_address_v4 # The IP address. # @return [String] # # @!attribute [rw] organization # The internet service provider (ISP) organization associated with the # remote IP address. # @return [Types::IpOrganizationDetails] # # @!attribute [rw] country # The country where the remote IP address is located. # @return [Types::Country] # # @!attribute [rw] city # The city where the remote IP address is located. # @return [Types::City] # # @!attribute [rw] geo_location # The coordinates of the location of the remote IP address. # @return [Types::GeoLocation] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionRemoteIpDetails AWS API Documentation # class ActionRemoteIpDetails < Struct.new( :ip_address_v4, :organization, :country, :city, :geo_location) SENSITIVE = [] include Aws::Structure end # Provides information about the remote port that was involved in an # attempted network connection. # # @note When making an API call, you may pass ActionRemotePortDetails # data as a hash: # # { # port: 1, # port_name: "NonEmptyString", # } # # @!attribute [rw] port # The number of the port. # @return [Integer] # # @!attribute [rw] port_name # The port name of the remote connection. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionRemotePortDetails AWS API Documentation # class ActionRemotePortDetails < Struct.new( :port, :port_name) SENSITIVE = [] include Aws::Structure end # An `ActionTarget` object. # # @!attribute [rw] action_target_arn # The ARN for the target action. # @return [String] # # @!attribute [rw] name # The name of the action target. # @return [String] # # @!attribute [rw] description # The description of the target action. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ActionTarget AWS API Documentation # class ActionTarget < Struct.new( :action_target_arn, :name, :description) SENSITIVE = [] include Aws::Structure end # An adjustment to the CVSS metric. # # @note When making an API call, you may pass Adjustment # data as a hash: # # { # metric: "NonEmptyString", # reason: "NonEmptyString", # } # # @!attribute [rw] metric # The metric to adjust. # @return [String] # # @!attribute [rw] reason # The reason for the adjustment. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Adjustment AWS API Documentation # class Adjustment < Struct.new( :metric, :reason) SENSITIVE = [] include Aws::Structure end # Represents a Security Hub administrator account designated by an # organization management account. # # @!attribute [rw] account_id # The Amazon Web Services account identifier of the Security Hub # administrator account. # @return [String] # # @!attribute [rw] status # The current status of the Security Hub administrator account. # Indicates whether the account is currently enabled as a Security Hub # administrator. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AdminAccount AWS API Documentation # class AdminAccount < Struct.new( :account_id, :status) SENSITIVE = [] include Aws::Structure end # Information about an Availability Zone. # # @note When making an API call, you may pass AvailabilityZone # data as a hash: # # { # zone_name: "NonEmptyString", # subnet_id: "NonEmptyString", # } # # @!attribute [rw] zone_name # The name of the Availability Zone. # @return [String] # # @!attribute [rw] subnet_id # The ID of the subnet. You can specify one subnet per Availability # Zone. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AvailabilityZone AWS API Documentation # class AvailabilityZone < Struct.new( :zone_name, :subnet_id) SENSITIVE = [] include Aws::Structure end # Provided if `ActionType` is `AWS_API_CALL`. It provides details about # the API call that was detected. # # @note When making an API call, you may pass AwsApiCallAction # data as a hash: # # { # api: "NonEmptyString", # service_name: "NonEmptyString", # caller_type: "NonEmptyString", # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # domain_details: { # domain: "NonEmptyString", # }, # affected_resources: { # "NonEmptyString" => "NonEmptyString", # }, # first_seen: "NonEmptyString", # last_seen: "NonEmptyString", # } # # @!attribute [rw] api # The name of the API method that was issued. # @return [String] # # @!attribute [rw] service_name # The name of the Amazon Web Services service that the API method # belongs to. # @return [String] # # @!attribute [rw] caller_type # Indicates whether the API call originated from a remote IP address # (`remoteip`) or from a DNS domain (`domain`). # @return [String] # # @!attribute [rw] remote_ip_details # Provided if `CallerType` is `remoteIp`. Provides information about # the remote IP address that the API call originated from. # @return [Types::ActionRemoteIpDetails] # # @!attribute [rw] domain_details # Provided if `CallerType` is `domain`. Provides information about the # DNS domain that the API call originated from. # @return [Types::AwsApiCallActionDomainDetails] # # @!attribute [rw] affected_resources # Identifies the resources that were affected by the API call. # @return [Hash] # # @!attribute [rw] first_seen # An ISO8601-formatted timestamp that indicates when the API call was # first observed. # @return [String] # # @!attribute [rw] last_seen # An ISO8601-formatted timestamp that indicates when the API call was # most recently observed. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiCallAction AWS API Documentation # class AwsApiCallAction < Struct.new( :api, :service_name, :caller_type, :remote_ip_details, :domain_details, :affected_resources, :first_seen, :last_seen) SENSITIVE = [] include Aws::Structure end # Provided if `CallerType` is `domain`. It provides information about # the DNS domain that issued the API call. # # @note When making an API call, you may pass AwsApiCallActionDomainDetails # data as a hash: # # { # domain: "NonEmptyString", # } # # @!attribute [rw] domain # The name of the DNS domain that issued the API call. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiCallActionDomainDetails AWS API Documentation # class AwsApiCallActionDomainDetails < Struct.new( :domain) SENSITIVE = [] include Aws::Structure end # Contains information about settings for logging access for the stage. # # @note When making an API call, you may pass AwsApiGatewayAccessLogSettings # data as a hash: # # { # format: "NonEmptyString", # destination_arn: "NonEmptyString", # } # # @!attribute [rw] format # A single-line format of the access logs of data, as specified by # selected `$context` variables. The format must include at least # `$context.requestId`. # @return [String] # # @!attribute [rw] destination_arn # The ARN of the CloudWatch Logs log group that receives the access # logs. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiGatewayAccessLogSettings AWS API Documentation # class AwsApiGatewayAccessLogSettings < Struct.new( :format, :destination_arn) SENSITIVE = [] include Aws::Structure end # Contains information about settings for canary deployment in the # stage. # # @note When making an API call, you may pass AwsApiGatewayCanarySettings # data as a hash: # # { # percent_traffic: 1.0, # deployment_id: "NonEmptyString", # stage_variable_overrides: { # "NonEmptyString" => "NonEmptyString", # }, # use_stage_cache: false, # } # # @!attribute [rw] percent_traffic # The percentage of traffic that is diverted to a canary deployment. # @return [Float] # # @!attribute [rw] deployment_id # The deployment identifier for the canary deployment. # @return [String] # # @!attribute [rw] stage_variable_overrides # Stage variables that are overridden in the canary release # deployment. The variables include new stage variables that are # introduced in the canary. # # Each variable is represented as a string-to-string map between the # stage variable name and the variable value. # @return [Hash] # # @!attribute [rw] use_stage_cache # Indicates whether the canary deployment uses the stage cache. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiGatewayCanarySettings AWS API Documentation # class AwsApiGatewayCanarySettings < Struct.new( :percent_traffic, :deployment_id, :stage_variable_overrides, :use_stage_cache) SENSITIVE = [] include Aws::Structure end # Contains information about the endpoints for the API. # # @note When making an API call, you may pass AwsApiGatewayEndpointConfiguration # data as a hash: # # { # types: ["NonEmptyString"], # } # # @!attribute [rw] types # A list of endpoint types for the REST API. # # For an edge-optimized API, the endpoint type is `EDGE`. For a # Regional API, the endpoint type is `REGIONAL`. For a private API, # the endpoint type is `PRIVATE`. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiGatewayEndpointConfiguration AWS API Documentation # class AwsApiGatewayEndpointConfiguration < Struct.new( :types) SENSITIVE = [] include Aws::Structure end # Defines settings for a method for the stage. # # @note When making an API call, you may pass AwsApiGatewayMethodSettings # data as a hash: # # { # metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # caching_enabled: false, # cache_ttl_in_seconds: 1, # cache_data_encrypted: false, # require_authorization_for_cache_control: false, # unauthorized_cache_control_header_strategy: "NonEmptyString", # http_method: "NonEmptyString", # resource_path: "NonEmptyString", # } # # @!attribute [rw] metrics_enabled # Indicates whether CloudWatch metrics are enabled for the method. # @return [Boolean] # # @!attribute [rw] logging_level # The logging level for this method. The logging level affects the log # entries that are pushed to CloudWatch Logs. # # If the logging level is `ERROR`, then the logs only include # error-level entries. # # If the logging level is `INFO`, then the logs include both `ERROR` # events and extra informational events. # # Valid values: `OFF` \| `ERROR` \| `INFO` # @return [String] # # @!attribute [rw] data_trace_enabled # Indicates whether data trace logging is enabled for the method. Data # trace logging affects the log entries that are pushed to CloudWatch # Logs. # @return [Boolean] # # @!attribute [rw] throttling_burst_limit # The throttling burst limit for the method. # @return [Integer] # # @!attribute [rw] throttling_rate_limit # The throttling rate limit for the method. # @return [Float] # # @!attribute [rw] caching_enabled # Indicates whether responses are cached and returned for requests. # For responses to be cached, a cache cluster must be enabled on the # stage. # @return [Boolean] # # @!attribute [rw] cache_ttl_in_seconds # Specifies the time to live (TTL), in seconds, for cached responses. # The higher the TTL, the longer the response is cached. # @return [Integer] # # @!attribute [rw] cache_data_encrypted # Indicates whether the cached responses are encrypted. # @return [Boolean] # # @!attribute [rw] require_authorization_for_cache_control # Indicates whether authorization is required for a cache invalidation # request. # @return [Boolean] # # @!attribute [rw] unauthorized_cache_control_header_strategy # Indicates how to handle unauthorized requests for cache # invalidation. # # Valid values: `FAIL_WITH_403` \| `SUCCEED_WITH_RESPONSE_HEADER` \| # `SUCCEED_WITHOUT_RESPONSE_HEADER` # @return [String] # # @!attribute [rw] http_method # The HTTP method. You can use an asterisk (*) as a wildcard to apply # method settings to multiple methods. # @return [String] # # @!attribute [rw] resource_path # The resource path for this method. Forward slashes (/) are encoded # as ~1 . The initial slash must include a forward slash. # # For example, the path value `/resource/subresource` must be encoded # as `/~1resource~1subresource`. # # To specify the root path, use only a slash (/). You can use an # asterisk (*) as a wildcard to apply method settings to multiple # methods. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiGatewayMethodSettings AWS API Documentation # class AwsApiGatewayMethodSettings < Struct.new( :metrics_enabled, :logging_level, :data_trace_enabled, :throttling_burst_limit, :throttling_rate_limit, :caching_enabled, :cache_ttl_in_seconds, :cache_data_encrypted, :require_authorization_for_cache_control, :unauthorized_cache_control_header_strategy, :http_method, :resource_path) SENSITIVE = [] include Aws::Structure end # Contains information about a REST API in version 1 of Amazon API # Gateway. # # @note When making an API call, you may pass AwsApiGatewayRestApiDetails # data as a hash: # # { # id: "NonEmptyString", # name: "NonEmptyString", # description: "NonEmptyString", # created_date: "NonEmptyString", # version: "NonEmptyString", # binary_media_types: ["NonEmptyString"], # minimum_compression_size: 1, # api_key_source: "NonEmptyString", # endpoint_configuration: { # types: ["NonEmptyString"], # }, # } # # @!attribute [rw] id # The identifier of the REST API. # @return [String] # # @!attribute [rw] name # The name of the REST API. # @return [String] # # @!attribute [rw] description # A description of the REST API. # @return [String] # # @!attribute [rw] created_date # Indicates when the API was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] version # The version identifier for the REST API. # @return [String] # # @!attribute [rw] binary_media_types # The list of binary media types supported by the REST API. # @return [Array] # # @!attribute [rw] minimum_compression_size # The minimum size in bytes of a payload before compression is # enabled. # # If `null`, then compression is disabled. # # If 0, then all payloads are compressed. # @return [Integer] # # @!attribute [rw] api_key_source # The source of the API key for metering requests according to a usage # plan. # # `HEADER` indicates whether to read the API key from the X-API-Key # header of a request. # # `AUTHORIZER` indicates whether to read the API key from the # `UsageIdentifierKey` from a custom authorizer. # @return [String] # # @!attribute [rw] endpoint_configuration # The endpoint configuration of the REST API. # @return [Types::AwsApiGatewayEndpointConfiguration] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiGatewayRestApiDetails AWS API Documentation # class AwsApiGatewayRestApiDetails < Struct.new( :id, :name, :description, :created_date, :version, :binary_media_types, :minimum_compression_size, :api_key_source, :endpoint_configuration) SENSITIVE = [] include Aws::Structure end # Provides information about a version 1 Amazon API Gateway stage. # # @note When making an API call, you may pass AwsApiGatewayStageDetails # data as a hash: # # { # deployment_id: "NonEmptyString", # client_certificate_id: "NonEmptyString", # stage_name: "NonEmptyString", # description: "NonEmptyString", # cache_cluster_enabled: false, # cache_cluster_size: "NonEmptyString", # cache_cluster_status: "NonEmptyString", # method_settings: [ # { # metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # caching_enabled: false, # cache_ttl_in_seconds: 1, # cache_data_encrypted: false, # require_authorization_for_cache_control: false, # unauthorized_cache_control_header_strategy: "NonEmptyString", # http_method: "NonEmptyString", # resource_path: "NonEmptyString", # }, # ], # variables: { # "NonEmptyString" => "NonEmptyString", # }, # documentation_version: "NonEmptyString", # access_log_settings: { # format: "NonEmptyString", # destination_arn: "NonEmptyString", # }, # canary_settings: { # percent_traffic: 1.0, # deployment_id: "NonEmptyString", # stage_variable_overrides: { # "NonEmptyString" => "NonEmptyString", # }, # use_stage_cache: false, # }, # tracing_enabled: false, # created_date: "NonEmptyString", # last_updated_date: "NonEmptyString", # web_acl_arn: "NonEmptyString", # } # # @!attribute [rw] deployment_id # The identifier of the deployment that the stage points to. # @return [String] # # @!attribute [rw] client_certificate_id # The identifier of the client certificate for the stage. # @return [String] # # @!attribute [rw] stage_name # The name of the stage. # @return [String] # # @!attribute [rw] description # A description of the stage. # @return [String] # # @!attribute [rw] cache_cluster_enabled # Indicates whether a cache cluster is enabled for the stage. # @return [Boolean] # # @!attribute [rw] cache_cluster_size # If a cache cluster is enabled, the size of the cache cluster. # @return [String] # # @!attribute [rw] cache_cluster_status # If a cache cluster is enabled, the status of the cache cluster. # @return [String] # # @!attribute [rw] method_settings # Defines the method settings for the stage. # @return [Array] # # @!attribute [rw] variables # A map that defines the stage variables for the stage. # # Variable names can have alphanumeric and underscore characters. # # Variable values can contain the following characters: # # * Uppercase and lowercase letters # # * Numbers # # * Special characters -.\_~:/?#&=, # @return [Hash] # # @!attribute [rw] documentation_version # The version of the API documentation that is associated with the # stage. # @return [String] # # @!attribute [rw] access_log_settings # Settings for logging access for the stage. # @return [Types::AwsApiGatewayAccessLogSettings] # # @!attribute [rw] canary_settings # Information about settings for canary deployment in the stage. # @return [Types::AwsApiGatewayCanarySettings] # # @!attribute [rw] tracing_enabled # Indicates whether active tracing with X-Ray is enabled for the # stage. # @return [Boolean] # # @!attribute [rw] created_date # Indicates when the stage was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] last_updated_date # Indicates when the stage was most recently updated. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] web_acl_arn # The ARN of the web ACL associated with the stage. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiGatewayStageDetails AWS API Documentation # class AwsApiGatewayStageDetails < Struct.new( :deployment_id, :client_certificate_id, :stage_name, :description, :cache_cluster_enabled, :cache_cluster_size, :cache_cluster_status, :method_settings, :variables, :documentation_version, :access_log_settings, :canary_settings, :tracing_enabled, :created_date, :last_updated_date, :web_acl_arn) SENSITIVE = [] include Aws::Structure end # Contains information about a version 2 API in Amazon API Gateway. # # @note When making an API call, you may pass AwsApiGatewayV2ApiDetails # data as a hash: # # { # api_endpoint: "NonEmptyString", # api_id: "NonEmptyString", # api_key_selection_expression: "NonEmptyString", # created_date: "NonEmptyString", # description: "NonEmptyString", # version: "NonEmptyString", # name: "NonEmptyString", # protocol_type: "NonEmptyString", # route_selection_expression: "NonEmptyString", # cors_configuration: { # allow_origins: ["NonEmptyString"], # allow_credentials: false, # expose_headers: ["NonEmptyString"], # max_age: 1, # allow_methods: ["NonEmptyString"], # allow_headers: ["NonEmptyString"], # }, # } # # @!attribute [rw] api_endpoint # The URI of the API. # # Uses the format ` .execute-api..amazonaws.com` # # The stage name is typically appended to the URI to form a complete # path to a deployed API stage. # @return [String] # # @!attribute [rw] api_id # The identifier of the API. # @return [String] # # @!attribute [rw] api_key_selection_expression # An API key selection expression. Supported only for WebSocket APIs. # @return [String] # # @!attribute [rw] created_date # Indicates when the API was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] description # A description of the API. # @return [String] # # @!attribute [rw] version # The version identifier for the API. # @return [String] # # @!attribute [rw] name # The name of the API. # @return [String] # # @!attribute [rw] protocol_type # The API protocol for the API. # # Valid values: `WEBSOCKET` \| `HTTP` # @return [String] # # @!attribute [rw] route_selection_expression # The route selection expression for the API. # # For HTTP APIs, must be `$\{request.method\} $\{request.path\}`. This # is the default value for HTTP APIs. # # For WebSocket APIs, there is no default value. # @return [String] # # @!attribute [rw] cors_configuration # A cross-origin resource sharing (CORS) configuration. Supported only # for HTTP APIs. # @return [Types::AwsCorsConfiguration] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiGatewayV2ApiDetails AWS API Documentation # class AwsApiGatewayV2ApiDetails < Struct.new( :api_endpoint, :api_id, :api_key_selection_expression, :created_date, :description, :version, :name, :protocol_type, :route_selection_expression, :cors_configuration) SENSITIVE = [] include Aws::Structure end # Contains route settings for a stage. # # @note When making an API call, you may pass AwsApiGatewayV2RouteSettings # data as a hash: # # { # detailed_metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # } # # @!attribute [rw] detailed_metrics_enabled # Indicates whether detailed metrics are enabled. # @return [Boolean] # # @!attribute [rw] logging_level # The logging level. The logging level affects the log entries that # are pushed to CloudWatch Logs. Supported only for WebSocket APIs. # # If the logging level is `ERROR`, then the logs only include # error-level entries. # # If the logging level is `INFO`, then the logs include both `ERROR` # events and extra informational events. # # Valid values: `OFF` \| `ERROR` \| `INFO` # @return [String] # # @!attribute [rw] data_trace_enabled # Indicates whether data trace logging is enabled. Data trace logging # affects the log entries that are pushed to CloudWatch Logs. # Supported only for WebSocket APIs. # @return [Boolean] # # @!attribute [rw] throttling_burst_limit # The throttling burst limit. # @return [Integer] # # @!attribute [rw] throttling_rate_limit # The throttling rate limit. # @return [Float] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiGatewayV2RouteSettings AWS API Documentation # class AwsApiGatewayV2RouteSettings < Struct.new( :detailed_metrics_enabled, :logging_level, :data_trace_enabled, :throttling_burst_limit, :throttling_rate_limit) SENSITIVE = [] include Aws::Structure end # Contains information about a version 2 stage for Amazon API Gateway. # # @note When making an API call, you may pass AwsApiGatewayV2StageDetails # data as a hash: # # { # client_certificate_id: "NonEmptyString", # created_date: "NonEmptyString", # description: "NonEmptyString", # default_route_settings: { # detailed_metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # }, # deployment_id: "NonEmptyString", # last_updated_date: "NonEmptyString", # route_settings: { # detailed_metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # }, # stage_name: "NonEmptyString", # stage_variables: { # "NonEmptyString" => "NonEmptyString", # }, # access_log_settings: { # format: "NonEmptyString", # destination_arn: "NonEmptyString", # }, # auto_deploy: false, # last_deployment_status_message: "NonEmptyString", # api_gateway_managed: false, # } # # @!attribute [rw] client_certificate_id # The identifier of a client certificate for a stage. Supported only # for WebSocket API calls. # @return [String] # # @!attribute [rw] created_date # Indicates when the stage was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] description # The description of the stage. # @return [String] # # @!attribute [rw] default_route_settings # Default route settings for the stage. # @return [Types::AwsApiGatewayV2RouteSettings] # # @!attribute [rw] deployment_id # The identifier of the deployment that the stage is associated with. # @return [String] # # @!attribute [rw] last_updated_date # Indicates when the stage was most recently updated. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] route_settings # The route settings for the stage. # @return [Types::AwsApiGatewayV2RouteSettings] # # @!attribute [rw] stage_name # The name of the stage. # @return [String] # # @!attribute [rw] stage_variables # A map that defines the stage variables for the stage. # # Variable names can have alphanumeric and underscore characters. # # Variable values can contain the following characters: # # * Uppercase and lowercase letters # # * Numbers # # * Special characters -.\_~:/?#&=, # @return [Hash] # # @!attribute [rw] access_log_settings # Information about settings for logging access for the stage. # @return [Types::AwsApiGatewayAccessLogSettings] # # @!attribute [rw] auto_deploy # Indicates whether updates to an API automatically trigger a new # deployment. # @return [Boolean] # # @!attribute [rw] last_deployment_status_message # The status of the last deployment of a stage. Supported only if the # stage has automatic deployment enabled. # @return [String] # # @!attribute [rw] api_gateway_managed # Indicates whether the stage is managed by API Gateway. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsApiGatewayV2StageDetails AWS API Documentation # class AwsApiGatewayV2StageDetails < Struct.new( :client_certificate_id, :created_date, :description, :default_route_settings, :deployment_id, :last_updated_date, :route_settings, :stage_name, :stage_variables, :access_log_settings, :auto_deploy, :last_deployment_status_message, :api_gateway_managed) SENSITIVE = [] include Aws::Structure end # An Availability Zone for the automatic scaling group. # # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails # data as a hash: # # { # value: "NonEmptyString", # } # # @!attribute [rw] value # The name of the Availability Zone. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails AWS API Documentation # class AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails < Struct.new( :value) SENSITIVE = [] include Aws::Structure end # Provides details about an auto scaling group. # # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupDetails # data as a hash: # # { # launch_configuration_name: "NonEmptyString", # load_balancer_names: ["NonEmptyString"], # health_check_type: "NonEmptyString", # health_check_grace_period: 1, # created_time: "NonEmptyString", # mixed_instances_policy: { # instances_distribution: { # on_demand_allocation_strategy: "NonEmptyString", # on_demand_base_capacity: 1, # on_demand_percentage_above_base_capacity: 1, # spot_allocation_strategy: "NonEmptyString", # spot_instance_pools: 1, # spot_max_price: "NonEmptyString", # }, # launch_template: { # launch_template_specification: { # launch_template_id: "NonEmptyString", # launch_template_name: "NonEmptyString", # version: "NonEmptyString", # }, # overrides: [ # { # instance_type: "NonEmptyString", # weighted_capacity: "NonEmptyString", # }, # ], # }, # }, # availability_zones: [ # { # value: "NonEmptyString", # }, # ], # } # # @!attribute [rw] launch_configuration_name # The name of the launch configuration. # @return [String] # # @!attribute [rw] load_balancer_names # The list of load balancers associated with the group. # @return [Array] # # @!attribute [rw] health_check_type # The service to use for the health checks. # @return [String] # # @!attribute [rw] health_check_grace_period # The amount of time, in seconds, that Amazon EC2 Auto Scaling waits # before it checks the health status of an EC2 instance that has come # into service. # @return [Integer] # # @!attribute [rw] created_time # Indicates when the auto scaling group was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] mixed_instances_policy # The mixed instances policy for the automatic scaling group. # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails] # # @!attribute [rw] availability_zones # The list of Availability Zones for the automatic scaling group. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupDetails AWS API Documentation # class AwsAutoScalingAutoScalingGroupDetails < Struct.new( :launch_configuration_name, :load_balancer_names, :health_check_type, :health_check_grace_period, :created_time, :mixed_instances_policy, :availability_zones) SENSITIVE = [] include Aws::Structure end # The mixed instances policy for the automatic scaling group. # # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails # data as a hash: # # { # instances_distribution: { # on_demand_allocation_strategy: "NonEmptyString", # on_demand_base_capacity: 1, # on_demand_percentage_above_base_capacity: 1, # spot_allocation_strategy: "NonEmptyString", # spot_instance_pools: 1, # spot_max_price: "NonEmptyString", # }, # launch_template: { # launch_template_specification: { # launch_template_id: "NonEmptyString", # launch_template_name: "NonEmptyString", # version: "NonEmptyString", # }, # overrides: [ # { # instance_type: "NonEmptyString", # weighted_capacity: "NonEmptyString", # }, # ], # }, # } # # @!attribute [rw] instances_distribution # The instances distribution. The instances distribution specifies the # distribution of On-Demand Instances and Spot Instances, the maximum # price to pay for Spot Instances, and how the Auto Scaling group # allocates instance types to fulfill On-Demand and Spot capacity. # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails] # # @!attribute [rw] launch_template # The launch template to use and the instance types (overrides) to use # to provision EC2 instances to fulfill On-Demand and Spot capacities. # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails AWS API Documentation # class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails < Struct.new( :instances_distribution, :launch_template) SENSITIVE = [] include Aws::Structure end # Information about the instances distribution. # # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails # data as a hash: # # { # on_demand_allocation_strategy: "NonEmptyString", # on_demand_base_capacity: 1, # on_demand_percentage_above_base_capacity: 1, # spot_allocation_strategy: "NonEmptyString", # spot_instance_pools: 1, # spot_max_price: "NonEmptyString", # } # # @!attribute [rw] on_demand_allocation_strategy # How to allocate instance types to fulfill On-Demand capacity. # @return [String] # # @!attribute [rw] on_demand_base_capacity # The minimum amount of the Auto Scaling group's capacity that must # be fulfilled by On-Demand Instances. # @return [Integer] # # @!attribute [rw] on_demand_percentage_above_base_capacity # The percentage of On-Demand Instances and Spot Instances for # additional capacity beyond `OnDemandBaseCapacity`. # @return [Integer] # # @!attribute [rw] spot_allocation_strategy # How to allocate instances across Spot Instance pools. # @return [String] # # @!attribute [rw] spot_instance_pools # The number of Spot Instance pools across which to allocate your Spot # Instances. # @return [Integer] # # @!attribute [rw] spot_max_price # The maximum price per unit hour that you are willing to pay for a # Spot Instance. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails AWS API Documentation # class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails < Struct.new( :on_demand_allocation_strategy, :on_demand_base_capacity, :on_demand_percentage_above_base_capacity, :spot_allocation_strategy, :spot_instance_pools, :spot_max_price) SENSITIVE = [] include Aws::Structure end # Describes a launch template and overrides for a mixed instances # policy. # # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails # data as a hash: # # { # launch_template_specification: { # launch_template_id: "NonEmptyString", # launch_template_name: "NonEmptyString", # version: "NonEmptyString", # }, # overrides: [ # { # instance_type: "NonEmptyString", # weighted_capacity: "NonEmptyString", # }, # ], # } # # @!attribute [rw] launch_template_specification # The launch template to use. # @return [Types::AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification] # # @!attribute [rw] overrides # Property values to use to override the values in the launch # template. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails AWS API Documentation # class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails < Struct.new( :launch_template_specification, :overrides) SENSITIVE = [] include Aws::Structure end # Details about the launch template to use. # # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification # data as a hash: # # { # launch_template_id: "NonEmptyString", # launch_template_name: "NonEmptyString", # version: "NonEmptyString", # } # # @!attribute [rw] launch_template_id # The identifier of the launch template. You must specify either # `LaunchTemplateId` or `LaunchTemplateName`. # @return [String] # # @!attribute [rw] launch_template_name # The name of the launch template. You must specify either # `LaunchTemplateId` or `LaunchTemplateName`. # @return [String] # # @!attribute [rw] version # Identifies the version of the launch template. You can specify a # version identifier, or use the values `$Latest` or `$Default`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification AWS API Documentation # class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification < Struct.new( :launch_template_id, :launch_template_name, :version) SENSITIVE = [] include Aws::Structure end # Property values to use to override the values in the launch template. # # @note When making an API call, you may pass AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails # data as a hash: # # { # instance_type: "NonEmptyString", # weighted_capacity: "NonEmptyString", # } # # @!attribute [rw] instance_type # The instance type. For example, `m3.xlarge`. # @return [String] # # @!attribute [rw] weighted_capacity # The number of capacity units provided by the specified instance type # in terms of virtual CPUs, memory, storage, throughput, or other # relative performance characteristic. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails AWS API Documentation # class AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails < Struct.new( :instance_type, :weighted_capacity) SENSITIVE = [] include Aws::Structure end # A block device for the instance. # # @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails # data as a hash: # # { # device_name: "NonEmptyString", # ebs: { # delete_on_termination: false, # encrypted: false, # iops: 1, # snapshot_id: "NonEmptyString", # volume_size: 1, # volume_type: "NonEmptyString", # }, # no_device: false, # virtual_name: "NonEmptyString", # } # # @!attribute [rw] device_name # The device name that is exposed to the EC2 instance. For example, # `/dev/sdh` or `xvdh`. # @return [String] # # @!attribute [rw] ebs # Parameters that are used to automatically set up Amazon EBS volumes # when an instance is launched. # @return [Types::AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails] # # @!attribute [rw] no_device # Whether to suppress the device that is included in the block device # mapping of the Amazon Machine Image (AMI). # # If `NoDevice` is `true`, then you cannot specify `Ebs`.> # @return [Boolean] # # @!attribute [rw] virtual_name # The name of the virtual device (for example, `ephemeral0`). # # You can provide either `VirtualName` or `Ebs`, but not both. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails AWS API Documentation # class AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails < Struct.new( :device_name, :ebs, :no_device, :virtual_name) SENSITIVE = [] include Aws::Structure end # Parameters that are used to automatically set up EBS volumes when an # instance is launched. # # @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails # data as a hash: # # { # delete_on_termination: false, # encrypted: false, # iops: 1, # snapshot_id: "NonEmptyString", # volume_size: 1, # volume_type: "NonEmptyString", # } # # @!attribute [rw] delete_on_termination # Whether to delete the volume when the instance is terminated. # @return [Boolean] # # @!attribute [rw] encrypted # Whether to encrypt the volume. # @return [Boolean] # # @!attribute [rw] iops # The number of input/output (I/O) operations per second (IOPS) to # provision for the volume. # # Only supported for `gp3` or `io1` volumes. Required for `io1` # volumes. Not used with `standard`, `gp2`, `st1`, or `sc1` volumes. # @return [Integer] # # @!attribute [rw] snapshot_id # The snapshot ID of the volume to use. # # You must specify either `VolumeSize` or `SnapshotId`. # @return [String] # # @!attribute [rw] volume_size # The volume size, in GiBs. The following are the supported volumes # sizes for each volume type: # # * gp2 and gp3: 1-16,384 # # * io1: 4-16,384 # # * st1 and sc1: 125-16,384 # # * standard: 1-1,024 # # You must specify either `SnapshotId` or `VolumeSize`. If you specify # both `SnapshotId` and `VolumeSize`, the volume size must be equal or # greater than the size of the snapshot. # @return [Integer] # # @!attribute [rw] volume_type # The volume type. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails AWS API Documentation # class AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails < Struct.new( :delete_on_termination, :encrypted, :iops, :snapshot_id, :volume_size, :volume_type) SENSITIVE = [] include Aws::Structure end # Details about a launch configuration. # # @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationDetails # data as a hash: # # { # associate_public_ip_address: false, # block_device_mappings: [ # { # device_name: "NonEmptyString", # ebs: { # delete_on_termination: false, # encrypted: false, # iops: 1, # snapshot_id: "NonEmptyString", # volume_size: 1, # volume_type: "NonEmptyString", # }, # no_device: false, # virtual_name: "NonEmptyString", # }, # ], # classic_link_vpc_id: "NonEmptyString", # classic_link_vpc_security_groups: ["NonEmptyString"], # created_time: "NonEmptyString", # ebs_optimized: false, # iam_instance_profile: "NonEmptyString", # image_id: "NonEmptyString", # instance_monitoring: { # enabled: false, # }, # instance_type: "NonEmptyString", # kernel_id: "NonEmptyString", # key_name: "NonEmptyString", # launch_configuration_name: "NonEmptyString", # placement_tenancy: "NonEmptyString", # ramdisk_id: "NonEmptyString", # security_groups: ["NonEmptyString"], # spot_price: "NonEmptyString", # user_data: "NonEmptyString", # metadata_options: { # http_endpoint: "NonEmptyString", # http_put_response_hop_limit: 1, # http_tokens: "NonEmptyString", # }, # } # # @!attribute [rw] associate_public_ip_address # For Auto Scaling groups that run in a VPC, specifies whether to # assign a public IP address to the group's instances. # @return [Boolean] # # @!attribute [rw] block_device_mappings # Specifies the block devices for the instance. # @return [Array] # # @!attribute [rw] classic_link_vpc_id # The identifier of a ClassicLink-enabled VPC that EC2-Classic # instances are linked to. # @return [String] # # @!attribute [rw] classic_link_vpc_security_groups # The identifiers of one or more security groups for the VPC that is # specified in `ClassicLinkVPCId`. # @return [Array] # # @!attribute [rw] created_time # The creation date and time for the launch configuration. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] ebs_optimized # Whether the launch configuration is optimized for Amazon EBS I/O. # @return [Boolean] # # @!attribute [rw] iam_instance_profile # The name or the ARN of the instance profile associated with the IAM # role for the instance. The instance profile contains the IAM role. # @return [String] # # @!attribute [rw] image_id # The identifier of the Amazon Machine Image (AMI) that is used to # launch EC2 instances. # @return [String] # # @!attribute [rw] instance_monitoring # Indicates the type of monitoring for instances in the group. # @return [Types::AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails] # # @!attribute [rw] instance_type # The instance type for the instances. # @return [String] # # @!attribute [rw] kernel_id # The identifier of the kernel associated with the AMI. # @return [String] # # @!attribute [rw] key_name # The name of the key pair. # @return [String] # # @!attribute [rw] launch_configuration_name # The name of the launch configuration. # @return [String] # # @!attribute [rw] placement_tenancy # The tenancy of the instance. An instance with `dedicated` tenancy # runs on isolated, single-tenant hardware and can only be launched # into a VPC. # @return [String] # # @!attribute [rw] ramdisk_id # The identifier of the RAM disk associated with the AMI. # @return [String] # # @!attribute [rw] security_groups # The security groups to assign to the instances in the Auto Scaling # group. # @return [Array] # # @!attribute [rw] spot_price # The maximum hourly price to be paid for any Spot Instance that is # launched to fulfill the request. # @return [String] # # @!attribute [rw] user_data # The user data to make available to the launched EC2 instances. Must # be base64-encoded text. # @return [String] # # @!attribute [rw] metadata_options # The metadata options for the instances. # @return [Types::AwsAutoScalingLaunchConfigurationMetadataOptions] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationDetails AWS API Documentation # class AwsAutoScalingLaunchConfigurationDetails < Struct.new( :associate_public_ip_address, :block_device_mappings, :classic_link_vpc_id, :classic_link_vpc_security_groups, :created_time, :ebs_optimized, :iam_instance_profile, :image_id, :instance_monitoring, :instance_type, :kernel_id, :key_name, :launch_configuration_name, :placement_tenancy, :ramdisk_id, :security_groups, :spot_price, :user_data, :metadata_options) SENSITIVE = [] include Aws::Structure end # Information about the type of monitoring for instances in the group. # # @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails # data as a hash: # # { # enabled: false, # } # # @!attribute [rw] enabled # If set to `true`, then instances in the group launch with detailed # monitoring. # # If set to `false`, then instances in the group launch with basic # monitoring. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails AWS API Documentation # class AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails < Struct.new( :enabled) SENSITIVE = [] include Aws::Structure end # The metadata options for the instances. # # @note When making an API call, you may pass AwsAutoScalingLaunchConfigurationMetadataOptions # data as a hash: # # { # http_endpoint: "NonEmptyString", # http_put_response_hop_limit: 1, # http_tokens: "NonEmptyString", # } # # @!attribute [rw] http_endpoint # Enables or disables the HTTP metadata endpoint on your instances. By # default, the metadata endpoint is enabled. # @return [String] # # @!attribute [rw] http_put_response_hop_limit # The HTTP `PUT` response hop limit for instance metadata requests. # The larger the number, the further instance metadata requests can # travel. # @return [Integer] # # @!attribute [rw] http_tokens # Indicates whether token usage is `required` or `optional` for # metadata requests. By default, token usage is `optional`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsAutoScalingLaunchConfigurationMetadataOptions AWS API Documentation # class AwsAutoScalingLaunchConfigurationMetadataOptions < Struct.new( :http_endpoint, :http_put_response_hop_limit, :http_tokens) SENSITIVE = [] include Aws::Structure end # Provides details about an Certificate Manager certificate. # # @note When making an API call, you may pass AwsCertificateManagerCertificateDetails # data as a hash: # # { # certificate_authority_arn: "NonEmptyString", # created_at: "NonEmptyString", # domain_name: "NonEmptyString", # domain_validation_options: [ # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # }, # ], # extended_key_usages: [ # { # name: "NonEmptyString", # o_id: "NonEmptyString", # }, # ], # failure_reason: "NonEmptyString", # imported_at: "NonEmptyString", # in_use_by: ["NonEmptyString"], # issued_at: "NonEmptyString", # issuer: "NonEmptyString", # key_algorithm: "NonEmptyString", # key_usages: [ # { # name: "NonEmptyString", # }, # ], # not_after: "NonEmptyString", # not_before: "NonEmptyString", # options: { # certificate_transparency_logging_preference: "NonEmptyString", # }, # renewal_eligibility: "NonEmptyString", # renewal_summary: { # domain_validation_options: [ # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # }, # ], # renewal_status: "NonEmptyString", # renewal_status_reason: "NonEmptyString", # updated_at: "NonEmptyString", # }, # serial: "NonEmptyString", # signature_algorithm: "NonEmptyString", # status: "NonEmptyString", # subject: "NonEmptyString", # subject_alternative_names: ["NonEmptyString"], # type: "NonEmptyString", # } # # @!attribute [rw] certificate_authority_arn # The ARN of the private certificate authority (CA) that will be used # to issue the certificate. # @return [String] # # @!attribute [rw] created_at # Indicates when the certificate was requested. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] domain_name # The fully qualified domain name (FQDN), such as www.example.com, # that is secured by the certificate. # @return [String] # # @!attribute [rw] domain_validation_options # Contains information about the initial validation of each domain # name that occurs as a result of the `RequestCertificate` request. # # Only provided if the certificate type is `AMAZON_ISSUED`. # @return [Array] # # @!attribute [rw] extended_key_usages # Contains a list of Extended Key Usage X.509 v3 extension objects. # Each object specifies a purpose for which the certificate public key # can be used and consists of a name and an object identifier (OID). # @return [Array] # # @!attribute [rw] failure_reason # For a failed certificate request, the reason for the failure. # # Valid values: `NO_AVAILABLE_CONTACTS` \| # `ADDITIONAL_VERIFICATION_REQUIRED` \| `DOMAIN_NOT_ALLOWED` \| # `INVALID_PUBLIC_DOMAIN` \| `DOMAIN_VALIDATION_DENIED` \| `CAA_ERROR` # \| `PCA_LIMIT_EXCEEDED` \| `PCA_INVALID_ARN` \| `PCA_INVALID_STATE` # \| `PCA_REQUEST_FAILED` \| `PCA_NAME_CONSTRAINTS_VALIDATION` \| # `PCA_RESOURCE_NOT_FOUND` \| `PCA_INVALID_ARGS` \| # `PCA_INVALID_DURATION` \| `PCA_ACCESS_DENIED` \| `SLR_NOT_FOUND` \| # `OTHER` # @return [String] # # @!attribute [rw] imported_at # Indicates when the certificate was imported. Provided if the # certificate type is `IMPORTED`. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] in_use_by # The list of ARNs for the Amazon Web Services resources that use the # certificate. # @return [Array] # # @!attribute [rw] issued_at # Indicates when the certificate was issued. Provided if the # certificate type is `AMAZON_ISSUED`. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] issuer # The name of the certificate authority that issued and signed the # certificate. # @return [String] # # @!attribute [rw] key_algorithm # The algorithm that was used to generate the public-private key pair. # # Valid values: `RSA_2048` \| `RSA_1024` \|` RSA_4096` \| # `EC_prime256v1` \| `EC_secp384r1` \| `EC_secp521r1` # @return [String] # # @!attribute [rw] key_usages # A list of key usage X.509 v3 extension objects. # @return [Array] # # @!attribute [rw] not_after # The time after which the certificate becomes invalid. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] not_before # The time before which the certificate is not valid. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] options # Provides a value that specifies whether to add the certificate to a # transparency log. # @return [Types::AwsCertificateManagerCertificateOptions] # # @!attribute [rw] renewal_eligibility # Whether the certificate is eligible for renewal. # # Valid values: `ELIGIBLE` \| `INELIGIBLE` # @return [String] # # @!attribute [rw] renewal_summary # Information about the status of the Certificate Manager managed # renewal for the certificate. Provided only when the certificate type # is `AMAZON_ISSUED`. # @return [Types::AwsCertificateManagerCertificateRenewalSummary] # # @!attribute [rw] serial # The serial number of the certificate. # @return [String] # # @!attribute [rw] signature_algorithm # The algorithm that was used to sign the certificate. # @return [String] # # @!attribute [rw] status # The status of the certificate. # # Valid values: `PENDING_VALIDATION` \| `ISSUED` \| `INACTIVE` \| # `EXPIRED` \| `VALIDATION_TIMED_OUT` \| `REVOKED` \| `FAILED` # @return [String] # # @!attribute [rw] subject # The name of the entity that is associated with the public key # contained in the certificate. # @return [String] # # @!attribute [rw] subject_alternative_names # One or more domain names (subject alternative names) included in the # certificate. This list contains the domain names that are bound to # the public key that is contained in the certificate. # # The subject alternative names include the canonical domain name (CN) # of the certificate and additional domain names that can be used to # connect to the website. # @return [Array] # # @!attribute [rw] type # The source of the certificate. For certificates that Certificate # Manager provides, `Type` is `AMAZON_ISSUED`. For certificates that # are imported with `ImportCertificate`, `Type` is `IMPORTED`. # # Valid values: `IMPORTED` \| `AMAZON_ISSUED` \| `PRIVATE` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCertificateManagerCertificateDetails AWS API Documentation # class AwsCertificateManagerCertificateDetails < Struct.new( :certificate_authority_arn, :created_at, :domain_name, :domain_validation_options, :extended_key_usages, :failure_reason, :imported_at, :in_use_by, :issued_at, :issuer, :key_algorithm, :key_usages, :not_after, :not_before, :options, :renewal_eligibility, :renewal_summary, :serial, :signature_algorithm, :status, :subject, :subject_alternative_names, :type) SENSITIVE = [] include Aws::Structure end # Contains information about one of the following: # # * The initial validation of each domain name that occurs as a result # of the `RequestCertificate` request # # * The validation of each domain name in the certificate, as it # pertains to Certificate Manager managed renewal # # @note When making an API call, you may pass AwsCertificateManagerCertificateDomainValidationOption # data as a hash: # # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # } # # @!attribute [rw] domain_name # A fully qualified domain name (FQDN) in the certificate. # @return [String] # # @!attribute [rw] resource_record # The CNAME record that is added to the DNS database for domain # validation. # @return [Types::AwsCertificateManagerCertificateResourceRecord] # # @!attribute [rw] validation_domain # The domain name that Certificate Manager uses to send domain # validation emails. # @return [String] # # @!attribute [rw] validation_emails # A list of email addresses that Certificate Manager uses to send # domain validation emails. # @return [Array] # # @!attribute [rw] validation_method # The method used to validate the domain name. # @return [String] # # @!attribute [rw] validation_status # The validation status of the domain name. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCertificateManagerCertificateDomainValidationOption AWS API Documentation # class AwsCertificateManagerCertificateDomainValidationOption < Struct.new( :domain_name, :resource_record, :validation_domain, :validation_emails, :validation_method, :validation_status) SENSITIVE = [] include Aws::Structure end # Contains information about an extended key usage X.509 v3 extension # object. # # @note When making an API call, you may pass AwsCertificateManagerCertificateExtendedKeyUsage # data as a hash: # # { # name: "NonEmptyString", # o_id: "NonEmptyString", # } # # @!attribute [rw] name # The name of an extension value. Indicates the purpose for which the # certificate public key can be used. # @return [String] # # @!attribute [rw] o_id # An object identifier (OID) for the extension value. # # The format is numbers separated by periods. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCertificateManagerCertificateExtendedKeyUsage AWS API Documentation # class AwsCertificateManagerCertificateExtendedKeyUsage < Struct.new( :name, :o_id) SENSITIVE = [] include Aws::Structure end # Contains information about a key usage X.509 v3 extension object. # # @note When making an API call, you may pass AwsCertificateManagerCertificateKeyUsage # data as a hash: # # { # name: "NonEmptyString", # } # # @!attribute [rw] name # The key usage extension name. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCertificateManagerCertificateKeyUsage AWS API Documentation # class AwsCertificateManagerCertificateKeyUsage < Struct.new( :name) SENSITIVE = [] include Aws::Structure end # Contains other options for the certificate. # # @note When making an API call, you may pass AwsCertificateManagerCertificateOptions # data as a hash: # # { # certificate_transparency_logging_preference: "NonEmptyString", # } # # @!attribute [rw] certificate_transparency_logging_preference # Whether to add the certificate to a transparency log. # # Valid values: `DISABLED` \| `ENABLED` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCertificateManagerCertificateOptions AWS API Documentation # class AwsCertificateManagerCertificateOptions < Struct.new( :certificate_transparency_logging_preference) SENSITIVE = [] include Aws::Structure end # Contains information about the Certificate Manager managed renewal for # an `AMAZON_ISSUED` certificate. # # @note When making an API call, you may pass AwsCertificateManagerCertificateRenewalSummary # data as a hash: # # { # domain_validation_options: [ # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # }, # ], # renewal_status: "NonEmptyString", # renewal_status_reason: "NonEmptyString", # updated_at: "NonEmptyString", # } # # @!attribute [rw] domain_validation_options # Information about the validation of each domain name in the # certificate, as it pertains to Certificate Manager managed renewal. # Provided only when the certificate type is `AMAZON_ISSUED`. # @return [Array] # # @!attribute [rw] renewal_status # The status of the Certificate Manager managed renewal of the # certificate. # # Valid values: `PENDING_AUTO_RENEWAL` \| `PENDING_VALIDATION` \| # `SUCCESS` \| `FAILED` # @return [String] # # @!attribute [rw] renewal_status_reason # The reason that a renewal request was unsuccessful. # # Valid values: `NO_AVAILABLE_CONTACTS` \| # `ADDITIONAL_VERIFICATION_REQUIRED` \| `DOMAIN_NOT_ALLOWED` \| # `INVALID_PUBLIC_DOMAIN` \| `DOMAIN_VALIDATION_DENIED` \| `CAA_ERROR` # \| `PCA_LIMIT_EXCEEDED` \| `PCA_INVALID_ARN` \| `PCA_INVALID_STATE` # \| `PCA_REQUEST_FAILED` \| `PCA_NAME_CONSTRAINTS_VALIDATION` \| # `PCA_RESOURCE_NOT_FOUND` \| `PCA_INVALID_ARGS` \| # `PCA_INVALID_DURATION` \| `PCA_ACCESS_DENIED` \| `SLR_NOT_FOUND` \| # `OTHER` # @return [String] # # @!attribute [rw] updated_at # Indicates when the renewal summary was last updated. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCertificateManagerCertificateRenewalSummary AWS API Documentation # class AwsCertificateManagerCertificateRenewalSummary < Struct.new( :domain_validation_options, :renewal_status, :renewal_status_reason, :updated_at) SENSITIVE = [] include Aws::Structure end # Provides details about the CNAME record that is added to the DNS # database for domain validation. # # @note When making an API call, you may pass AwsCertificateManagerCertificateResourceRecord # data as a hash: # # { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] name # The name of the resource. # @return [String] # # @!attribute [rw] type # The type of resource. # @return [String] # # @!attribute [rw] value # The value of the resource. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCertificateManagerCertificateResourceRecord AWS API Documentation # class AwsCertificateManagerCertificateResourceRecord < Struct.new( :name, :type, :value) SENSITIVE = [] include Aws::Structure end # Information about a cache behavior for the distribution. # # @note When making an API call, you may pass AwsCloudFrontDistributionCacheBehavior # data as a hash: # # { # viewer_protocol_policy: "NonEmptyString", # } # # @!attribute [rw] viewer_protocol_policy # The protocol that viewers can use to access the files in an origin. # You can specify the following options: # # * `allow-all` - Viewers can use HTTP or HTTPS. # # * `redirect-to-https` - CloudFront responds to HTTP requests with an # HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The # viewer then uses the new URL to resubmit. # # * `https-only` - CloudFront responds to HTTP request with an HTTP # status code of 403 (Forbidden). # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionCacheBehavior AWS API Documentation # class AwsCloudFrontDistributionCacheBehavior < Struct.new( :viewer_protocol_policy) SENSITIVE = [] include Aws::Structure end # Provides information about caching for the distribution. # # @note When making an API call, you may pass AwsCloudFrontDistributionCacheBehaviors # data as a hash: # # { # items: [ # { # viewer_protocol_policy: "NonEmptyString", # }, # ], # } # # @!attribute [rw] items # The cache behaviors for the distribution. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionCacheBehaviors AWS API Documentation # class AwsCloudFrontDistributionCacheBehaviors < Struct.new( :items) SENSITIVE = [] include Aws::Structure end # Contains information about the default cache configuration for the # distribution. # # @note When making an API call, you may pass AwsCloudFrontDistributionDefaultCacheBehavior # data as a hash: # # { # viewer_protocol_policy: "NonEmptyString", # } # # @!attribute [rw] viewer_protocol_policy # The protocol that viewers can use to access the files in an origin. # You can specify the following options: # # * `allow-all` - Viewers can use HTTP or HTTPS. # # * `redirect-to-https` - CloudFront responds to HTTP requests with an # HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The # viewer then uses the new URL to resubmit. # # * `https-only` - CloudFront responds to HTTP request with an HTTP # status code of 403 (Forbidden). # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionDefaultCacheBehavior AWS API Documentation # class AwsCloudFrontDistributionDefaultCacheBehavior < Struct.new( :viewer_protocol_policy) SENSITIVE = [] include Aws::Structure end # A distribution configuration. # # @note When making an API call, you may pass AwsCloudFrontDistributionDetails # data as a hash: # # { # cache_behaviors: { # items: [ # { # viewer_protocol_policy: "NonEmptyString", # }, # ], # }, # default_cache_behavior: { # viewer_protocol_policy: "NonEmptyString", # }, # default_root_object: "NonEmptyString", # domain_name: "NonEmptyString", # etag: "NonEmptyString", # last_modified_time: "NonEmptyString", # logging: { # bucket: "NonEmptyString", # enabled: false, # include_cookies: false, # prefix: "NonEmptyString", # }, # origins: { # items: [ # { # domain_name: "NonEmptyString", # id: "NonEmptyString", # origin_path: "NonEmptyString", # s3_origin_config: { # origin_access_identity: "NonEmptyString", # }, # }, # ], # }, # origin_groups: { # items: [ # { # failover_criteria: { # status_codes: { # items: [1], # quantity: 1, # }, # }, # }, # ], # }, # viewer_certificate: { # acm_certificate_arn: "NonEmptyString", # certificate: "NonEmptyString", # certificate_source: "NonEmptyString", # cloud_front_default_certificate: false, # iam_certificate_id: "NonEmptyString", # minimum_protocol_version: "NonEmptyString", # ssl_support_method: "NonEmptyString", # }, # status: "NonEmptyString", # web_acl_id: "NonEmptyString", # } # # @!attribute [rw] cache_behaviors # Provides information about the cache configuration for the # distribution. # @return [Types::AwsCloudFrontDistributionCacheBehaviors] # # @!attribute [rw] default_cache_behavior # The default cache behavior for the configuration. # @return [Types::AwsCloudFrontDistributionDefaultCacheBehavior] # # @!attribute [rw] default_root_object # The object that CloudFront sends in response to requests from the # origin (for example, index.html) when a viewer requests the root URL # for the distribution (http://www.example.com) instead of an object # in your distribution # (http://www.example.com/product-description.html). # @return [String] # # @!attribute [rw] domain_name # The domain name corresponding to the distribution. # @return [String] # # @!attribute [rw] etag # The entity tag is a hash of the object. # @return [String] # # @!attribute [rw] last_modified_time # Indicates when that the distribution was last modified. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] logging # A complex type that controls whether access logs are written for the # distribution. # @return [Types::AwsCloudFrontDistributionLogging] # # @!attribute [rw] origins # A complex type that contains information about origins for this # distribution. # @return [Types::AwsCloudFrontDistributionOrigins] # # @!attribute [rw] origin_groups # Provides information about the origin groups in the distribution. # @return [Types::AwsCloudFrontDistributionOriginGroups] # # @!attribute [rw] viewer_certificate # Provides information about the TLS/SSL configuration that the # distribution uses to communicate with viewers. # @return [Types::AwsCloudFrontDistributionViewerCertificate] # # @!attribute [rw] status # Indicates the current status of the distribution. # @return [String] # # @!attribute [rw] web_acl_id # A unique identifier that specifies the WAF web ACL, if any, to # associate with this distribution. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionDetails AWS API Documentation # class AwsCloudFrontDistributionDetails < Struct.new( :cache_behaviors, :default_cache_behavior, :default_root_object, :domain_name, :etag, :last_modified_time, :logging, :origins, :origin_groups, :viewer_certificate, :status, :web_acl_id) SENSITIVE = [] include Aws::Structure end # A complex type that controls whether access logs are written for the # distribution. # # @note When making an API call, you may pass AwsCloudFrontDistributionLogging # data as a hash: # # { # bucket: "NonEmptyString", # enabled: false, # include_cookies: false, # prefix: "NonEmptyString", # } # # @!attribute [rw] bucket # The S3 bucket to store the access logs in. # @return [String] # # @!attribute [rw] enabled # With this field, you can enable or disable the selected # distribution. # @return [Boolean] # # @!attribute [rw] include_cookies # Specifies whether you want CloudFront to include cookies in access # logs. # @return [Boolean] # # @!attribute [rw] prefix # An optional string that you want CloudFront to use as a prefix to # the access log filenames for this distribution. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionLogging AWS API Documentation # class AwsCloudFrontDistributionLogging < Struct.new( :bucket, :enabled, :include_cookies, :prefix) SENSITIVE = [] include Aws::Structure end # Information about an origin group for the distribution. # # @note When making an API call, you may pass AwsCloudFrontDistributionOriginGroup # data as a hash: # # { # failover_criteria: { # status_codes: { # items: [1], # quantity: 1, # }, # }, # } # # @!attribute [rw] failover_criteria # Provides the criteria for an origin group to fail over. # @return [Types::AwsCloudFrontDistributionOriginGroupFailover] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginGroup AWS API Documentation # class AwsCloudFrontDistributionOriginGroup < Struct.new( :failover_criteria) SENSITIVE = [] include Aws::Structure end # Provides information about when an origin group fails over. # # @note When making an API call, you may pass AwsCloudFrontDistributionOriginGroupFailover # data as a hash: # # { # status_codes: { # items: [1], # quantity: 1, # }, # } # # @!attribute [rw] status_codes # Information about the status codes that cause an origin group to # fail over. # @return [Types::AwsCloudFrontDistributionOriginGroupFailoverStatusCodes] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginGroupFailover AWS API Documentation # class AwsCloudFrontDistributionOriginGroupFailover < Struct.new( :status_codes) SENSITIVE = [] include Aws::Structure end # The status codes that cause an origin group to fail over. # # @note When making an API call, you may pass AwsCloudFrontDistributionOriginGroupFailoverStatusCodes # data as a hash: # # { # items: [1], # quantity: 1, # } # # @!attribute [rw] items # The list of status code values that can cause a failover to the next # origin. # @return [Array] # # @!attribute [rw] quantity # The number of status codes that can cause a failover. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginGroupFailoverStatusCodes AWS API Documentation # class AwsCloudFrontDistributionOriginGroupFailoverStatusCodes < Struct.new( :items, :quantity) SENSITIVE = [] include Aws::Structure end # Provides information about origin groups that are associated with the # distribution. # # @note When making an API call, you may pass AwsCloudFrontDistributionOriginGroups # data as a hash: # # { # items: [ # { # failover_criteria: { # status_codes: { # items: [1], # quantity: 1, # }, # }, # }, # ], # } # # @!attribute [rw] items # The list of origin groups. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginGroups AWS API Documentation # class AwsCloudFrontDistributionOriginGroups < Struct.new( :items) SENSITIVE = [] include Aws::Structure end # A complex type that describes the S3 bucket, HTTP server (for example, # a web server), AWS Elemental MediaStore, or other server from which # CloudFront gets your files. # # @note When making an API call, you may pass AwsCloudFrontDistributionOriginItem # data as a hash: # # { # domain_name: "NonEmptyString", # id: "NonEmptyString", # origin_path: "NonEmptyString", # s3_origin_config: { # origin_access_identity: "NonEmptyString", # }, # } # # @!attribute [rw] domain_name # Amazon S3 origins: The DNS name of the S3 bucket from which you want # CloudFront to get objects for this origin. # @return [String] # # @!attribute [rw] id # A unique identifier for the origin or origin group. # @return [String] # # @!attribute [rw] origin_path # An optional element that causes CloudFront to request your content # from a directory in your Amazon S3 bucket or your custom origin. # @return [String] # # @!attribute [rw] s3_origin_config # An origin that is an S3 bucket that is not configured with static # website hosting. # @return [Types::AwsCloudFrontDistributionOriginS3OriginConfig] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginItem AWS API Documentation # class AwsCloudFrontDistributionOriginItem < Struct.new( :domain_name, :id, :origin_path, :s3_origin_config) SENSITIVE = [] include Aws::Structure end # Information about an origin that is an S3 bucket that is not # configured with static website hosting. # # @note When making an API call, you may pass AwsCloudFrontDistributionOriginS3OriginConfig # data as a hash: # # { # origin_access_identity: "NonEmptyString", # } # # @!attribute [rw] origin_access_identity # The CloudFront origin access identity to associate with the origin. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOriginS3OriginConfig AWS API Documentation # class AwsCloudFrontDistributionOriginS3OriginConfig < Struct.new( :origin_access_identity) SENSITIVE = [] include Aws::Structure end # A complex type that contains information about origins and origin # groups for this distribution. # # @note When making an API call, you may pass AwsCloudFrontDistributionOrigins # data as a hash: # # { # items: [ # { # domain_name: "NonEmptyString", # id: "NonEmptyString", # origin_path: "NonEmptyString", # s3_origin_config: { # origin_access_identity: "NonEmptyString", # }, # }, # ], # } # # @!attribute [rw] items # A complex type that contains origins or origin groups for this # distribution. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionOrigins AWS API Documentation # class AwsCloudFrontDistributionOrigins < Struct.new( :items) SENSITIVE = [] include Aws::Structure end # Provides information about the TLS/SSL configuration that the # distribution uses to communicate with viewers. # # @note When making an API call, you may pass AwsCloudFrontDistributionViewerCertificate # data as a hash: # # { # acm_certificate_arn: "NonEmptyString", # certificate: "NonEmptyString", # certificate_source: "NonEmptyString", # cloud_front_default_certificate: false, # iam_certificate_id: "NonEmptyString", # minimum_protocol_version: "NonEmptyString", # ssl_support_method: "NonEmptyString", # } # # @!attribute [rw] acm_certificate_arn # The ARN of the ACM certificate. Used if the certificate is stored in # ACM. If you provide an ACM certificate ARN, you must also provide # `MinimumCertificateVersion` and `SslSupportMethod`. # @return [String] # # @!attribute [rw] certificate # The identifier of the certificate. Note that in CloudFront, this # attribute is deprecated. # @return [String] # # @!attribute [rw] certificate_source # The source of the certificate identified by `Certificate`. Note that # in CloudFront, this attribute is deprecated. # @return [String] # # @!attribute [rw] cloud_front_default_certificate # Whether the distribution uses the CloudFront domain name. If set to # `false`, then you provide either `AcmCertificateArn` or # `IamCertificateId`. # @return [Boolean] # # @!attribute [rw] iam_certificate_id # The identifier of the IAM certificate. Used if the certificate is # stored in IAM. If you provide `IamCertificateId`, then you also must # provide `MinimumProtocolVersion` and `SslSupportMethod`. # @return [String] # # @!attribute [rw] minimum_protocol_version # The security policy that CloudFront uses for HTTPS connections with # viewers. If `SslSupportMethod` is `sni-only`, then # `MinimumProtocolVersion` must be `TLSv1` or higher. # @return [String] # # @!attribute [rw] ssl_support_method # The viewers that the distribution accepts HTTPS connections from. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudFrontDistributionViewerCertificate AWS API Documentation # class AwsCloudFrontDistributionViewerCertificate < Struct.new( :acm_certificate_arn, :certificate, :certificate_source, :cloud_front_default_certificate, :iam_certificate_id, :minimum_protocol_version, :ssl_support_method) SENSITIVE = [] include Aws::Structure end # Provides details about a CloudTrail trail. # # @note When making an API call, you may pass AwsCloudTrailTrailDetails # data as a hash: # # { # cloud_watch_logs_log_group_arn: "NonEmptyString", # cloud_watch_logs_role_arn: "NonEmptyString", # has_custom_event_selectors: false, # home_region: "NonEmptyString", # include_global_service_events: false, # is_multi_region_trail: false, # is_organization_trail: false, # kms_key_id: "NonEmptyString", # log_file_validation_enabled: false, # name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_key_prefix: "NonEmptyString", # sns_topic_arn: "NonEmptyString", # sns_topic_name: "NonEmptyString", # trail_arn: "NonEmptyString", # } # # @!attribute [rw] cloud_watch_logs_log_group_arn # The ARN of the log group that CloudTrail logs are delivered to. # @return [String] # # @!attribute [rw] cloud_watch_logs_role_arn # The ARN of the role that the CloudWatch Events endpoint assumes when # it writes to the log group. # @return [String] # # @!attribute [rw] has_custom_event_selectors # Indicates whether the trail has custom event selectors. # @return [Boolean] # # @!attribute [rw] home_region # The Region where the trail was created. # @return [String] # # @!attribute [rw] include_global_service_events # Indicates whether the trail publishes events from global services # such as IAM to the log files. # @return [Boolean] # # @!attribute [rw] is_multi_region_trail # Indicates whether the trail applies only to the current Region or to # all Regions. # @return [Boolean] # # @!attribute [rw] is_organization_trail # Whether the trail is created for all accounts in an organization in # Organizations, or only for the current Amazon Web Services account. # @return [Boolean] # # @!attribute [rw] kms_key_id # The KMS key ID to use to encrypt the logs. # @return [String] # # @!attribute [rw] log_file_validation_enabled # Indicates whether CloudTrail log file validation is enabled. # @return [Boolean] # # @!attribute [rw] name # The name of the trail. # @return [String] # # @!attribute [rw] s3_bucket_name # The name of the S3 bucket where the log files are published. # @return [String] # # @!attribute [rw] s3_key_prefix # The S3 key prefix. The key prefix is added after the name of the S3 # bucket where the log files are published. # @return [String] # # @!attribute [rw] sns_topic_arn # The ARN of the SNS topic that is used for notifications of log file # delivery. # @return [String] # # @!attribute [rw] sns_topic_name # The name of the SNS topic that is used for notifications of log file # delivery. # @return [String] # # @!attribute [rw] trail_arn # The ARN of the trail. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCloudTrailTrailDetails AWS API Documentation # class AwsCloudTrailTrailDetails < Struct.new( :cloud_watch_logs_log_group_arn, :cloud_watch_logs_role_arn, :has_custom_event_selectors, :home_region, :include_global_service_events, :is_multi_region_trail, :is_organization_trail, :kms_key_id, :log_file_validation_enabled, :name, :s3_bucket_name, :s3_key_prefix, :sns_topic_arn, :sns_topic_name, :trail_arn) SENSITIVE = [] include Aws::Structure end # Information about the build artifacts for the CodeBuild project. # # @note When making an API call, you may pass AwsCodeBuildProjectArtifactsDetails # data as a hash: # # { # artifact_identifier: "NonEmptyString", # encryption_disabled: false, # location: "NonEmptyString", # name: "NonEmptyString", # namespace_type: "NonEmptyString", # override_artifact_name: false, # packaging: "NonEmptyString", # path: "NonEmptyString", # type: "NonEmptyString", # } # # @!attribute [rw] artifact_identifier # An identifier for the artifact definition. # @return [String] # # @!attribute [rw] encryption_disabled # Indicates whether to disable encryption on the artifact. Only valid # when `Type` is `S3`. # @return [Boolean] # # @!attribute [rw] location # Only used when `Type` is `S3`. The name of the S3 bucket where the # artifact is located. # @return [String] # # @!attribute [rw] name # Only used when Type is S3. The name of the artifact. Used with # `NamepaceType` and `Path` to determine the pattern for storing the # artifact. # @return [String] # # @!attribute [rw] namespace_type # Only used when `Type` is `S3`. The value to use for the namespace. # Used with `Name` and `Path` to determine the pattern for storing the # artifact. # @return [String] # # @!attribute [rw] override_artifact_name # Whether the name specified in the buildspec file overrides the # artifact name. # @return [Boolean] # # @!attribute [rw] packaging # Only used when `Type` is `S3`. The type of output artifact to # create. # @return [String] # # @!attribute [rw] path # Only used when `Type` is `S3`. The path to the artifact. Used with # `Name` and `NamespaceType` to determine the pattern for storing the # artifact. # @return [String] # # @!attribute [rw] type # The type of build artifact. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCodeBuildProjectArtifactsDetails AWS API Documentation # class AwsCodeBuildProjectArtifactsDetails < Struct.new( :artifact_identifier, :encryption_disabled, :location, :name, :namespace_type, :override_artifact_name, :packaging, :path, :type) SENSITIVE = [] include Aws::Structure end # Information about an CodeBuild project. # # @note When making an API call, you may pass AwsCodeBuildProjectDetails # data as a hash: # # { # encryption_key: "NonEmptyString", # artifacts: [ # { # artifact_identifier: "NonEmptyString", # encryption_disabled: false, # location: "NonEmptyString", # name: "NonEmptyString", # namespace_type: "NonEmptyString", # override_artifact_name: false, # packaging: "NonEmptyString", # path: "NonEmptyString", # type: "NonEmptyString", # }, # ], # environment: { # certificate: "NonEmptyString", # environment_variables: [ # { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # privileged_mode: false, # image_pull_credentials_type: "NonEmptyString", # registry_credential: { # credential: "NonEmptyString", # credential_provider: "NonEmptyString", # }, # type: "NonEmptyString", # }, # name: "NonEmptyString", # source: { # type: "NonEmptyString", # location: "NonEmptyString", # git_clone_depth: 1, # insecure_ssl: false, # }, # service_role: "NonEmptyString", # logs_config: { # cloud_watch_logs: { # group_name: "NonEmptyString", # status: "NonEmptyString", # stream_name: "NonEmptyString", # }, # s3_logs: { # encryption_disabled: false, # location: "NonEmptyString", # status: "NonEmptyString", # }, # }, # vpc_config: { # vpc_id: "NonEmptyString", # subnets: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # }, # } # # @!attribute [rw] encryption_key # The KMS key used to encrypt the build output artifacts. # # You can specify either the ARN of the KMS key or, if available, the # KMS key alias (using the format alias/alias-name). # @return [String] # # @!attribute [rw] artifacts # Information about the build artifacts for the CodeBuild project. # @return [Array] # # @!attribute [rw] environment # Information about the build environment for this build project. # @return [Types::AwsCodeBuildProjectEnvironment] # # @!attribute [rw] name # The name of the build project. # @return [String] # # @!attribute [rw] source # Information about the build input source code for this build # project. # @return [Types::AwsCodeBuildProjectSource] # # @!attribute [rw] service_role # The ARN of the IAM role that enables CodeBuild to interact with # dependent Amazon Web Services services on behalf of the Amazon Web # Services account. # @return [String] # # @!attribute [rw] logs_config # Information about logs for the build project. # @return [Types::AwsCodeBuildProjectLogsConfigDetails] # # @!attribute [rw] vpc_config # Information about the VPC configuration that CodeBuild accesses. # @return [Types::AwsCodeBuildProjectVpcConfig] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCodeBuildProjectDetails AWS API Documentation # class AwsCodeBuildProjectDetails < Struct.new( :encryption_key, :artifacts, :environment, :name, :source, :service_role, :logs_config, :vpc_config) SENSITIVE = [] include Aws::Structure end # Information about the build environment for this build project. # # @note When making an API call, you may pass AwsCodeBuildProjectEnvironment # data as a hash: # # { # certificate: "NonEmptyString", # environment_variables: [ # { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # privileged_mode: false, # image_pull_credentials_type: "NonEmptyString", # registry_credential: { # credential: "NonEmptyString", # credential_provider: "NonEmptyString", # }, # type: "NonEmptyString", # } # # @!attribute [rw] certificate # The certificate to use with this build project. # @return [String] # # @!attribute [rw] environment_variables # A set of environment variables to make available to builds for the # build project. # @return [Array] # # @!attribute [rw] privileged_mode # Whether to allow the Docker daemon to run inside a Docker container. # Set to `true` if the build project is used to build Docker images. # @return [Boolean] # # @!attribute [rw] image_pull_credentials_type # The type of credentials CodeBuild uses to pull images in your build. # # Valid values: # # * `CODEBUILD` specifies that CodeBuild uses its own credentials. # This requires that you modify your ECR repository policy to trust # the CodeBuild service principal. # # * `SERVICE_ROLE` specifies that CodeBuild uses your build project's # service role. # # When you use a cross-account or private registry image, you must use # `SERVICE_ROLE` credentials. When you use an CodeBuild curated image, # you must use `CODEBUILD` credentials. # @return [String] # # @!attribute [rw] registry_credential # The credentials for access to a private registry. # @return [Types::AwsCodeBuildProjectEnvironmentRegistryCredential] # # @!attribute [rw] type # The type of build environment to use for related builds. # # The environment type `ARM_CONTAINER` is available only in Regions US # East (N. Virginia), US East (Ohio), US West (Oregon), Europe # (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific # (Sydney), and Europe (Frankfurt). # # The environment type `LINUX_CONTAINER` with compute type # build.general1.2xlarge is available only in Regions US East (N. # Virginia), US East (N. Virginia), US West (Oregon), Canada # (Central), Europe (Ireland), Europe (London), Europe (Frankfurt), # Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific # (Singapore), Asia Pacific (Sydney), China (Beijing), and China # (Ningxia). # # The environment type `LINUX_GPU_CONTAINER` is available only in # Regions US East (N. Virginia), US East (N. Virginia), US West # (Oregon), Canada (Central), Europe (Ireland), Europe (London), # Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia # Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and # China (Ningxia). # # Valid values: `WINDOWS_CONTAINER` \| `LINUX_CONTAINER` \| # `LINUX_GPU_CONTAINER` \| `ARM_CONTAINER` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCodeBuildProjectEnvironment AWS API Documentation # class AwsCodeBuildProjectEnvironment < Struct.new( :certificate, :environment_variables, :privileged_mode, :image_pull_credentials_type, :registry_credential, :type) SENSITIVE = [] include Aws::Structure end # Information about an environment variable that is available to builds # for the build project. # # @note When making an API call, you may pass AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails # data as a hash: # # { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] name # The name of the environment variable. # @return [String] # # @!attribute [rw] type # The type of environment variable. # @return [String] # # @!attribute [rw] value # The value of the environment variable. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails AWS API Documentation # class AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails < Struct.new( :name, :type, :value) SENSITIVE = [] include Aws::Structure end # The credentials for access to a private registry. # # @note When making an API call, you may pass AwsCodeBuildProjectEnvironmentRegistryCredential # data as a hash: # # { # credential: "NonEmptyString", # credential_provider: "NonEmptyString", # } # # @!attribute [rw] credential # The ARN or name of credentials created using Secrets Manager. # # The credential can use the name of the credentials only if they # exist in your current Amazon Web Services Region. # # # @return [String] # # @!attribute [rw] credential_provider # The service that created the credentials to access a private Docker # registry. # # The valid value,` SECRETS_MANAGER`, is for Secrets Manager. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCodeBuildProjectEnvironmentRegistryCredential AWS API Documentation # class AwsCodeBuildProjectEnvironmentRegistryCredential < Struct.new( :credential, :credential_provider) SENSITIVE = [] include Aws::Structure end # Information about CloudWatch Logs for the build project. # # @note When making an API call, you may pass AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails # data as a hash: # # { # group_name: "NonEmptyString", # status: "NonEmptyString", # stream_name: "NonEmptyString", # } # # @!attribute [rw] group_name # The group name of the logs in CloudWatch Logs. # @return [String] # # @!attribute [rw] status # The current status of the logs in CloudWatch Logs for a build # project. # @return [String] # # @!attribute [rw] stream_name # The prefix of the stream name of the CloudWatch Logs. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails AWS API Documentation # class AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails < Struct.new( :group_name, :status, :stream_name) SENSITIVE = [] include Aws::Structure end # Information about logs for the build project. # # @note When making an API call, you may pass AwsCodeBuildProjectLogsConfigDetails # data as a hash: # # { # cloud_watch_logs: { # group_name: "NonEmptyString", # status: "NonEmptyString", # stream_name: "NonEmptyString", # }, # s3_logs: { # encryption_disabled: false, # location: "NonEmptyString", # status: "NonEmptyString", # }, # } # # @!attribute [rw] cloud_watch_logs # Information about CloudWatch Logs for the build project. # @return [Types::AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails] # # @!attribute [rw] s3_logs # Information about logs built to an S3 bucket for a build project. # @return [Types::AwsCodeBuildProjectLogsConfigS3LogsDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCodeBuildProjectLogsConfigDetails AWS API Documentation # class AwsCodeBuildProjectLogsConfigDetails < Struct.new( :cloud_watch_logs, :s3_logs) SENSITIVE = [] include Aws::Structure end # Information about logs built to an S3 bucket for a build project. # # @note When making an API call, you may pass AwsCodeBuildProjectLogsConfigS3LogsDetails # data as a hash: # # { # encryption_disabled: false, # location: "NonEmptyString", # status: "NonEmptyString", # } # # @!attribute [rw] encryption_disabled # Whether to disable encryption of the S3 build log output. # @return [Boolean] # # @!attribute [rw] location # The ARN of the S3 bucket and the path prefix for S3 logs. # @return [String] # # @!attribute [rw] status # The current status of the S3 build logs. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCodeBuildProjectLogsConfigS3LogsDetails AWS API Documentation # class AwsCodeBuildProjectLogsConfigS3LogsDetails < Struct.new( :encryption_disabled, :location, :status) SENSITIVE = [] include Aws::Structure end # Information about the build input source code for this build project. # # @note When making an API call, you may pass AwsCodeBuildProjectSource # data as a hash: # # { # type: "NonEmptyString", # location: "NonEmptyString", # git_clone_depth: 1, # insecure_ssl: false, # } # # @!attribute [rw] type # The type of repository that contains the source code to be built. # Valid values are: # # * `BITBUCKET` - The source code is in a Bitbucket repository. # # * `CODECOMMIT` - The source code is in an CodeCommit repository. # # * `CODEPIPELINE` - The source code settings are specified in the # source action of a pipeline in CodePipeline. # # * `GITHUB` - The source code is in a GitHub repository. # # * `GITHUB_ENTERPRISE` - The source code is in a GitHub Enterprise # repository. # # * `NO_SOURCE` - The project does not have input source code. # # * `S3` - The source code is in an S3 input bucket. # @return [String] # # @!attribute [rw] location # Information about the location of the source code to be built. # # Valid values include: # # * For source code settings that are specified in the source action # of a pipeline in CodePipeline, location should not be specified. # If it is specified, CodePipeline ignores it. This is because # CodePipeline uses the settings in a pipeline's source action # instead of this value. # # * For source code in an CodeCommit repository, the HTTPS clone URL # to the repository that contains the source code and the build spec # file (for example, # `https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name` # ). # # * For source code in an S3 input bucket, one of the following. # # * The path to the ZIP file that contains the source code (for # example, `bucket-name/path/to/object-name.zip`). # # * The path to the folder that contains the source code (for # example, `bucket-name/path/to/source-code/folder/`). # # * For source code in a GitHub repository, the HTTPS clone URL to the # repository that contains the source and the build spec file. # # * For source code in a Bitbucket repository, the HTTPS clone URL to # the repository that contains the source and the build spec file. # @return [String] # # @!attribute [rw] git_clone_depth # Information about the Git clone depth for the build project. # @return [Integer] # # @!attribute [rw] insecure_ssl # Whether to ignore SSL warnings while connecting to the project # source code. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCodeBuildProjectSource AWS API Documentation # class AwsCodeBuildProjectSource < Struct.new( :type, :location, :git_clone_depth, :insecure_ssl) SENSITIVE = [] include Aws::Structure end # Information about the VPC configuration that CodeBuild accesses. # # @note When making an API call, you may pass AwsCodeBuildProjectVpcConfig # data as a hash: # # { # vpc_id: "NonEmptyString", # subnets: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # } # # @!attribute [rw] vpc_id # The ID of the VPC. # @return [String] # # @!attribute [rw] subnets # A list of one or more subnet IDs in your VPC. # @return [Array] # # @!attribute [rw] security_group_ids # A list of one or more security group IDs in your VPC. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCodeBuildProjectVpcConfig AWS API Documentation # class AwsCodeBuildProjectVpcConfig < Struct.new( :vpc_id, :subnets, :security_group_ids) SENSITIVE = [] include Aws::Structure end # Contains the cross-origin resource sharing (CORS) configuration for # the API. CORS is only supported for HTTP APIs. # # @note When making an API call, you may pass AwsCorsConfiguration # data as a hash: # # { # allow_origins: ["NonEmptyString"], # allow_credentials: false, # expose_headers: ["NonEmptyString"], # max_age: 1, # allow_methods: ["NonEmptyString"], # allow_headers: ["NonEmptyString"], # } # # @!attribute [rw] allow_origins # The allowed origins for CORS requests. # @return [Array] # # @!attribute [rw] allow_credentials # Indicates whether the CORS request includes credentials. # @return [Boolean] # # @!attribute [rw] expose_headers # The exposed headers for CORS requests. # @return [Array] # # @!attribute [rw] max_age # The number of seconds for which the browser caches preflight request # results. # @return [Integer] # # @!attribute [rw] allow_methods # The allowed methods for CORS requests. # @return [Array] # # @!attribute [rw] allow_headers # The allowed headers for CORS requests. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsCorsConfiguration AWS API Documentation # class AwsCorsConfiguration < Struct.new( :allow_origins, :allow_credentials, :expose_headers, :max_age, :allow_methods, :allow_headers) SENSITIVE = [] include Aws::Structure end # Contains a definition of an attribute for the table. # # @note When making an API call, you may pass AwsDynamoDbTableAttributeDefinition # data as a hash: # # { # attribute_name: "NonEmptyString", # attribute_type: "NonEmptyString", # } # # @!attribute [rw] attribute_name # The name of the attribute. # @return [String] # # @!attribute [rw] attribute_type # The type of the attribute. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableAttributeDefinition AWS API Documentation # class AwsDynamoDbTableAttributeDefinition < Struct.new( :attribute_name, :attribute_type) SENSITIVE = [] include Aws::Structure end # Provides information about the billing for read/write capacity on the # table. # # @note When making an API call, you may pass AwsDynamoDbTableBillingModeSummary # data as a hash: # # { # billing_mode: "NonEmptyString", # last_update_to_pay_per_request_date_time: "NonEmptyString", # } # # @!attribute [rw] billing_mode # The method used to charge for read and write throughput and to # manage capacity. # @return [String] # # @!attribute [rw] last_update_to_pay_per_request_date_time # If the billing mode is `PAY_PER_REQUEST`, indicates when the billing # mode was set to that value. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableBillingModeSummary AWS API Documentation # class AwsDynamoDbTableBillingModeSummary < Struct.new( :billing_mode, :last_update_to_pay_per_request_date_time) SENSITIVE = [] include Aws::Structure end # Provides details about a DynamoDB table. # # @note When making an API call, you may pass AwsDynamoDbTableDetails # data as a hash: # # { # attribute_definitions: [ # { # attribute_name: "NonEmptyString", # attribute_type: "NonEmptyString", # }, # ], # billing_mode_summary: { # billing_mode: "NonEmptyString", # last_update_to_pay_per_request_date_time: "NonEmptyString", # }, # creation_date_time: "NonEmptyString", # global_secondary_indexes: [ # { # backfilling: false, # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # index_size_bytes: 1, # index_status: "NonEmptyString", # item_count: 1, # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # provisioned_throughput: { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # }, # }, # ], # global_table_version: "NonEmptyString", # item_count: 1, # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # latest_stream_arn: "NonEmptyString", # latest_stream_label: "NonEmptyString", # local_secondary_indexes: [ # { # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # }, # ], # provisioned_throughput: { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # }, # replicas: [ # { # global_secondary_indexes: [ # { # index_name: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # }, # ], # kms_master_key_id: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # region_name: "NonEmptyString", # replica_status: "NonEmptyString", # replica_status_description: "NonEmptyString", # }, # ], # restore_summary: { # source_backup_arn: "NonEmptyString", # source_table_arn: "NonEmptyString", # restore_date_time: "NonEmptyString", # restore_in_progress: false, # }, # sse_description: { # inaccessible_encryption_date_time: "NonEmptyString", # status: "NonEmptyString", # sse_type: "NonEmptyString", # kms_master_key_arn: "NonEmptyString", # }, # stream_specification: { # stream_enabled: false, # stream_view_type: "NonEmptyString", # }, # table_id: "NonEmptyString", # table_name: "NonEmptyString", # table_size_bytes: 1, # table_status: "NonEmptyString", # } # # @!attribute [rw] attribute_definitions # A list of attribute definitions for the table. # @return [Array] # # @!attribute [rw] billing_mode_summary # Information about the billing for read/write capacity on the table. # @return [Types::AwsDynamoDbTableBillingModeSummary] # # @!attribute [rw] creation_date_time # Indicates when the table was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] global_secondary_indexes # List of global secondary indexes for the table. # @return [Array] # # @!attribute [rw] global_table_version # The version of global tables being used. # @return [String] # # @!attribute [rw] item_count # The number of items in the table. # @return [Integer] # # @!attribute [rw] key_schema # The primary key structure for the table. # @return [Array] # # @!attribute [rw] latest_stream_arn # The ARN of the latest stream for the table. # @return [String] # # @!attribute [rw] latest_stream_label # The label of the latest stream. The label is not a unique # identifier. # @return [String] # # @!attribute [rw] local_secondary_indexes # The list of local secondary indexes for the table. # @return [Array] # # @!attribute [rw] provisioned_throughput # Information about the provisioned throughput for the table. # @return [Types::AwsDynamoDbTableProvisionedThroughput] # # @!attribute [rw] replicas # The list of replicas of this table. # @return [Array] # # @!attribute [rw] restore_summary # Information about the restore for the table. # @return [Types::AwsDynamoDbTableRestoreSummary] # # @!attribute [rw] sse_description # Information about the server-side encryption for the table. # @return [Types::AwsDynamoDbTableSseDescription] # # @!attribute [rw] stream_specification # The current DynamoDB Streams configuration for the table. # @return [Types::AwsDynamoDbTableStreamSpecification] # # @!attribute [rw] table_id # The identifier of the table. # @return [String] # # @!attribute [rw] table_name # The name of the table. # @return [String] # # @!attribute [rw] table_size_bytes # The total size of the table in bytes. # @return [Integer] # # @!attribute [rw] table_status # The current status of the table. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableDetails AWS API Documentation # class AwsDynamoDbTableDetails < Struct.new( :attribute_definitions, :billing_mode_summary, :creation_date_time, :global_secondary_indexes, :global_table_version, :item_count, :key_schema, :latest_stream_arn, :latest_stream_label, :local_secondary_indexes, :provisioned_throughput, :replicas, :restore_summary, :sse_description, :stream_specification, :table_id, :table_name, :table_size_bytes, :table_status) SENSITIVE = [] include Aws::Structure end # Information abut a global secondary index for the table. # # @note When making an API call, you may pass AwsDynamoDbTableGlobalSecondaryIndex # data as a hash: # # { # backfilling: false, # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # index_size_bytes: 1, # index_status: "NonEmptyString", # item_count: 1, # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # provisioned_throughput: { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # }, # } # # @!attribute [rw] backfilling # Whether the index is currently backfilling. # @return [Boolean] # # @!attribute [rw] index_arn # The ARN of the index. # @return [String] # # @!attribute [rw] index_name # The name of the index. # @return [String] # # @!attribute [rw] index_size_bytes # The total size in bytes of the index. # @return [Integer] # # @!attribute [rw] index_status # The current status of the index. # @return [String] # # @!attribute [rw] item_count # The number of items in the index. # @return [Integer] # # @!attribute [rw] key_schema # The key schema for the index. # @return [Array] # # @!attribute [rw] projection # Attributes that are copied from the table into an index. # @return [Types::AwsDynamoDbTableProjection] # # @!attribute [rw] provisioned_throughput # Information about the provisioned throughput settings for the # indexes. # @return [Types::AwsDynamoDbTableProvisionedThroughput] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableGlobalSecondaryIndex AWS API Documentation # class AwsDynamoDbTableGlobalSecondaryIndex < Struct.new( :backfilling, :index_arn, :index_name, :index_size_bytes, :index_status, :item_count, :key_schema, :projection, :provisioned_throughput) SENSITIVE = [] include Aws::Structure end # A component of the key schema for the DynamoDB table, a global # secondary index, or a local secondary index. # # @note When making an API call, you may pass AwsDynamoDbTableKeySchema # data as a hash: # # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # } # # @!attribute [rw] attribute_name # The name of the key schema attribute. # @return [String] # # @!attribute [rw] key_type # The type of key used for the key schema attribute. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableKeySchema AWS API Documentation # class AwsDynamoDbTableKeySchema < Struct.new( :attribute_name, :key_type) SENSITIVE = [] include Aws::Structure end # Information about a local secondary index for a DynamoDB table. # # @note When making an API call, you may pass AwsDynamoDbTableLocalSecondaryIndex # data as a hash: # # { # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # } # # @!attribute [rw] index_arn # The ARN of the index. # @return [String] # # @!attribute [rw] index_name # The name of the index. # @return [String] # # @!attribute [rw] key_schema # The complete key schema for the index. # @return [Array] # # @!attribute [rw] projection # Attributes that are copied from the table into the index. These are # in addition to the primary key attributes and index key attributes, # which are automatically projected. # @return [Types::AwsDynamoDbTableProjection] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableLocalSecondaryIndex AWS API Documentation # class AwsDynamoDbTableLocalSecondaryIndex < Struct.new( :index_arn, :index_name, :key_schema, :projection) SENSITIVE = [] include Aws::Structure end # For global and local secondary indexes, identifies the attributes that # are copied from the table into the index. # # @note When making an API call, you may pass AwsDynamoDbTableProjection # data as a hash: # # { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # } # # @!attribute [rw] non_key_attributes # The nonkey attributes that are projected into the index. For each # attribute, provide the attribute name. # @return [Array] # # @!attribute [rw] projection_type # The types of attributes that are projected into the index. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableProjection AWS API Documentation # class AwsDynamoDbTableProjection < Struct.new( :non_key_attributes, :projection_type) SENSITIVE = [] include Aws::Structure end # Information about the provisioned throughput for the table or for a # global secondary index. # # @note When making an API call, you may pass AwsDynamoDbTableProvisionedThroughput # data as a hash: # # { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # } # # @!attribute [rw] last_decrease_date_time # Indicates when the provisioned throughput was last decreased. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] last_increase_date_time # Indicates when the provisioned throughput was last increased. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] number_of_decreases_today # The number of times during the current UTC calendar day that the # provisioned throughput was decreased. # @return [Integer] # # @!attribute [rw] read_capacity_units # The maximum number of strongly consistent reads consumed per second # before DynamoDB returns a `ThrottlingException`. # @return [Integer] # # @!attribute [rw] write_capacity_units # The maximum number of writes consumed per second before DynamoDB # returns a `ThrottlingException`. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableProvisionedThroughput AWS API Documentation # class AwsDynamoDbTableProvisionedThroughput < Struct.new( :last_decrease_date_time, :last_increase_date_time, :number_of_decreases_today, :read_capacity_units, :write_capacity_units) SENSITIVE = [] include Aws::Structure end # Replica-specific configuration for the provisioned throughput. # # @note When making an API call, you may pass AwsDynamoDbTableProvisionedThroughputOverride # data as a hash: # # { # read_capacity_units: 1, # } # # @!attribute [rw] read_capacity_units # The read capacity units for the replica. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableProvisionedThroughputOverride AWS API Documentation # class AwsDynamoDbTableProvisionedThroughputOverride < Struct.new( :read_capacity_units) SENSITIVE = [] include Aws::Structure end # Information about a replica of a DynamoDB table. # # @note When making an API call, you may pass AwsDynamoDbTableReplica # data as a hash: # # { # global_secondary_indexes: [ # { # index_name: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # }, # ], # kms_master_key_id: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # region_name: "NonEmptyString", # replica_status: "NonEmptyString", # replica_status_description: "NonEmptyString", # } # # @!attribute [rw] global_secondary_indexes # List of global secondary indexes for the replica. # @return [Array] # # @!attribute [rw] kms_master_key_id # The identifier of the KMS key that will be used for KMS encryption # for the replica. # @return [String] # # @!attribute [rw] provisioned_throughput_override # Replica-specific configuration for the provisioned throughput. # @return [Types::AwsDynamoDbTableProvisionedThroughputOverride] # # @!attribute [rw] region_name # The name of the Region where the replica is located. # @return [String] # # @!attribute [rw] replica_status # The current status of the replica. # @return [String] # # @!attribute [rw] replica_status_description # Detailed information about the replica status. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableReplica AWS API Documentation # class AwsDynamoDbTableReplica < Struct.new( :global_secondary_indexes, :kms_master_key_id, :provisioned_throughput_override, :region_name, :replica_status, :replica_status_description) SENSITIVE = [] include Aws::Structure end # Information about a global secondary index for a DynamoDB table # replica. # # @note When making an API call, you may pass AwsDynamoDbTableReplicaGlobalSecondaryIndex # data as a hash: # # { # index_name: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # } # # @!attribute [rw] index_name # The name of the index. # @return [String] # # @!attribute [rw] provisioned_throughput_override # Replica-specific configuration for the provisioned throughput for # the index. # @return [Types::AwsDynamoDbTableProvisionedThroughputOverride] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableReplicaGlobalSecondaryIndex AWS API Documentation # class AwsDynamoDbTableReplicaGlobalSecondaryIndex < Struct.new( :index_name, :provisioned_throughput_override) SENSITIVE = [] include Aws::Structure end # Information about the restore for the table. # # @note When making an API call, you may pass AwsDynamoDbTableRestoreSummary # data as a hash: # # { # source_backup_arn: "NonEmptyString", # source_table_arn: "NonEmptyString", # restore_date_time: "NonEmptyString", # restore_in_progress: false, # } # # @!attribute [rw] source_backup_arn # The ARN of the source backup from which the table was restored. # @return [String] # # @!attribute [rw] source_table_arn # The ARN of the source table for the backup. # @return [String] # # @!attribute [rw] restore_date_time # Indicates the point in time that the table was restored to. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] restore_in_progress # Whether a restore is currently in progress. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableRestoreSummary AWS API Documentation # class AwsDynamoDbTableRestoreSummary < Struct.new( :source_backup_arn, :source_table_arn, :restore_date_time, :restore_in_progress) SENSITIVE = [] include Aws::Structure end # Information about the server-side encryption for the table. # # @note When making an API call, you may pass AwsDynamoDbTableSseDescription # data as a hash: # # { # inaccessible_encryption_date_time: "NonEmptyString", # status: "NonEmptyString", # sse_type: "NonEmptyString", # kms_master_key_arn: "NonEmptyString", # } # # @!attribute [rw] inaccessible_encryption_date_time # If the key is inaccessible, the date and time when DynamoDB detected # that the key was inaccessible. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] status # The status of the server-side encryption. # @return [String] # # @!attribute [rw] sse_type # The type of server-side encryption. # @return [String] # # @!attribute [rw] kms_master_key_arn # The ARN of the KMS key that is used for the KMS encryption. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableSseDescription AWS API Documentation # class AwsDynamoDbTableSseDescription < Struct.new( :inaccessible_encryption_date_time, :status, :sse_type, :kms_master_key_arn) SENSITIVE = [] include Aws::Structure end # The current DynamoDB Streams configuration for the table. # # @note When making an API call, you may pass AwsDynamoDbTableStreamSpecification # data as a hash: # # { # stream_enabled: false, # stream_view_type: "NonEmptyString", # } # # @!attribute [rw] stream_enabled # Indicates whether DynamoDB Streams is enabled on the table. # @return [Boolean] # # @!attribute [rw] stream_view_type # Determines the information that is written to the table. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsDynamoDbTableStreamSpecification AWS API Documentation # class AwsDynamoDbTableStreamSpecification < Struct.new( :stream_enabled, :stream_view_type) SENSITIVE = [] include Aws::Structure end # Information about an Elastic IP address. # # @note When making an API call, you may pass AwsEc2EipDetails # data as a hash: # # { # instance_id: "NonEmptyString", # public_ip: "NonEmptyString", # allocation_id: "NonEmptyString", # association_id: "NonEmptyString", # domain: "NonEmptyString", # public_ipv_4_pool: "NonEmptyString", # network_border_group: "NonEmptyString", # network_interface_id: "NonEmptyString", # network_interface_owner_id: "NonEmptyString", # private_ip_address: "NonEmptyString", # } # # @!attribute [rw] instance_id # The identifier of the EC2 instance. # @return [String] # # @!attribute [rw] public_ip # A public IP address that is associated with the EC2 instance. # @return [String] # # @!attribute [rw] allocation_id # The identifier that Amazon Web Services assigns to represent the # allocation of the Elastic IP address for use with Amazon VPC. # @return [String] # # @!attribute [rw] association_id # The identifier that represents the association of the Elastic IP # address with an EC2 instance. # @return [String] # # @!attribute [rw] domain # The domain in which to allocate the address. # # If the address is for use with EC2 instances in a VPC, then `Domain` # is `vpc`. Otherwise, `Domain` is `standard`. # @return [String] # # @!attribute [rw] public_ipv_4_pool # The identifier of an IP address pool. This parameter allows Amazon # EC2 to select an IP address from the address pool. # @return [String] # # @!attribute [rw] network_border_group # The name of the location from which the Elastic IP address is # advertised. # @return [String] # # @!attribute [rw] network_interface_id # The identifier of the network interface. # @return [String] # # @!attribute [rw] network_interface_owner_id # The Amazon Web Services account ID of the owner of the network # interface. # @return [String] # # @!attribute [rw] private_ip_address # The private IP address that is associated with the Elastic IP # address. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2EipDetails AWS API Documentation # class AwsEc2EipDetails < Struct.new( :instance_id, :public_ip, :allocation_id, :association_id, :domain, :public_ipv_4_pool, :network_border_group, :network_interface_id, :network_interface_owner_id, :private_ip_address) SENSITIVE = [] include Aws::Structure end # The details of an EC2 instance. # # @note When making an API call, you may pass AwsEc2InstanceDetails # data as a hash: # # { # type: "NonEmptyString", # image_id: "NonEmptyString", # ip_v4_addresses: ["NonEmptyString"], # ip_v6_addresses: ["NonEmptyString"], # key_name: "NonEmptyString", # iam_instance_profile_arn: "NonEmptyString", # vpc_id: "NonEmptyString", # subnet_id: "NonEmptyString", # launched_at: "NonEmptyString", # network_interfaces: [ # { # network_interface_id: "NonEmptyString", # }, # ], # } # # @!attribute [rw] type # The instance type of the instance. # @return [String] # # @!attribute [rw] image_id # The Amazon Machine Image (AMI) ID of the instance. # @return [String] # # @!attribute [rw] ip_v4_addresses # The IPv4 addresses associated with the instance. # @return [Array] # # @!attribute [rw] ip_v6_addresses # The IPv6 addresses associated with the instance. # @return [Array] # # @!attribute [rw] key_name # The key name associated with the instance. # @return [String] # # @!attribute [rw] iam_instance_profile_arn # The IAM profile ARN of the instance. # @return [String] # # @!attribute [rw] vpc_id # The identifier of the VPC that the instance was launched in. # @return [String] # # @!attribute [rw] subnet_id # The identifier of the subnet that the instance was launched in. # @return [String] # # @!attribute [rw] launched_at # Indicates when the instance was launched. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] network_interfaces # The identifiers of the network interfaces for the EC2 instance. The # details for each network interface are in a corresponding # `AwsEc2NetworkInterfacesDetails` object. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceDetails AWS API Documentation # class AwsEc2InstanceDetails < Struct.new( :type, :image_id, :ip_v4_addresses, :ip_v6_addresses, :key_name, :iam_instance_profile_arn, :vpc_id, :subnet_id, :launched_at, :network_interfaces) SENSITIVE = [] include Aws::Structure end # Identifies a network interface for the EC2 instance. # # @note When making an API call, you may pass AwsEc2InstanceNetworkInterfacesDetails # data as a hash: # # { # network_interface_id: "NonEmptyString", # } # # @!attribute [rw] network_interface_id # The identifier of the network interface. The details are in a # corresponding `AwsEc2NetworkInterfacesDetails` object. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2InstanceNetworkInterfacesDetails AWS API Documentation # class AwsEc2InstanceNetworkInterfacesDetails < Struct.new( :network_interface_id) SENSITIVE = [] include Aws::Structure end # An association between the network ACL and a subnet. # # @note When making an API call, you may pass AwsEc2NetworkAclAssociation # data as a hash: # # { # network_acl_association_id: "NonEmptyString", # network_acl_id: "NonEmptyString", # subnet_id: "NonEmptyString", # } # # @!attribute [rw] network_acl_association_id # The identifier of the association between the network ACL and the # subnet. # @return [String] # # @!attribute [rw] network_acl_id # The identifier of the network ACL. # @return [String] # # @!attribute [rw] subnet_id # The identifier of the subnet that is associated with the network # ACL. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkAclAssociation AWS API Documentation # class AwsEc2NetworkAclAssociation < Struct.new( :network_acl_association_id, :network_acl_id, :subnet_id) SENSITIVE = [] include Aws::Structure end # Contains details about an EC2 network access control list (ACL). # # @note When making an API call, you may pass AwsEc2NetworkAclDetails # data as a hash: # # { # is_default: false, # network_acl_id: "NonEmptyString", # owner_id: "NonEmptyString", # vpc_id: "NonEmptyString", # associations: [ # { # network_acl_association_id: "NonEmptyString", # network_acl_id: "NonEmptyString", # subnet_id: "NonEmptyString", # }, # ], # entries: [ # { # cidr_block: "NonEmptyString", # egress: false, # icmp_type_code: { # code: 1, # type: 1, # }, # ipv_6_cidr_block: "NonEmptyString", # port_range: { # from: 1, # to: 1, # }, # protocol: "NonEmptyString", # rule_action: "NonEmptyString", # rule_number: 1, # }, # ], # } # # @!attribute [rw] is_default # Whether this is the default network ACL for the VPC. # @return [Boolean] # # @!attribute [rw] network_acl_id # The identifier of the network ACL. # @return [String] # # @!attribute [rw] owner_id # The identifier of the Amazon Web Services account that owns the # network ACL. # @return [String] # # @!attribute [rw] vpc_id # The identifier of the VPC for the network ACL. # @return [String] # # @!attribute [rw] associations # Associations between the network ACL and subnets. # @return [Array] # # @!attribute [rw] entries # The set of rules in the network ACL. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkAclDetails AWS API Documentation # class AwsEc2NetworkAclDetails < Struct.new( :is_default, :network_acl_id, :owner_id, :vpc_id, :associations, :entries) SENSITIVE = [] include Aws::Structure end # A rule for the network ACL. Each rule allows or denies access based on # the IP address, traffic direction, port, and protocol. # # @note When making an API call, you may pass AwsEc2NetworkAclEntry # data as a hash: # # { # cidr_block: "NonEmptyString", # egress: false, # icmp_type_code: { # code: 1, # type: 1, # }, # ipv_6_cidr_block: "NonEmptyString", # port_range: { # from: 1, # to: 1, # }, # protocol: "NonEmptyString", # rule_action: "NonEmptyString", # rule_number: 1, # } # # @!attribute [rw] cidr_block # The IPV4 network range for which to deny or allow access. # @return [String] # # @!attribute [rw] egress # Whether the rule is an egress rule. An egress rule is a rule that # applies to traffic that leaves the subnet. # @return [Boolean] # # @!attribute [rw] icmp_type_code # The Internet Control Message Protocol (ICMP) type and code for which # to deny or allow access. # @return [Types::IcmpTypeCode] # # @!attribute [rw] ipv_6_cidr_block # The IPV6 network range for which to deny or allow access. # @return [String] # # @!attribute [rw] port_range # For TCP or UDP protocols, the range of ports that the rule applies # to. # @return [Types::PortRangeFromTo] # # @!attribute [rw] protocol # The protocol that the rule applies to. To deny or allow access to # all protocols, use the value -1. # @return [String] # # @!attribute [rw] rule_action # Whether the rule is used to allow access or deny access. # @return [String] # # @!attribute [rw] rule_number # The rule number. The rules are processed in order by their number. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkAclEntry AWS API Documentation # class AwsEc2NetworkAclEntry < Struct.new( :cidr_block, :egress, :icmp_type_code, :ipv_6_cidr_block, :port_range, :protocol, :rule_action, :rule_number) SENSITIVE = [] include Aws::Structure end # Information about the network interface attachment. # # @note When making an API call, you may pass AwsEc2NetworkInterfaceAttachment # data as a hash: # # { # attach_time: "NonEmptyString", # attachment_id: "NonEmptyString", # delete_on_termination: false, # device_index: 1, # instance_id: "NonEmptyString", # instance_owner_id: "NonEmptyString", # status: "NonEmptyString", # } # # @!attribute [rw] attach_time # Indicates when the attachment initiated. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] attachment_id # The identifier of the network interface attachment # @return [String] # # @!attribute [rw] delete_on_termination # Indicates whether the network interface is deleted when the instance # is terminated. # @return [Boolean] # # @!attribute [rw] device_index # The device index of the network interface attachment on the # instance. # @return [Integer] # # @!attribute [rw] instance_id # The ID of the instance. # @return [String] # # @!attribute [rw] instance_owner_id # The Amazon Web Services account ID of the owner of the instance. # @return [String] # # @!attribute [rw] status # The attachment state. # # Valid values: `attaching` \| `attached` \| `detaching` \| `detached` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceAttachment AWS API Documentation # class AwsEc2NetworkInterfaceAttachment < Struct.new( :attach_time, :attachment_id, :delete_on_termination, :device_index, :instance_id, :instance_owner_id, :status) SENSITIVE = [] include Aws::Structure end # Details about the network interface # # @note When making an API call, you may pass AwsEc2NetworkInterfaceDetails # data as a hash: # # { # attachment: { # attach_time: "NonEmptyString", # attachment_id: "NonEmptyString", # delete_on_termination: false, # device_index: 1, # instance_id: "NonEmptyString", # instance_owner_id: "NonEmptyString", # status: "NonEmptyString", # }, # network_interface_id: "NonEmptyString", # security_groups: [ # { # group_name: "NonEmptyString", # group_id: "NonEmptyString", # }, # ], # source_dest_check: false, # ip_v6_addresses: [ # { # ip_v6_address: "NonEmptyString", # }, # ], # private_ip_addresses: [ # { # private_ip_address: "NonEmptyString", # private_dns_name: "NonEmptyString", # }, # ], # public_dns_name: "NonEmptyString", # public_ip: "NonEmptyString", # } # # @!attribute [rw] attachment # The network interface attachment. # @return [Types::AwsEc2NetworkInterfaceAttachment] # # @!attribute [rw] network_interface_id # The ID of the network interface. # @return [String] # # @!attribute [rw] security_groups # Security groups for the network interface. # @return [Array] # # @!attribute [rw] source_dest_check # Indicates whether traffic to or from the instance is validated. # @return [Boolean] # # @!attribute [rw] ip_v6_addresses # The IPv6 addresses associated with the network interface. # @return [Array] # # @!attribute [rw] private_ip_addresses # The private IPv4 addresses associated with the network interface. # @return [Array] # # @!attribute [rw] public_dns_name # The public DNS name of the network interface. # @return [String] # # @!attribute [rw] public_ip # The address of the Elastic IP address bound to the network # interface. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceDetails AWS API Documentation # class AwsEc2NetworkInterfaceDetails < Struct.new( :attachment, :network_interface_id, :security_groups, :source_dest_check, :ip_v6_addresses, :private_ip_addresses, :public_dns_name, :public_ip) SENSITIVE = [] include Aws::Structure end # Provides information about an IPV6 address that is associated with the # network interface. # # @note When making an API call, you may pass AwsEc2NetworkInterfaceIpV6AddressDetail # data as a hash: # # { # ip_v6_address: "NonEmptyString", # } # # @!attribute [rw] ip_v6_address # The IPV6 address. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceIpV6AddressDetail AWS API Documentation # class AwsEc2NetworkInterfaceIpV6AddressDetail < Struct.new( :ip_v6_address) SENSITIVE = [] include Aws::Structure end # Provides information about a private IPv4 address that is with the # network interface. # # @note When making an API call, you may pass AwsEc2NetworkInterfacePrivateIpAddressDetail # data as a hash: # # { # private_ip_address: "NonEmptyString", # private_dns_name: "NonEmptyString", # } # # @!attribute [rw] private_ip_address # The IP address. # @return [String] # # @!attribute [rw] private_dns_name # The private DNS name for the IP address. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfacePrivateIpAddressDetail AWS API Documentation # class AwsEc2NetworkInterfacePrivateIpAddressDetail < Struct.new( :private_ip_address, :private_dns_name) SENSITIVE = [] include Aws::Structure end # A security group associated with the network interface. # # @note When making an API call, you may pass AwsEc2NetworkInterfaceSecurityGroup # data as a hash: # # { # group_name: "NonEmptyString", # group_id: "NonEmptyString", # } # # @!attribute [rw] group_name # The name of the security group. # @return [String] # # @!attribute [rw] group_id # The ID of the security group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2NetworkInterfaceSecurityGroup AWS API Documentation # class AwsEc2NetworkInterfaceSecurityGroup < Struct.new( :group_name, :group_id) SENSITIVE = [] include Aws::Structure end # Details about an EC2 security group. # # @note When making an API call, you may pass AwsEc2SecurityGroupDetails # data as a hash: # # { # group_name: "NonEmptyString", # group_id: "NonEmptyString", # owner_id: "NonEmptyString", # vpc_id: "NonEmptyString", # ip_permissions: [ # { # ip_protocol: "NonEmptyString", # from_port: 1, # to_port: 1, # user_id_group_pairs: [ # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # }, # ], # ip_ranges: [ # { # cidr_ip: "NonEmptyString", # }, # ], # ipv_6_ranges: [ # { # cidr_ipv_6: "NonEmptyString", # }, # ], # prefix_list_ids: [ # { # prefix_list_id: "NonEmptyString", # }, # ], # }, # ], # ip_permissions_egress: [ # { # ip_protocol: "NonEmptyString", # from_port: 1, # to_port: 1, # user_id_group_pairs: [ # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # }, # ], # ip_ranges: [ # { # cidr_ip: "NonEmptyString", # }, # ], # ipv_6_ranges: [ # { # cidr_ipv_6: "NonEmptyString", # }, # ], # prefix_list_ids: [ # { # prefix_list_id: "NonEmptyString", # }, # ], # }, # ], # } # # @!attribute [rw] group_name # The name of the security group. # @return [String] # # @!attribute [rw] group_id # The ID of the security group. # @return [String] # # @!attribute [rw] owner_id # The Amazon Web Services account ID of the owner of the security # group. # @return [String] # # @!attribute [rw] vpc_id # \[VPC only\] The ID of the VPC for the security group. # @return [String] # # @!attribute [rw] ip_permissions # The inbound rules associated with the security group. # @return [Array] # # @!attribute [rw] ip_permissions_egress # \[VPC only\] The outbound rules associated with the security group. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupDetails AWS API Documentation # class AwsEc2SecurityGroupDetails < Struct.new( :group_name, :group_id, :owner_id, :vpc_id, :ip_permissions, :ip_permissions_egress) SENSITIVE = [] include Aws::Structure end # An IP permission for an EC2 security group. # # @note When making an API call, you may pass AwsEc2SecurityGroupIpPermission # data as a hash: # # { # ip_protocol: "NonEmptyString", # from_port: 1, # to_port: 1, # user_id_group_pairs: [ # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # }, # ], # ip_ranges: [ # { # cidr_ip: "NonEmptyString", # }, # ], # ipv_6_ranges: [ # { # cidr_ipv_6: "NonEmptyString", # }, # ], # prefix_list_ids: [ # { # prefix_list_id: "NonEmptyString", # }, # ], # } # # @!attribute [rw] ip_protocol # The IP protocol name (`tcp`, `udp`, `icmp`, `icmpv6`) or number. # # \[VPC only\] Use `-1` to specify all protocols. # # When authorizing security group rules, specifying -1 or a protocol # number other than `tcp`, `udp`, `icmp`, or `icmpv6` allows traffic # on all ports, regardless of any port range you specify. # # For `tcp`, `udp`, and `icmp`, you must specify a port range. # # For `icmpv6`, the port range is optional. If you omit the port # range, traffic for all types and codes is allowed. # @return [String] # # @!attribute [rw] from_port # The start of the port range for the TCP and UDP protocols, or an # ICMP/ICMPv6 type number. # # A value of -1 indicates all ICMP/ICMPv6 types. If you specify all # ICMP/ICMPv6 types, you must specify all codes. # @return [Integer] # # @!attribute [rw] to_port # The end of the port range for the TCP and UDP protocols, or an # ICMP/ICMPv6 code. # # A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all # ICMP/ICMPv6 types, you must specify all codes. # @return [Integer] # # @!attribute [rw] user_id_group_pairs # The security group and Amazon Web Services account ID pairs. # @return [Array] # # @!attribute [rw] ip_ranges # The IPv4 ranges. # @return [Array] # # @!attribute [rw] ipv_6_ranges # The IPv6 ranges. # @return [Array] # # @!attribute [rw] prefix_list_ids # \[VPC only\] The prefix list IDs for an Amazon Web Services service. # With outbound rules, this is the Amazon Web Services service to # access through a VPC endpoint from instances associated with the # security group. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpPermission AWS API Documentation # class AwsEc2SecurityGroupIpPermission < Struct.new( :ip_protocol, :from_port, :to_port, :user_id_group_pairs, :ip_ranges, :ipv_6_ranges, :prefix_list_ids) SENSITIVE = [] include Aws::Structure end # A range of IPv4 addresses. # # @note When making an API call, you may pass AwsEc2SecurityGroupIpRange # data as a hash: # # { # cidr_ip: "NonEmptyString", # } # # @!attribute [rw] cidr_ip # The IPv4 CIDR range. You can specify either a CIDR range or a source # security group, but not both. To specify a single IPv4 address, use # the /32 prefix length. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpRange AWS API Documentation # class AwsEc2SecurityGroupIpRange < Struct.new( :cidr_ip) SENSITIVE = [] include Aws::Structure end # A range of IPv6 addresses. # # @note When making an API call, you may pass AwsEc2SecurityGroupIpv6Range # data as a hash: # # { # cidr_ipv_6: "NonEmptyString", # } # # @!attribute [rw] cidr_ipv_6 # The IPv6 CIDR range. You can specify either a CIDR range or a source # security group, but not both. To specify a single IPv6 address, use # the /128 prefix length. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupIpv6Range AWS API Documentation # class AwsEc2SecurityGroupIpv6Range < Struct.new( :cidr_ipv_6) SENSITIVE = [] include Aws::Structure end # A prefix list ID. # # @note When making an API call, you may pass AwsEc2SecurityGroupPrefixListId # data as a hash: # # { # prefix_list_id: "NonEmptyString", # } # # @!attribute [rw] prefix_list_id # The ID of the prefix. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupPrefixListId AWS API Documentation # class AwsEc2SecurityGroupPrefixListId < Struct.new( :prefix_list_id) SENSITIVE = [] include Aws::Structure end # A relationship between a security group and a user. # # @note When making an API call, you may pass AwsEc2SecurityGroupUserIdGroupPair # data as a hash: # # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # } # # @!attribute [rw] group_id # The ID of the security group. # @return [String] # # @!attribute [rw] group_name # The name of the security group. # @return [String] # # @!attribute [rw] peering_status # The status of a VPC peering connection, if applicable. # @return [String] # # @!attribute [rw] user_id # The ID of an Amazon Web Services account. # # For a referenced security group in another VPC, the account ID of # the referenced security group is returned in the response. If the # referenced security group is deleted, this value is not returned. # # \[EC2-Classic\] Required when adding or removing rules that # reference a security group in another VPC. # @return [String] # # @!attribute [rw] vpc_id # The ID of the VPC for the referenced security group, if applicable. # @return [String] # # @!attribute [rw] vpc_peering_connection_id # The ID of the VPC peering connection, if applicable. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SecurityGroupUserIdGroupPair AWS API Documentation # class AwsEc2SecurityGroupUserIdGroupPair < Struct.new( :group_id, :group_name, :peering_status, :user_id, :vpc_id, :vpc_peering_connection_id) SENSITIVE = [] include Aws::Structure end # Contains information about a subnet in Amazon EC2. # # @note When making an API call, you may pass AwsEc2SubnetDetails # data as a hash: # # { # assign_ipv_6_address_on_creation: false, # availability_zone: "NonEmptyString", # availability_zone_id: "NonEmptyString", # available_ip_address_count: 1, # cidr_block: "NonEmptyString", # default_for_az: false, # map_public_ip_on_launch: false, # owner_id: "NonEmptyString", # state: "NonEmptyString", # subnet_arn: "NonEmptyString", # subnet_id: "NonEmptyString", # vpc_id: "NonEmptyString", # ipv_6_cidr_block_association_set: [ # { # association_id: "NonEmptyString", # ipv_6_cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # } # # @!attribute [rw] assign_ipv_6_address_on_creation # Whether to assign an IPV6 address to a network interface that is # created in this subnet. # @return [Boolean] # # @!attribute [rw] availability_zone # The Availability Zone for the subnet. # @return [String] # # @!attribute [rw] availability_zone_id # The identifier of the Availability Zone for the subnet. # @return [String] # # @!attribute [rw] available_ip_address_count # The number of available IPV4 addresses in the subnet. Does not # include addresses for stopped instances. # @return [Integer] # # @!attribute [rw] cidr_block # The IPV4 CIDR block that is assigned to the subnet. # @return [String] # # @!attribute [rw] default_for_az # Whether this subnet is the default subnet for the Availability Zone. # @return [Boolean] # # @!attribute [rw] map_public_ip_on_launch # Whether instances in this subnet receive a public IP address. # @return [Boolean] # # @!attribute [rw] owner_id # The identifier of the Amazon Web Services account that owns the # subnet. # @return [String] # # @!attribute [rw] state # The current state of the subnet. # @return [String] # # @!attribute [rw] subnet_arn # The ARN of the subnet. # @return [String] # # @!attribute [rw] subnet_id # The identifier of the subnet. # @return [String] # # @!attribute [rw] vpc_id # The identifier of the VPC that contains the subnet. # @return [String] # # @!attribute [rw] ipv_6_cidr_block_association_set # The IPV6 CIDR blocks that are associated with the subnet. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2SubnetDetails AWS API Documentation # class AwsEc2SubnetDetails < Struct.new( :assign_ipv_6_address_on_creation, :availability_zone, :availability_zone_id, :available_ip_address_count, :cidr_block, :default_for_az, :map_public_ip_on_launch, :owner_id, :state, :subnet_arn, :subnet_id, :vpc_id, :ipv_6_cidr_block_association_set) SENSITIVE = [] include Aws::Structure end # An attachment to an Amazon EC2 volume. # # @note When making an API call, you may pass AwsEc2VolumeAttachment # data as a hash: # # { # attach_time: "NonEmptyString", # delete_on_termination: false, # instance_id: "NonEmptyString", # status: "NonEmptyString", # } # # @!attribute [rw] attach_time # The datetime when the attachment initiated. # @return [String] # # @!attribute [rw] delete_on_termination # Whether the EBS volume is deleted when the EC2 instance is # terminated. # @return [Boolean] # # @!attribute [rw] instance_id # The identifier of the EC2 instance. # @return [String] # # @!attribute [rw] status # The attachment state of the volume. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VolumeAttachment AWS API Documentation # class AwsEc2VolumeAttachment < Struct.new( :attach_time, :delete_on_termination, :instance_id, :status) SENSITIVE = [] include Aws::Structure end # Details about an EC2 volume. # # @note When making an API call, you may pass AwsEc2VolumeDetails # data as a hash: # # { # create_time: "NonEmptyString", # encrypted: false, # size: 1, # snapshot_id: "NonEmptyString", # status: "NonEmptyString", # kms_key_id: "NonEmptyString", # attachments: [ # { # attach_time: "NonEmptyString", # delete_on_termination: false, # instance_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # } # # @!attribute [rw] create_time # Indicates when the volume was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] encrypted # Whether the volume is encrypted. # @return [Boolean] # # @!attribute [rw] size # The size of the volume, in GiBs. # @return [Integer] # # @!attribute [rw] snapshot_id # The snapshot from which the volume was created. # @return [String] # # @!attribute [rw] status # The volume state. # @return [String] # # @!attribute [rw] kms_key_id # The ARN of the KMS key that was used to protect the volume # encryption key for the volume. # @return [String] # # @!attribute [rw] attachments # The volume attachments. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VolumeDetails AWS API Documentation # class AwsEc2VolumeDetails < Struct.new( :create_time, :encrypted, :size, :snapshot_id, :status, :kms_key_id, :attachments) SENSITIVE = [] include Aws::Structure end # Details about an EC2 VPC. # # @note When making an API call, you may pass AwsEc2VpcDetails # data as a hash: # # { # cidr_block_association_set: [ # { # association_id: "NonEmptyString", # cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # ipv_6_cidr_block_association_set: [ # { # association_id: "NonEmptyString", # ipv_6_cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # dhcp_options_id: "NonEmptyString", # state: "NonEmptyString", # } # # @!attribute [rw] cidr_block_association_set # Information about the IPv4 CIDR blocks associated with the VPC. # @return [Array] # # @!attribute [rw] ipv_6_cidr_block_association_set # Information about the IPv6 CIDR blocks associated with the VPC. # @return [Array] # # @!attribute [rw] dhcp_options_id # The identifier of the set of Dynamic Host Configuration Protocol # (DHCP) options that are associated with the VPC. If the default # options are associated with the VPC, then this is default. # @return [String] # # @!attribute [rw] state # The current state of the VPC. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpcDetails AWS API Documentation # class AwsEc2VpcDetails < Struct.new( :cidr_block_association_set, :ipv_6_cidr_block_association_set, :dhcp_options_id, :state) SENSITIVE = [] include Aws::Structure end # Contains details about the service configuration for a VPC endpoint # service. # # @note When making an API call, you may pass AwsEc2VpcEndpointServiceDetails # data as a hash: # # { # acceptance_required: false, # availability_zones: ["NonEmptyString"], # base_endpoint_dns_names: ["NonEmptyString"], # manages_vpc_endpoints: false, # gateway_load_balancer_arns: ["NonEmptyString"], # network_load_balancer_arns: ["NonEmptyString"], # private_dns_name: "NonEmptyString", # service_id: "NonEmptyString", # service_name: "NonEmptyString", # service_state: "NonEmptyString", # service_type: [ # { # service_type: "NonEmptyString", # }, # ], # } # # @!attribute [rw] acceptance_required # Whether requests from other Amazon Web Services accounts to create # an endpoint to the service must first be accepted. # @return [Boolean] # # @!attribute [rw] availability_zones # The Availability Zones where the service is available. # @return [Array] # # @!attribute [rw] base_endpoint_dns_names # The DNS names for the service. # @return [Array] # # @!attribute [rw] manages_vpc_endpoints # Whether the service manages its VPC endpoints. # @return [Boolean] # # @!attribute [rw] gateway_load_balancer_arns # The ARNs of the Gateway Load Balancers for the service. # @return [Array] # # @!attribute [rw] network_load_balancer_arns # The ARNs of the Network Load Balancers for the service. # @return [Array] # # @!attribute [rw] private_dns_name # The private DNS name for the service. # @return [String] # # @!attribute [rw] service_id # The identifier of the service. # @return [String] # # @!attribute [rw] service_name # The name of the service. # @return [String] # # @!attribute [rw] service_state # The current state of the service. # @return [String] # # @!attribute [rw] service_type # The types for the service. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpcEndpointServiceDetails AWS API Documentation # class AwsEc2VpcEndpointServiceDetails < Struct.new( :acceptance_required, :availability_zones, :base_endpoint_dns_names, :manages_vpc_endpoints, :gateway_load_balancer_arns, :network_load_balancer_arns, :private_dns_name, :service_id, :service_name, :service_state, :service_type) SENSITIVE = [] include Aws::Structure end # The service type information for a VPC endpoint service. # # @note When making an API call, you may pass AwsEc2VpcEndpointServiceServiceTypeDetails # data as a hash: # # { # service_type: "NonEmptyString", # } # # @!attribute [rw] service_type # The type of service. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpcEndpointServiceServiceTypeDetails AWS API Documentation # class AwsEc2VpcEndpointServiceServiceTypeDetails < Struct.new( :service_type) SENSITIVE = [] include Aws::Structure end # Details about an Amazon EC2 VPN connection. # # @note When making an API call, you may pass AwsEc2VpnConnectionDetails # data as a hash: # # { # vpn_connection_id: "NonEmptyString", # state: "NonEmptyString", # customer_gateway_id: "NonEmptyString", # customer_gateway_configuration: "NonEmptyString", # type: "NonEmptyString", # vpn_gateway_id: "NonEmptyString", # category: "NonEmptyString", # vgw_telemetry: [ # { # accepted_route_count: 1, # certificate_arn: "NonEmptyString", # last_status_change: "NonEmptyString", # outside_ip_address: "NonEmptyString", # status: "NonEmptyString", # status_message: "NonEmptyString", # }, # ], # options: { # static_routes_only: false, # tunnel_options: [ # { # dpd_timeout_seconds: 1, # ike_versions: ["NonEmptyString"], # outside_ip_address: "NonEmptyString", # phase_1_dh_group_numbers: [1], # phase_1_encryption_algorithms: ["NonEmptyString"], # phase_1_integrity_algorithms: ["NonEmptyString"], # phase_1_lifetime_seconds: 1, # phase_2_dh_group_numbers: [1], # phase_2_encryption_algorithms: ["NonEmptyString"], # phase_2_integrity_algorithms: ["NonEmptyString"], # phase_2_lifetime_seconds: 1, # pre_shared_key: "NonEmptyString", # rekey_fuzz_percentage: 1, # rekey_margin_time_seconds: 1, # replay_window_size: 1, # tunnel_inside_cidr: "NonEmptyString", # }, # ], # }, # routes: [ # { # destination_cidr_block: "NonEmptyString", # state: "NonEmptyString", # }, # ], # transit_gateway_id: "NonEmptyString", # } # # @!attribute [rw] vpn_connection_id # The identifier of the VPN connection. # @return [String] # # @!attribute [rw] state # The current state of the VPN connection. # @return [String] # # @!attribute [rw] customer_gateway_id # The identifier of the customer gateway that is at your end of the # VPN connection. # @return [String] # # @!attribute [rw] customer_gateway_configuration # The configuration information for the VPN connection's customer # gateway, in the native XML format. # @return [String] # # @!attribute [rw] type # The type of VPN connection. # @return [String] # # @!attribute [rw] vpn_gateway_id # The identifier of the virtual private gateway that is at the Amazon # Web Services side of the VPN connection. # @return [String] # # @!attribute [rw] category # The category of the VPN connection. `VPN` indicates an Amazon Web # Services VPN connection. `VPN-Classic` indicates an Amazon Web # Services Classic VPN connection. # @return [String] # # @!attribute [rw] vgw_telemetry # Information about the VPN tunnel. # @return [Array] # # @!attribute [rw] options # The VPN connection options. # @return [Types::AwsEc2VpnConnectionOptionsDetails] # # @!attribute [rw] routes # The static routes that are associated with the VPN connection. # @return [Array] # # @!attribute [rw] transit_gateway_id # The identifier of the transit gateway that is associated with the # VPN connection. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpnConnectionDetails AWS API Documentation # class AwsEc2VpnConnectionDetails < Struct.new( :vpn_connection_id, :state, :customer_gateway_id, :customer_gateway_configuration, :type, :vpn_gateway_id, :category, :vgw_telemetry, :options, :routes, :transit_gateway_id) SENSITIVE = [] include Aws::Structure end # VPN connection options. # # @note When making an API call, you may pass AwsEc2VpnConnectionOptionsDetails # data as a hash: # # { # static_routes_only: false, # tunnel_options: [ # { # dpd_timeout_seconds: 1, # ike_versions: ["NonEmptyString"], # outside_ip_address: "NonEmptyString", # phase_1_dh_group_numbers: [1], # phase_1_encryption_algorithms: ["NonEmptyString"], # phase_1_integrity_algorithms: ["NonEmptyString"], # phase_1_lifetime_seconds: 1, # phase_2_dh_group_numbers: [1], # phase_2_encryption_algorithms: ["NonEmptyString"], # phase_2_integrity_algorithms: ["NonEmptyString"], # phase_2_lifetime_seconds: 1, # pre_shared_key: "NonEmptyString", # rekey_fuzz_percentage: 1, # rekey_margin_time_seconds: 1, # replay_window_size: 1, # tunnel_inside_cidr: "NonEmptyString", # }, # ], # } # # @!attribute [rw] static_routes_only # Whether the VPN connection uses static routes only. # @return [Boolean] # # @!attribute [rw] tunnel_options # The VPN tunnel options. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpnConnectionOptionsDetails AWS API Documentation # class AwsEc2VpnConnectionOptionsDetails < Struct.new( :static_routes_only, :tunnel_options) SENSITIVE = [] include Aws::Structure end # The VPN tunnel options. # # @note When making an API call, you may pass AwsEc2VpnConnectionOptionsTunnelOptionsDetails # data as a hash: # # { # dpd_timeout_seconds: 1, # ike_versions: ["NonEmptyString"], # outside_ip_address: "NonEmptyString", # phase_1_dh_group_numbers: [1], # phase_1_encryption_algorithms: ["NonEmptyString"], # phase_1_integrity_algorithms: ["NonEmptyString"], # phase_1_lifetime_seconds: 1, # phase_2_dh_group_numbers: [1], # phase_2_encryption_algorithms: ["NonEmptyString"], # phase_2_integrity_algorithms: ["NonEmptyString"], # phase_2_lifetime_seconds: 1, # pre_shared_key: "NonEmptyString", # rekey_fuzz_percentage: 1, # rekey_margin_time_seconds: 1, # replay_window_size: 1, # tunnel_inside_cidr: "NonEmptyString", # } # # @!attribute [rw] dpd_timeout_seconds # The number of seconds after which a Dead Peer Detection (DPD) # timeout occurs. # @return [Integer] # # @!attribute [rw] ike_versions # The Internet Key Exchange (IKE) versions that are permitted for the # VPN tunnel. # @return [Array] # # @!attribute [rw] outside_ip_address # The external IP address of the VPN tunnel. # @return [String] # # @!attribute [rw] phase_1_dh_group_numbers # The permitted Diffie-Hellman group numbers for the VPN tunnel for # phase 1 IKE negotiations. # @return [Array] # # @!attribute [rw] phase_1_encryption_algorithms # The permitted encryption algorithms for the VPN tunnel for phase 1 # IKE negotiations. # @return [Array] # # @!attribute [rw] phase_1_integrity_algorithms # The permitted integrity algorithms for the VPN tunnel for phase 1 # IKE negotiations. # @return [Array] # # @!attribute [rw] phase_1_lifetime_seconds # The lifetime for phase 1 of the IKE negotiation, in seconds. # @return [Integer] # # @!attribute [rw] phase_2_dh_group_numbers # The permitted Diffie-Hellman group numbers for the VPN tunnel for # phase 2 IKE negotiations. # @return [Array] # # @!attribute [rw] phase_2_encryption_algorithms # The permitted encryption algorithms for the VPN tunnel for phase 2 # IKE negotiations. # @return [Array] # # @!attribute [rw] phase_2_integrity_algorithms # The permitted integrity algorithms for the VPN tunnel for phase 2 # IKE negotiations. # @return [Array] # # @!attribute [rw] phase_2_lifetime_seconds # The lifetime for phase 2 of the IKE negotiation, in seconds. # @return [Integer] # # @!attribute [rw] pre_shared_key # The preshared key to establish initial authentication between the # virtual private gateway and the customer gateway. # @return [String] # # @!attribute [rw] rekey_fuzz_percentage # The percentage of the rekey window, which is determined by # `RekeyMarginTimeSeconds` during which the rekey time is randomly # selected. # @return [Integer] # # @!attribute [rw] rekey_margin_time_seconds # The margin time, in seconds, before the phase 2 lifetime expires, # during which the Amazon Web Services side of the VPN connection # performs an IKE rekey. # @return [Integer] # # @!attribute [rw] replay_window_size # The number of packets in an IKE replay window. # @return [Integer] # # @!attribute [rw] tunnel_inside_cidr # The range of inside IPv4 addresses for the tunnel. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpnConnectionOptionsTunnelOptionsDetails AWS API Documentation # class AwsEc2VpnConnectionOptionsTunnelOptionsDetails < Struct.new( :dpd_timeout_seconds, :ike_versions, :outside_ip_address, :phase_1_dh_group_numbers, :phase_1_encryption_algorithms, :phase_1_integrity_algorithms, :phase_1_lifetime_seconds, :phase_2_dh_group_numbers, :phase_2_encryption_algorithms, :phase_2_integrity_algorithms, :phase_2_lifetime_seconds, :pre_shared_key, :rekey_fuzz_percentage, :rekey_margin_time_seconds, :replay_window_size, :tunnel_inside_cidr) SENSITIVE = [] include Aws::Structure end # A static routes associated with the VPN connection. # # @note When making an API call, you may pass AwsEc2VpnConnectionRoutesDetails # data as a hash: # # { # destination_cidr_block: "NonEmptyString", # state: "NonEmptyString", # } # # @!attribute [rw] destination_cidr_block # The CIDR block associated with the local subnet of the customer data # center. # @return [String] # # @!attribute [rw] state # The current state of the static route. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpnConnectionRoutesDetails AWS API Documentation # class AwsEc2VpnConnectionRoutesDetails < Struct.new( :destination_cidr_block, :state) SENSITIVE = [] include Aws::Structure end # Information about the VPN tunnel. # # @note When making an API call, you may pass AwsEc2VpnConnectionVgwTelemetryDetails # data as a hash: # # { # accepted_route_count: 1, # certificate_arn: "NonEmptyString", # last_status_change: "NonEmptyString", # outside_ip_address: "NonEmptyString", # status: "NonEmptyString", # status_message: "NonEmptyString", # } # # @!attribute [rw] accepted_route_count # The number of accepted routes. # @return [Integer] # # @!attribute [rw] certificate_arn # The ARN of the VPN tunnel endpoint certificate. # @return [String] # # @!attribute [rw] last_status_change # The date and time of the last change in status. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] outside_ip_address # The Internet-routable IP address of the virtual private gateway's # outside interface. # @return [String] # # @!attribute [rw] status # The status of the VPN tunnel. # @return [String] # # @!attribute [rw] status_message # If an error occurs, a description of the error. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEc2VpnConnectionVgwTelemetryDetails AWS API Documentation # class AwsEc2VpnConnectionVgwTelemetryDetails < Struct.new( :accepted_route_count, :certificate_arn, :last_status_change, :outside_ip_address, :status, :status_message) SENSITIVE = [] include Aws::Structure end # Information about an Amazon ECR image. # # @note When making an API call, you may pass AwsEcrContainerImageDetails # data as a hash: # # { # registry_id: "NonEmptyString", # repository_name: "NonEmptyString", # architecture: "NonEmptyString", # image_digest: "NonEmptyString", # image_tags: ["NonEmptyString"], # image_published_at: "NonEmptyString", # } # # @!attribute [rw] registry_id # The Amazon Web Services account identifier that is associated with # the registry that the image belongs to. # @return [String] # # @!attribute [rw] repository_name # The name of the repository that the image belongs to. # @return [String] # # @!attribute [rw] architecture # The architecture of the image. # @return [String] # # @!attribute [rw] image_digest # The sha256 digest of the image manifest. # @return [String] # # @!attribute [rw] image_tags # The list of tags that are associated with the image. # @return [Array] # # @!attribute [rw] image_published_at # The date and time when the image was pushed to the repository. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcrContainerImageDetails AWS API Documentation # class AwsEcrContainerImageDetails < Struct.new( :registry_id, :repository_name, :architecture, :image_digest, :image_tags, :image_published_at) SENSITIVE = [] include Aws::Structure end # Provides information about an Amazon Elastic Container Registry # repository. # # @note When making an API call, you may pass AwsEcrRepositoryDetails # data as a hash: # # { # arn: "NonEmptyString", # image_scanning_configuration: { # scan_on_push: false, # }, # image_tag_mutability: "NonEmptyString", # lifecycle_policy: { # lifecycle_policy_text: "NonEmptyString", # registry_id: "NonEmptyString", # }, # repository_name: "NonEmptyString", # repository_policy_text: "NonEmptyString", # } # # @!attribute [rw] arn # The ARN of the repository. # @return [String] # # @!attribute [rw] image_scanning_configuration # The image scanning configuration for a repository. # @return [Types::AwsEcrRepositoryImageScanningConfigurationDetails] # # @!attribute [rw] image_tag_mutability # The tag mutability setting for the repository. # @return [String] # # @!attribute [rw] lifecycle_policy # Information about the lifecycle policy for the repository. # @return [Types::AwsEcrRepositoryLifecyclePolicyDetails] # # @!attribute [rw] repository_name # The name of the repository. # @return [String] # # @!attribute [rw] repository_policy_text # The text of the repository policy. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcrRepositoryDetails AWS API Documentation # class AwsEcrRepositoryDetails < Struct.new( :arn, :image_scanning_configuration, :image_tag_mutability, :lifecycle_policy, :repository_name, :repository_policy_text) SENSITIVE = [] include Aws::Structure end # The image scanning configuration for a repository. # # @note When making an API call, you may pass AwsEcrRepositoryImageScanningConfigurationDetails # data as a hash: # # { # scan_on_push: false, # } # # @!attribute [rw] scan_on_push # Whether to scan images after they are pushed to a repository. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcrRepositoryImageScanningConfigurationDetails AWS API Documentation # class AwsEcrRepositoryImageScanningConfigurationDetails < Struct.new( :scan_on_push) SENSITIVE = [] include Aws::Structure end # Information about the lifecycle policy for the repository. # # @note When making an API call, you may pass AwsEcrRepositoryLifecyclePolicyDetails # data as a hash: # # { # lifecycle_policy_text: "NonEmptyString", # registry_id: "NonEmptyString", # } # # @!attribute [rw] lifecycle_policy_text # The text of the lifecycle policy. # @return [String] # # @!attribute [rw] registry_id # The Amazon Web Services account identifier that is associated with # the registry that contains the repository. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcrRepositoryLifecyclePolicyDetails AWS API Documentation # class AwsEcrRepositoryLifecyclePolicyDetails < Struct.new( :lifecycle_policy_text, :registry_id) SENSITIVE = [] include Aws::Structure end # Indicates whether to enable CloudWatch Container Insights for the ECS # cluster. # # @note When making an API call, you may pass AwsEcsClusterClusterSettingsDetails # data as a hash: # # { # name: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] name # The name of the setting. # @return [String] # # @!attribute [rw] value # The value of the setting. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsClusterClusterSettingsDetails AWS API Documentation # class AwsEcsClusterClusterSettingsDetails < Struct.new( :name, :value) SENSITIVE = [] include Aws::Structure end # The run command configuration for the cluster. # # @note When making an API call, you may pass AwsEcsClusterConfigurationDetails # data as a hash: # # { # execute_command_configuration: { # kms_key_id: "NonEmptyString", # log_configuration: { # cloud_watch_encryption_enabled: false, # cloud_watch_log_group_name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_encryption_enabled: false, # s3_key_prefix: "NonEmptyString", # }, # logging: "NonEmptyString", # }, # } # # @!attribute [rw] execute_command_configuration # Contains the run command configuration for the cluster. # @return [Types::AwsEcsClusterConfigurationExecuteCommandConfigurationDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsClusterConfigurationDetails AWS API Documentation # class AwsEcsClusterConfigurationDetails < Struct.new( :execute_command_configuration) SENSITIVE = [] include Aws::Structure end # Contains the run command configuration for the cluster. # # @note When making an API call, you may pass AwsEcsClusterConfigurationExecuteCommandConfigurationDetails # data as a hash: # # { # kms_key_id: "NonEmptyString", # log_configuration: { # cloud_watch_encryption_enabled: false, # cloud_watch_log_group_name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_encryption_enabled: false, # s3_key_prefix: "NonEmptyString", # }, # logging: "NonEmptyString", # } # # @!attribute [rw] kms_key_id # The identifier of the KMS key that is used to encrypt the data # between the local client and the container. # @return [String] # # @!attribute [rw] log_configuration # The log configuration for the results of the run command actions. # Required if `Logging` is `NONE`. # @return [Types::AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails] # # @!attribute [rw] logging # The log setting to use for redirecting logs for run command results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsClusterConfigurationExecuteCommandConfigurationDetails AWS API Documentation # class AwsEcsClusterConfigurationExecuteCommandConfigurationDetails < Struct.new( :kms_key_id, :log_configuration, :logging) SENSITIVE = [] include Aws::Structure end # The log configuration for the results of the run command actions. # # @note When making an API call, you may pass AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails # data as a hash: # # { # cloud_watch_encryption_enabled: false, # cloud_watch_log_group_name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_encryption_enabled: false, # s3_key_prefix: "NonEmptyString", # } # # @!attribute [rw] cloud_watch_encryption_enabled # Whether to enable encryption on the CloudWatch logs. # @return [Boolean] # # @!attribute [rw] cloud_watch_log_group_name # The name of the CloudWatch log group to send the logs to. # @return [String] # # @!attribute [rw] s3_bucket_name # The name of the S3 bucket to send logs to. # @return [String] # # @!attribute [rw] s3_encryption_enabled # Whether to encrypt the logs that are sent to the S3 bucket. # @return [Boolean] # # @!attribute [rw] s3_key_prefix # Identifies the folder in the S3 bucket to send the logs to. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails AWS API Documentation # class AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails < Struct.new( :cloud_watch_encryption_enabled, :cloud_watch_log_group_name, :s3_bucket_name, :s3_encryption_enabled, :s3_key_prefix) SENSITIVE = [] include Aws::Structure end # The default capacity provider strategy for the cluster. The default # capacity provider strategy is used when services or tasks are run # without a specified launch type or capacity provider strategy. # # @note When making an API call, you may pass AwsEcsClusterDefaultCapacityProviderStrategyDetails # data as a hash: # # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # } # # @!attribute [rw] base # The minimum number of tasks to run on the specified capacity # provider. # @return [Integer] # # @!attribute [rw] capacity_provider # The name of the capacity provider. # @return [String] # # @!attribute [rw] weight # The relative percentage of the total number of tasks launched that # should use the capacity provider. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsClusterDefaultCapacityProviderStrategyDetails AWS API Documentation # class AwsEcsClusterDefaultCapacityProviderStrategyDetails < Struct.new( :base, :capacity_provider, :weight) SENSITIVE = [] include Aws::Structure end # provides details about an ECS cluster. # # @note When making an API call, you may pass AwsEcsClusterDetails # data as a hash: # # { # capacity_providers: ["NonEmptyString"], # cluster_settings: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # configuration: { # execute_command_configuration: { # kms_key_id: "NonEmptyString", # log_configuration: { # cloud_watch_encryption_enabled: false, # cloud_watch_log_group_name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_encryption_enabled: false, # s3_key_prefix: "NonEmptyString", # }, # logging: "NonEmptyString", # }, # }, # default_capacity_provider_strategy: [ # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # }, # ], # } # # @!attribute [rw] capacity_providers # The short name of one or more capacity providers to associate with # the cluster. # @return [Array] # # @!attribute [rw] cluster_settings # The setting to use to create the cluster. Specifically used to # configure whether to enable CloudWatch Container Insights for the # cluster. # @return [Array] # # @!attribute [rw] configuration # The run command configuration for the cluster. # @return [Types::AwsEcsClusterConfigurationDetails] # # @!attribute [rw] default_capacity_provider_strategy # The default capacity provider strategy for the cluster. The default # capacity provider strategy is used when services or tasks are run # without a specified launch type or capacity provider strategy. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsClusterDetails AWS API Documentation # class AwsEcsClusterDetails < Struct.new( :capacity_providers, :cluster_settings, :configuration, :default_capacity_provider_strategy) SENSITIVE = [] include Aws::Structure end # Strategy item for the capacity provider strategy that the service # uses. # # @note When making an API call, you may pass AwsEcsServiceCapacityProviderStrategyDetails # data as a hash: # # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # } # # @!attribute [rw] base # The minimum number of tasks to run on the capacity provider. Only # one strategy item can specify a value for `Base`. # # The value must be between 0 and 100000. # @return [Integer] # # @!attribute [rw] capacity_provider # The short name of the capacity provider. # @return [String] # # @!attribute [rw] weight # The relative percentage of the total number of tasks that should use # the capacity provider. # # If no weight is specified, the default value is 0. At least one # capacity provider must have a weight greater than 0. # # The value can be between 0 and 1000. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsServiceCapacityProviderStrategyDetails AWS API Documentation # class AwsEcsServiceCapacityProviderStrategyDetails < Struct.new( :base, :capacity_provider, :weight) SENSITIVE = [] include Aws::Structure end # Determines whether a service deployment fails if a service cannot # reach a steady state. # # @note When making an API call, you may pass AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails # data as a hash: # # { # enable: false, # rollback: false, # } # # @!attribute [rw] enable # Whether to enable the deployment circuit breaker logic for the # service. # @return [Boolean] # # @!attribute [rw] rollback # Whether to roll back the service if a service deployment fails. If # rollback is enabled, when a service deployment fails, the service is # rolled back to the last deployment that completed successfully. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails AWS API Documentation # class AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails < Struct.new( :enable, :rollback) SENSITIVE = [] include Aws::Structure end # Optional deployment parameters for the service. # # @note When making an API call, you may pass AwsEcsServiceDeploymentConfigurationDetails # data as a hash: # # { # deployment_circuit_breaker: { # enable: false, # rollback: false, # }, # maximum_percent: 1, # minimum_healthy_percent: 1, # } # # @!attribute [rw] deployment_circuit_breaker # Determines whether a service deployment fails if a service cannot # reach a steady state. # @return [Types::AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails] # # @!attribute [rw] maximum_percent # For a service that uses the rolling update (`ECS`) deployment type, # the maximum number of tasks in a service that are allowed in the # `RUNNING` or `PENDING` state during a deployment, and for tasks that # use the EC2 launch type, when any container instances are in the # `DRAINING` state. Provided as a percentage of the desired number of # tasks. The default value is 200%. # # For a service that uses the blue/green (`CODE_DEPLOY`) or `EXTERNAL` # deployment types, and tasks that use the EC2 launch type, the # maximum number of tasks in the service that remain in the `RUNNING` # state while the container instances are in the `DRAINING` state. # # For the Fargate launch type, the maximum percent value is not used. # @return [Integer] # # @!attribute [rw] minimum_healthy_percent # For a service that uses the rolling update (`ECS`) deployment type, # the minimum number of tasks in a service that must remain in the # `RUNNING` state during a deployment, and while any container # instances are in the `DRAINING` state if the service contains tasks # using the EC2 launch type. Expressed as a percentage of the desired # number of tasks. The default value is 100%. # # For a service that uses the blue/green (`CODE_DEPLOY`) or `EXTERNAL` # deployment types and tasks that use the EC2 launch type, the minimum # number of the tasks in the service that remain in the `RUNNING` # state while the container instances are in the `DRAINING` state. # # For the Fargate launch type, the minimum healthy percent value is # not used. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsServiceDeploymentConfigurationDetails AWS API Documentation # class AwsEcsServiceDeploymentConfigurationDetails < Struct.new( :deployment_circuit_breaker, :maximum_percent, :minimum_healthy_percent) SENSITIVE = [] include Aws::Structure end # Information about the deployment controller type that the service # uses. # # @note When making an API call, you may pass AwsEcsServiceDeploymentControllerDetails # data as a hash: # # { # type: "NonEmptyString", # } # # @!attribute [rw] type # The rolling update (`ECS`) deployment type replaces the current # running version of the container with the latest version. # # The blue/green (`CODE_DEPLOY`) deployment type uses the blue/green # deployment model that is powered by CodeDeploy. This deployment # model a new deployment of a service can be verified before # production traffic is sent to it. # # The external (`EXTERNAL`) deployment type allows the use of any # third-party deployment controller for full control over the # deployment process for an Amazon ECS service. # # Valid values: `ECS` \| `CODE_DEPLOY` \| `EXTERNAL` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsServiceDeploymentControllerDetails AWS API Documentation # class AwsEcsServiceDeploymentControllerDetails < Struct.new( :type) SENSITIVE = [] include Aws::Structure end # Provides details about a service within an ECS cluster. # # @note When making an API call, you may pass AwsEcsServiceDetails # data as a hash: # # { # capacity_provider_strategy: [ # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # }, # ], # cluster: "NonEmptyString", # deployment_configuration: { # deployment_circuit_breaker: { # enable: false, # rollback: false, # }, # maximum_percent: 1, # minimum_healthy_percent: 1, # }, # deployment_controller: { # type: "NonEmptyString", # }, # desired_count: 1, # enable_ecs_managed_tags: false, # enable_execute_command: false, # health_check_grace_period_seconds: 1, # launch_type: "NonEmptyString", # load_balancers: [ # { # container_name: "NonEmptyString", # container_port: 1, # load_balancer_name: "NonEmptyString", # target_group_arn: "NonEmptyString", # }, # ], # name: "NonEmptyString", # network_configuration: { # aws_vpc_configuration: { # assign_public_ip: "NonEmptyString", # security_groups: ["NonEmptyString"], # subnets: ["NonEmptyString"], # }, # }, # placement_constraints: [ # { # expression: "NonEmptyString", # type: "NonEmptyString", # }, # ], # placement_strategies: [ # { # field: "NonEmptyString", # type: "NonEmptyString", # }, # ], # platform_version: "NonEmptyString", # propagate_tags: "NonEmptyString", # role: "NonEmptyString", # scheduling_strategy: "NonEmptyString", # service_arn: "NonEmptyString", # service_name: "NonEmptyString", # service_registries: [ # { # container_name: "NonEmptyString", # container_port: 1, # port: 1, # registry_arn: "NonEmptyString", # }, # ], # task_definition: "NonEmptyString", # } # # @!attribute [rw] capacity_provider_strategy # The capacity provider strategy that the service uses. # @return [Array] # # @!attribute [rw] cluster # The ARN of the cluster that hosts the service. # @return [String] # # @!attribute [rw] deployment_configuration # Deployment parameters for the service. Includes the number of tasks # that run and the order in which to start and stop tasks. # @return [Types::AwsEcsServiceDeploymentConfigurationDetails] # # @!attribute [rw] deployment_controller # Contains the deployment controller type that the service uses. # @return [Types::AwsEcsServiceDeploymentControllerDetails] # # @!attribute [rw] desired_count # The number of instantiations of the task definition to run on the # service. # @return [Integer] # # @!attribute [rw] enable_ecs_managed_tags # Whether to enable Amazon ECS managed tags for the tasks in the # service. # @return [Boolean] # # @!attribute [rw] enable_execute_command # Whether the execute command functionality is enabled for the # service. # @return [Boolean] # # @!attribute [rw] health_check_grace_period_seconds # After a task starts, the amount of time in seconds that the Amazon # ECS service scheduler ignores unhealthy Elastic Load Balancing # target health checks. # @return [Integer] # # @!attribute [rw] launch_type # The launch type that the service uses. # # Valid values: `EC2` \| `FARGATE` \| `EXTERNAL` # @return [String] # # @!attribute [rw] load_balancers # Information about the load balancers that the service uses. # @return [Array] # # @!attribute [rw] name # The name of the service. # @return [String] # # @!attribute [rw] network_configuration # For tasks that use the `awsvpc` networking mode, the VPC subnet and # security group configuration. # @return [Types::AwsEcsServiceNetworkConfigurationDetails] # # @!attribute [rw] placement_constraints # The placement constraints for the tasks in the service. # @return [Array] # # @!attribute [rw] placement_strategies # Information about how tasks for the service are placed. # @return [Array] # # @!attribute [rw] platform_version # The platform version on which to run the service. Only specified for # tasks that are hosted on Fargate. If a platform version is not # specified, the `LATEST` platform version is used by default. # @return [String] # # @!attribute [rw] propagate_tags # Indicates whether to propagate the tags from the task definition to # the task or from the service to the task. If no value is provided, # then tags are not propagated. # # Valid values: `TASK_DEFINITION` \| `SERVICE` # @return [String] # # @!attribute [rw] role # The ARN of the IAM role that is associated with the service. The # role allows the Amazon ECS container agent to register container # instances with an Elastic Load Balancing load balancer. # @return [String] # # @!attribute [rw] scheduling_strategy # The scheduling strategy to use for the service. # # The `REPLICA` scheduling strategy places and maintains the desired # number of tasks across the cluster. By default, the service # scheduler spreads tasks across Availability Zones. Task placement # strategies and constraints are used to customize task placement # decisions. # # The `DAEMON` scheduling strategy deploys exactly one task on each # active container instance that meets all of the task placement # constraints that are specified in the cluster. The service scheduler # also evaluates the task placement constraints for running tasks and # stops tasks that do not meet the placement constraints. # # Valid values: `REPLICA` \| `DAEMON` # @return [String] # # @!attribute [rw] service_arn # The ARN of the service. # @return [String] # # @!attribute [rw] service_name # The name of the service. # # The name can contain up to 255 characters. It can use letters, # numbers, underscores, and hyphens. # @return [String] # # @!attribute [rw] service_registries # Information about the service discovery registries to assign to the # service. # @return [Array] # # @!attribute [rw] task_definition # The task definition to use for tasks in the service. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsServiceDetails AWS API Documentation # class AwsEcsServiceDetails < Struct.new( :capacity_provider_strategy, :cluster, :deployment_configuration, :deployment_controller, :desired_count, :enable_ecs_managed_tags, :enable_execute_command, :health_check_grace_period_seconds, :launch_type, :load_balancers, :name, :network_configuration, :placement_constraints, :placement_strategies, :platform_version, :propagate_tags, :role, :scheduling_strategy, :service_arn, :service_name, :service_registries, :task_definition) SENSITIVE = [] include Aws::Structure end # Information about a load balancer that the service uses. # # @note When making an API call, you may pass AwsEcsServiceLoadBalancersDetails # data as a hash: # # { # container_name: "NonEmptyString", # container_port: 1, # load_balancer_name: "NonEmptyString", # target_group_arn: "NonEmptyString", # } # # @!attribute [rw] container_name # The name of the container to associate with the load balancer. # @return [String] # # @!attribute [rw] container_port # The port on the container to associate with the load balancer. This # port must correspond to a `containerPort` in the task definition the # tasks in the service are using. For tasks that use the EC2 launch # type, the container instance they are launched on must allow ingress # traffic on the `hostPort` of the port mapping. # @return [Integer] # # @!attribute [rw] load_balancer_name # The name of the load balancer to associate with the Amazon ECS # service or task set. # # Only specified when using a Classic Load Balancer. For an # Application Load Balancer or a Network Load Balancer, the load # balancer name is omitted. # @return [String] # # @!attribute [rw] target_group_arn # The ARN of the Elastic Load Balancing target group or groups # associated with a service or task set. # # Only specified when using an Application Load Balancer or a Network # Load Balancer. For a Classic Load Balancer, the target group ARN is # omitted. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsServiceLoadBalancersDetails AWS API Documentation # class AwsEcsServiceLoadBalancersDetails < Struct.new( :container_name, :container_port, :load_balancer_name, :target_group_arn) SENSITIVE = [] include Aws::Structure end # For tasks that use the `awsvpc` networking mode, the VPC subnet and # security group configuration. # # @note When making an API call, you may pass AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails # data as a hash: # # { # assign_public_ip: "NonEmptyString", # security_groups: ["NonEmptyString"], # subnets: ["NonEmptyString"], # } # # @!attribute [rw] assign_public_ip # Whether the task's elastic network interface receives a public IP # address. The default value is `DISABLED`. # # Valid values: `ENABLED` \| `DISABLED` # @return [String] # # @!attribute [rw] security_groups # The IDs of the security groups associated with the task or service. # # You can provide up to five security groups. # @return [Array] # # @!attribute [rw] subnets # The IDs of the subnets associated with the task or service. # # You can provide up to 16 subnets. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails AWS API Documentation # class AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails < Struct.new( :assign_public_ip, :security_groups, :subnets) SENSITIVE = [] include Aws::Structure end # For tasks that use the `awsvpc` networking mode, the VPC subnet and # security group configuration. # # @note When making an API call, you may pass AwsEcsServiceNetworkConfigurationDetails # data as a hash: # # { # aws_vpc_configuration: { # assign_public_ip: "NonEmptyString", # security_groups: ["NonEmptyString"], # subnets: ["NonEmptyString"], # }, # } # # @!attribute [rw] aws_vpc_configuration # The VPC subnet and security group configuration. # @return [Types::AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsServiceNetworkConfigurationDetails AWS API Documentation # class AwsEcsServiceNetworkConfigurationDetails < Struct.new( :aws_vpc_configuration) SENSITIVE = [] include Aws::Structure end # A placement constraint for the tasks in the service. # # @note When making an API call, you may pass AwsEcsServicePlacementConstraintsDetails # data as a hash: # # { # expression: "NonEmptyString", # type: "NonEmptyString", # } # # @!attribute [rw] expression # A cluster query language expression to apply to the constraint. You # cannot specify an expression if the constraint type is # `distinctInstance`. # @return [String] # # @!attribute [rw] type # The type of constraint. Use `distinctInstance` to run each task in a # particular group on a different container instance. Use `memberOf` # to restrict the selection to a group of valid candidates. # # Valid values: `distinctInstance` \| `memberOf` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsServicePlacementConstraintsDetails AWS API Documentation # class AwsEcsServicePlacementConstraintsDetails < Struct.new( :expression, :type) SENSITIVE = [] include Aws::Structure end # A placement strategy that determines how to place the tasks for the # service. # # @note When making an API call, you may pass AwsEcsServicePlacementStrategiesDetails # data as a hash: # # { # field: "NonEmptyString", # type: "NonEmptyString", # } # # @!attribute [rw] field # The field to apply the placement strategy against. # # For the `spread` placement strategy, valid values are `instanceId` # (or `host`, which has the same effect), or any platform or custom # attribute that is applied to a container instance, such as # `attribute:ecs.availability-zone`. # # For the `binpack` placement strategy, valid values are `cpu` and # `memory`. # # For the `random` placement strategy, this attribute is not used. # @return [String] # # @!attribute [rw] type # The type of placement strategy. # # The `random` placement strategy randomly places tasks on available # candidates. # # The `spread` placement strategy spreads placement across available # candidates evenly based on the value of `Field`. # # The `binpack` strategy places tasks on available candidates that # have the least available amount of the resource that is specified in # `Field`. # # Valid values: `random` \| `spread` \| `binpack` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsServicePlacementStrategiesDetails AWS API Documentation # class AwsEcsServicePlacementStrategiesDetails < Struct.new( :field, :type) SENSITIVE = [] include Aws::Structure end # Information about a service discovery registry to assign to the # service. # # @note When making an API call, you may pass AwsEcsServiceServiceRegistriesDetails # data as a hash: # # { # container_name: "NonEmptyString", # container_port: 1, # port: 1, # registry_arn: "NonEmptyString", # } # # @!attribute [rw] container_name # The container name value to use for the service discovery service. # # If the task definition uses the `bridge` or `host` network mode, you # must specify `ContainerName` and `ContainerPort`. # # If the task definition uses the `awsvpc` network mode and a type SRV # DNS record, you must specify either `ContainerName` and # `ContainerPort`, or `Port` , but not both. # @return [String] # # @!attribute [rw] container_port # The port value to use for the service discovery service. # # If the task definition uses the `bridge` or `host` network mode, you # must specify `ContainerName` and `ContainerPort`. # # If the task definition uses the `awsvpc` network mode and a type SRV # DNS record, you must specify either `ContainerName` and # `ContainerPort`, or `Port` , but not both. # @return [Integer] # # @!attribute [rw] port # The port value to use for a service discovery service that specifies # an SRV record. This field can be used if both the `awsvpc`awsvpc # network mode and SRV records are used. # @return [Integer] # # @!attribute [rw] registry_arn # The ARN of the service registry. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsServiceServiceRegistriesDetails AWS API Documentation # class AwsEcsServiceServiceRegistriesDetails < Struct.new( :container_name, :container_port, :port, :registry_arn) SENSITIVE = [] include Aws::Structure end # A dependency that is defined for container startup and shutdown. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails # data as a hash: # # { # condition: "NonEmptyString", # container_name: "NonEmptyString", # } # # @!attribute [rw] condition # The dependency condition of the dependent container. Indicates the # required status of the dependent container before the current # container can start. # @return [String] # # @!attribute [rw] container_name # The name of the dependent container. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails < Struct.new( :condition, :container_name) SENSITIVE = [] include Aws::Structure end # A container definition that describes a container in the task. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsDetails # data as a hash: # # { # command: ["NonEmptyString"], # cpu: 1, # depends_on: [ # { # condition: "NonEmptyString", # container_name: "NonEmptyString", # }, # ], # disable_networking: false, # dns_search_domains: ["NonEmptyString"], # dns_servers: ["NonEmptyString"], # docker_labels: { # "NonEmptyString" => "NonEmptyString", # }, # docker_security_options: ["NonEmptyString"], # entry_point: ["NonEmptyString"], # environment: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # environment_files: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # essential: false, # extra_hosts: [ # { # hostname: "NonEmptyString", # ip_address: "NonEmptyString", # }, # ], # firelens_configuration: { # options: { # "NonEmptyString" => "NonEmptyString", # }, # type: "NonEmptyString", # }, # health_check: { # command: ["NonEmptyString"], # interval: 1, # retries: 1, # start_period: 1, # timeout: 1, # }, # hostname: "NonEmptyString", # image: "NonEmptyString", # interactive: false, # links: ["NonEmptyString"], # linux_parameters: { # capabilities: { # add: ["NonEmptyString"], # drop: ["NonEmptyString"], # }, # devices: [ # { # container_path: "NonEmptyString", # host_path: "NonEmptyString", # permissions: ["NonEmptyString"], # }, # ], # init_process_enabled: false, # max_swap: 1, # shared_memory_size: 1, # swappiness: 1, # tmpfs: [ # { # container_path: "NonEmptyString", # mount_options: ["NonEmptyString"], # size: 1, # }, # ], # }, # log_configuration: { # log_driver: "NonEmptyString", # options: { # "NonEmptyString" => "NonEmptyString", # }, # secret_options: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # }, # memory: 1, # memory_reservation: 1, # mount_points: [ # { # container_path: "NonEmptyString", # read_only: false, # source_volume: "NonEmptyString", # }, # ], # name: "NonEmptyString", # port_mappings: [ # { # container_port: 1, # host_port: 1, # protocol: "NonEmptyString", # }, # ], # privileged: false, # pseudo_terminal: false, # readonly_root_filesystem: false, # repository_credentials: { # credentials_parameter: "NonEmptyString", # }, # resource_requirements: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # secrets: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # start_timeout: 1, # stop_timeout: 1, # system_controls: [ # { # namespace: "NonEmptyString", # value: "NonEmptyString", # }, # ], # ulimits: [ # { # hard_limit: 1, # name: "NonEmptyString", # soft_limit: 1, # }, # ], # user: "NonEmptyString", # volumes_from: [ # { # read_only: false, # source_container: "NonEmptyString", # }, # ], # working_directory: "NonEmptyString", # } # # @!attribute [rw] command # The command that is passed to the container. # @return [Array] # # @!attribute [rw] cpu # The number of CPU units reserved for the container. # @return [Integer] # # @!attribute [rw] depends_on # The dependencies that are defined for container startup and # shutdown. # @return [Array] # # @!attribute [rw] disable_networking # Whether to disable networking within the container. # @return [Boolean] # # @!attribute [rw] dns_search_domains # A list of DNS search domains that are presented to the container. # @return [Array] # # @!attribute [rw] dns_servers # A list of DNS servers that are presented to the container. # @return [Array] # # @!attribute [rw] docker_labels # A key-value map of labels to add to the container. # @return [Hash] # # @!attribute [rw] docker_security_options # A list of strings to provide custom labels for SELinux and AppArmor # multi-level security systems. # @return [Array] # # @!attribute [rw] entry_point # The entry point that is passed to the container. # @return [Array] # # @!attribute [rw] environment # The environment variables to pass to a container. # @return [Array] # # @!attribute [rw] environment_files # A list of files containing the environment variables to pass to a # container. # @return [Array] # # @!attribute [rw] essential # Whether the container is essential. All tasks must have at least one # essential container. # @return [Boolean] # # @!attribute [rw] extra_hosts # A list of hostnames and IP address mappings to append to the # **/etc/hosts** file on the container. # @return [Array] # # @!attribute [rw] firelens_configuration # The FireLens configuration for the container. Specifies and # configures a log router for container logs. # @return [Types::AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails] # # @!attribute [rw] health_check # The container health check command and associated configuration # parameters for the container. # @return [Types::AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails] # # @!attribute [rw] hostname # The hostname to use for the container. # @return [String] # # @!attribute [rw] image # The image used to start the container. # @return [String] # # @!attribute [rw] interactive # If set to true, then containerized applications can be deployed that # require `stdin` or a `tty` to be allocated. # @return [Boolean] # # @!attribute [rw] links # A list of links for the container in the form ` container_name:alias # `. Allows containers to communicate with each other without the need # for port mappings. # @return [Array] # # @!attribute [rw] linux_parameters # Linux-specific modifications that are applied to the container, such # as Linux kernel capabilities. # @return [Types::AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails] # # @!attribute [rw] log_configuration # The log configuration specification for the container. # @return [Types::AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails] # # @!attribute [rw] memory # The amount (in MiB) of memory to present to the container. If the # container attempts to exceed the memory specified here, the # container is shut down. The total amount of memory reserved for all # containers within a task must be lower than the task memory value, # if one is specified. # @return [Integer] # # @!attribute [rw] memory_reservation # The soft limit (in MiB) of memory to reserve for the container. # @return [Integer] # # @!attribute [rw] mount_points # The mount points for the data volumes in the container. # @return [Array] # # @!attribute [rw] name # The name of the container. # @return [String] # # @!attribute [rw] port_mappings # The list of port mappings for the container. # @return [Array] # # @!attribute [rw] privileged # Whether the container is given elevated privileges on the host # container instance. The elevated privileges are similar to the root # user. # @return [Boolean] # # @!attribute [rw] pseudo_terminal # Whether to allocate a TTY to the container. # @return [Boolean] # # @!attribute [rw] readonly_root_filesystem # Whether the container is given read-only access to its root file # system. # @return [Boolean] # # @!attribute [rw] repository_credentials # The private repository authentication credentials to use. # @return [Types::AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails] # # @!attribute [rw] resource_requirements # The type and amount of a resource to assign to a container. The only # supported resource is a GPU. # @return [Array] # # @!attribute [rw] secrets # The secrets to pass to the container. # @return [Array] # # @!attribute [rw] start_timeout # The number of seconds to wait before giving up on resolving # dependencies for a container. # @return [Integer] # # @!attribute [rw] stop_timeout # The number of seconds to wait before the container is stopped if it # doesn't shut down normally on its own. # @return [Integer] # # @!attribute [rw] system_controls # A list of namespaced kernel parameters to set in the container. # @return [Array] # # @!attribute [rw] ulimits # A list of ulimits to set in the container. # @return [Array] # # @!attribute [rw] user # The user to use inside the container. # # The value can use one of the following formats. # # * ` user ` # # * ` user `\:` group ` # # * ` uid ` # # * ` uid `\:` gid ` # # * ` user `\:` gid ` # # * ` uid `\:` group ` # @return [String] # # @!attribute [rw] volumes_from # Data volumes to mount from another container. # @return [Array] # # @!attribute [rw] working_directory # The working directory in which to run commands inside the container. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsDetails < Struct.new( :command, :cpu, :depends_on, :disable_networking, :dns_search_domains, :dns_servers, :docker_labels, :docker_security_options, :entry_point, :environment, :environment_files, :essential, :extra_hosts, :firelens_configuration, :health_check, :hostname, :image, :interactive, :links, :linux_parameters, :log_configuration, :memory, :memory_reservation, :mount_points, :name, :port_mappings, :privileged, :pseudo_terminal, :readonly_root_filesystem, :repository_credentials, :resource_requirements, :secrets, :start_timeout, :stop_timeout, :system_controls, :ulimits, :user, :volumes_from, :working_directory) SENSITIVE = [] include Aws::Structure end # An environment variable to pass to the container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails # data as a hash: # # { # name: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] name # The name of the environment variable. # @return [String] # # @!attribute [rw] value # The value of the environment variable. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails < Struct.new( :name, :value) SENSITIVE = [] include Aws::Structure end # A file that contain environment variables to pass to a container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails # data as a hash: # # { # type: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] type # The type of environment file. # @return [String] # # @!attribute [rw] value # The ARN of the S3 object that contains the environment variable # file. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails < Struct.new( :type, :value) SENSITIVE = [] include Aws::Structure end # A hostname and IP address mapping to append to the **/etc/hosts** file # on the container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails # data as a hash: # # { # hostname: "NonEmptyString", # ip_address: "NonEmptyString", # } # # @!attribute [rw] hostname # The hostname to use in the **/etc/hosts** entry. # @return [String] # # @!attribute [rw] ip_address # The IP address to use in the **/etc/hosts** entry. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails < Struct.new( :hostname, :ip_address) SENSITIVE = [] include Aws::Structure end # The FireLens configuration for the container. The configuration # specifies and configures a log router for container logs. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails # data as a hash: # # { # options: { # "NonEmptyString" => "NonEmptyString", # }, # type: "NonEmptyString", # } # # @!attribute [rw] options # The options to use to configure the log router. # # The valid option keys are as follows: # # * `enable-ecs-log-metadata`. The value can be `true` or `false`. # # * `config-file-type`. The value can be `s3` or `file`. # # * `config-file-value`. The value is either an S3 ARN or a file path. # @return [Hash] # # @!attribute [rw] type # The log router to use. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails < Struct.new( :options, :type) SENSITIVE = [] include Aws::Structure end # The container health check command and associated configuration # parameters for the container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails # data as a hash: # # { # command: ["NonEmptyString"], # interval: 1, # retries: 1, # start_period: 1, # timeout: 1, # } # # @!attribute [rw] command # The command that the container runs to determine whether it is # healthy. # @return [Array] # # @!attribute [rw] interval # The time period in seconds between each health check execution. The # default value is 30 seconds. # @return [Integer] # # @!attribute [rw] retries # The number of times to retry a failed health check before the # container is considered unhealthy. The default value is 3. # @return [Integer] # # @!attribute [rw] start_period # The optional grace period in seconds that allows containers time to # bootstrap before failed health checks count towards the maximum # number of retries. # @return [Integer] # # @!attribute [rw] timeout # The time period in seconds to wait for a health check to succeed # before it is considered a failure. The default value is 5. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails < Struct.new( :command, :interval, :retries, :start_period, :timeout) SENSITIVE = [] include Aws::Structure end # The Linux capabilities for the container that are added to or dropped # from the default configuration provided by Docker. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails # data as a hash: # # { # add: ["NonEmptyString"], # drop: ["NonEmptyString"], # } # # @!attribute [rw] add # The Linux capabilities for the container that are added to the # default configuration provided by Docker. # @return [Array] # # @!attribute [rw] drop # The Linux capabilities for the container that are dropped from the # default configuration provided by Docker. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails < Struct.new( :add, :drop) SENSITIVE = [] include Aws::Structure end # >Linux-specific modifications that are applied to the container, # such as Linux kernel capabilities. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails # data as a hash: # # { # capabilities: { # add: ["NonEmptyString"], # drop: ["NonEmptyString"], # }, # devices: [ # { # container_path: "NonEmptyString", # host_path: "NonEmptyString", # permissions: ["NonEmptyString"], # }, # ], # init_process_enabled: false, # max_swap: 1, # shared_memory_size: 1, # swappiness: 1, # tmpfs: [ # { # container_path: "NonEmptyString", # mount_options: ["NonEmptyString"], # size: 1, # }, # ], # } # # @!attribute [rw] capabilities # The Linux capabilities for the container that are added to or # dropped from the default configuration provided by Docker. # @return [Types::AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails] # # @!attribute [rw] devices # The host devices to expose to the container. # @return [Array] # # @!attribute [rw] init_process_enabled # Whether to run an `init` process inside the container that forwards # signals and reaps processes. # @return [Boolean] # # @!attribute [rw] max_swap # The total amount of swap memory (in MiB) that a container can use. # @return [Integer] # # @!attribute [rw] shared_memory_size # The value for the size (in MiB) of the **/dev/shm** volume. # @return [Integer] # # @!attribute [rw] swappiness # Configures the container's memory swappiness behavior. Determines # how aggressively pages are swapped. The higher the value, the more # aggressive the swappiness. The default is 60. # @return [Integer] # # @!attribute [rw] tmpfs # The container path, mount options, and size (in MiB) of the tmpfs # mount. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails < Struct.new( :capabilities, :devices, :init_process_enabled, :max_swap, :shared_memory_size, :swappiness, :tmpfs) SENSITIVE = [] include Aws::Structure end # A host device to expose to the container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails # data as a hash: # # { # container_path: "NonEmptyString", # host_path: "NonEmptyString", # permissions: ["NonEmptyString"], # } # # @!attribute [rw] container_path # The path inside the container at which to expose the host device. # @return [String] # # @!attribute [rw] host_path # The path for the device on the host container instance. # @return [String] # # @!attribute [rw] permissions # The explicit permissions to provide to the container for the device. # By default, the container has permissions for read, write, and # `mknod` for the device. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails < Struct.new( :container_path, :host_path, :permissions) SENSITIVE = [] include Aws::Structure end # The container path, mount options, and size (in MiB) of a tmpfs mount. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails # data as a hash: # # { # container_path: "NonEmptyString", # mount_options: ["NonEmptyString"], # size: 1, # } # # @!attribute [rw] container_path # The absolute file path where the tmpfs volume is to be mounted. # @return [String] # # @!attribute [rw] mount_options # The list of tmpfs volume mount options. # @return [Array] # # @!attribute [rw] size # The maximum size (in MiB) of the tmpfs volume. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails < Struct.new( :container_path, :mount_options, :size) SENSITIVE = [] include Aws::Structure end # The log configuration specification for the container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails # data as a hash: # # { # log_driver: "NonEmptyString", # options: { # "NonEmptyString" => "NonEmptyString", # }, # secret_options: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # } # # @!attribute [rw] log_driver # The log driver to use for the container. # @return [String] # # @!attribute [rw] options # The configuration options to send to the log driver. Requires # version 1.19 of the Docker Remote API or greater on your container # instance. # @return [Hash] # # @!attribute [rw] secret_options # The secrets to pass to the log configuration. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails < Struct.new( :log_driver, :options, :secret_options) SENSITIVE = [] include Aws::Structure end # A secret to pass to the log configuration. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails # data as a hash: # # { # name: "NonEmptyString", # value_from: "NonEmptyString", # } # # @!attribute [rw] name # The name of the secret. # @return [String] # # @!attribute [rw] value_from # The secret to expose to the container. # # The value is either the full ARN of the Secrets Manager secret or # the full ARN of the parameter in the Systems Manager Parameter # Store. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails < Struct.new( :name, :value_from) SENSITIVE = [] include Aws::Structure end # A mount point for the data volumes in the container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails # data as a hash: # # { # container_path: "NonEmptyString", # read_only: false, # source_volume: "NonEmptyString", # } # # @!attribute [rw] container_path # The path on the container to mount the host volume at. # @return [String] # # @!attribute [rw] read_only # Whether the container has read-only access to the volume. # @return [Boolean] # # @!attribute [rw] source_volume # The name of the volume to mount. Must match the name of a volume # listed in `VolumeDetails` for the task definition. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails < Struct.new( :container_path, :read_only, :source_volume) SENSITIVE = [] include Aws::Structure end # A port mapping for the container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails # data as a hash: # # { # container_port: 1, # host_port: 1, # protocol: "NonEmptyString", # } # # @!attribute [rw] container_port # The port number on the container that is bound to the user-specified # or automatically assigned host port. # @return [Integer] # # @!attribute [rw] host_port # The port number on the container instance to reserve for the # container. # @return [Integer] # # @!attribute [rw] protocol # The protocol used for the port mapping. The default is `tcp`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails < Struct.new( :container_port, :host_port, :protocol) SENSITIVE = [] include Aws::Structure end # The private repository authentication credentials to use. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails # data as a hash: # # { # credentials_parameter: "NonEmptyString", # } # # @!attribute [rw] credentials_parameter # The ARN of the secret that contains the private repository # credentials. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails < Struct.new( :credentials_parameter) SENSITIVE = [] include Aws::Structure end # A resource to assign to a container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails # data as a hash: # # { # type: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] type # The type of resource to assign to a container. # @return [String] # # @!attribute [rw] value # The value for the specified resource type. # # For `GPU`, the value is the number of physical GPUs the Amazon ECS # container agent reserves for the container. # # For `InferenceAccelerator`, the value should match the `DeviceName` # attribute of an entry in `InferenceAccelerators`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails < Struct.new( :type, :value) SENSITIVE = [] include Aws::Structure end # A secret to pass to the container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails # data as a hash: # # { # name: "NonEmptyString", # value_from: "NonEmptyString", # } # # @!attribute [rw] name # The name of the secret. # @return [String] # # @!attribute [rw] value_from # The secret to expose to the container. The value is either the full # ARN of the Secrets Manager secret or the full ARN of the parameter # in the Systems Manager Parameter Store. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails < Struct.new( :name, :value_from) SENSITIVE = [] include Aws::Structure end # A namespaced kernel parameter to set in the container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails # data as a hash: # # { # namespace: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] namespace # The namespaced kernel parameter for which to set a value. # @return [String] # # @!attribute [rw] value # The value of the parameter. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails < Struct.new( :namespace, :value) SENSITIVE = [] include Aws::Structure end # A ulimit to set in the container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails # data as a hash: # # { # hard_limit: 1, # name: "NonEmptyString", # soft_limit: 1, # } # # @!attribute [rw] hard_limit # The hard limit for the ulimit type. # @return [Integer] # # @!attribute [rw] name # The type of the ulimit. # @return [String] # # @!attribute [rw] soft_limit # The soft limit for the ulimit type. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails < Struct.new( :hard_limit, :name, :soft_limit) SENSITIVE = [] include Aws::Structure end # A data volume to mount from another container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails # data as a hash: # # { # read_only: false, # source_container: "NonEmptyString", # } # # @!attribute [rw] read_only # Whether the container has read-only access to the volume. # @return [Boolean] # # @!attribute [rw] source_container # The name of another container within the same task definition from # which to mount volumes. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails AWS API Documentation # class AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails < Struct.new( :read_only, :source_container) SENSITIVE = [] include Aws::Structure end # details about a task definition. A task definition describes the # container and volume definitions of an Amazon Elastic Container # Service task. # # @note When making an API call, you may pass AwsEcsTaskDefinitionDetails # data as a hash: # # { # container_definitions: [ # { # command: ["NonEmptyString"], # cpu: 1, # depends_on: [ # { # condition: "NonEmptyString", # container_name: "NonEmptyString", # }, # ], # disable_networking: false, # dns_search_domains: ["NonEmptyString"], # dns_servers: ["NonEmptyString"], # docker_labels: { # "NonEmptyString" => "NonEmptyString", # }, # docker_security_options: ["NonEmptyString"], # entry_point: ["NonEmptyString"], # environment: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # environment_files: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # essential: false, # extra_hosts: [ # { # hostname: "NonEmptyString", # ip_address: "NonEmptyString", # }, # ], # firelens_configuration: { # options: { # "NonEmptyString" => "NonEmptyString", # }, # type: "NonEmptyString", # }, # health_check: { # command: ["NonEmptyString"], # interval: 1, # retries: 1, # start_period: 1, # timeout: 1, # }, # hostname: "NonEmptyString", # image: "NonEmptyString", # interactive: false, # links: ["NonEmptyString"], # linux_parameters: { # capabilities: { # add: ["NonEmptyString"], # drop: ["NonEmptyString"], # }, # devices: [ # { # container_path: "NonEmptyString", # host_path: "NonEmptyString", # permissions: ["NonEmptyString"], # }, # ], # init_process_enabled: false, # max_swap: 1, # shared_memory_size: 1, # swappiness: 1, # tmpfs: [ # { # container_path: "NonEmptyString", # mount_options: ["NonEmptyString"], # size: 1, # }, # ], # }, # log_configuration: { # log_driver: "NonEmptyString", # options: { # "NonEmptyString" => "NonEmptyString", # }, # secret_options: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # }, # memory: 1, # memory_reservation: 1, # mount_points: [ # { # container_path: "NonEmptyString", # read_only: false, # source_volume: "NonEmptyString", # }, # ], # name: "NonEmptyString", # port_mappings: [ # { # container_port: 1, # host_port: 1, # protocol: "NonEmptyString", # }, # ], # privileged: false, # pseudo_terminal: false, # readonly_root_filesystem: false, # repository_credentials: { # credentials_parameter: "NonEmptyString", # }, # resource_requirements: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # secrets: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # start_timeout: 1, # stop_timeout: 1, # system_controls: [ # { # namespace: "NonEmptyString", # value: "NonEmptyString", # }, # ], # ulimits: [ # { # hard_limit: 1, # name: "NonEmptyString", # soft_limit: 1, # }, # ], # user: "NonEmptyString", # volumes_from: [ # { # read_only: false, # source_container: "NonEmptyString", # }, # ], # working_directory: "NonEmptyString", # }, # ], # cpu: "NonEmptyString", # execution_role_arn: "NonEmptyString", # family: "NonEmptyString", # inference_accelerators: [ # { # device_name: "NonEmptyString", # device_type: "NonEmptyString", # }, # ], # ipc_mode: "NonEmptyString", # memory: "NonEmptyString", # network_mode: "NonEmptyString", # pid_mode: "NonEmptyString", # placement_constraints: [ # { # expression: "NonEmptyString", # type: "NonEmptyString", # }, # ], # proxy_configuration: { # container_name: "NonEmptyString", # proxy_configuration_properties: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # type: "NonEmptyString", # }, # requires_compatibilities: ["NonEmptyString"], # task_role_arn: "NonEmptyString", # volumes: [ # { # docker_volume_configuration: { # autoprovision: false, # driver: "NonEmptyString", # driver_opts: { # "NonEmptyString" => "NonEmptyString", # }, # labels: { # "NonEmptyString" => "NonEmptyString", # }, # scope: "NonEmptyString", # }, # efs_volume_configuration: { # authorization_config: { # access_point_id: "NonEmptyString", # iam: "NonEmptyString", # }, # filesystem_id: "NonEmptyString", # root_directory: "NonEmptyString", # transit_encryption: "NonEmptyString", # transit_encryption_port: 1, # }, # host: { # source_path: "NonEmptyString", # }, # name: "NonEmptyString", # }, # ], # } # # @!attribute [rw] container_definitions # The container definitions that describe the containers that make up # the task. # @return [Array] # # @!attribute [rw] cpu # The number of CPU units used by the task. # @return [String] # # @!attribute [rw] execution_role_arn # The ARN of the task execution role that grants the container agent # permission to make API calls on behalf of the container user. # @return [String] # # @!attribute [rw] family # The name of a family that this task definition is registered to. # @return [String] # # @!attribute [rw] inference_accelerators # The Elastic Inference accelerators to use for the containers in the # task. # @return [Array] # # @!attribute [rw] ipc_mode # The IPC resource namespace to use for the containers in the task. # @return [String] # # @!attribute [rw] memory # The amount (in MiB) of memory used by the task. # @return [String] # # @!attribute [rw] network_mode # The Docker networking mode to use for the containers in the task. # @return [String] # # @!attribute [rw] pid_mode # The process namespace to use for the containers in the task. # @return [String] # # @!attribute [rw] placement_constraints # The placement constraint objects to use for tasks. # @return [Array] # # @!attribute [rw] proxy_configuration # The configuration details for the App Mesh proxy. # @return [Types::AwsEcsTaskDefinitionProxyConfigurationDetails] # # @!attribute [rw] requires_compatibilities # The task launch types that the task definition was validated # against. # @return [Array] # # @!attribute [rw] task_role_arn # The short name or ARN of the IAM role that grants containers in the # task permission to call Amazon Web Services API operations on your # behalf. # @return [String] # # @!attribute [rw] volumes # The data volume definitions for the task. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionDetails AWS API Documentation # class AwsEcsTaskDefinitionDetails < Struct.new( :container_definitions, :cpu, :execution_role_arn, :family, :inference_accelerators, :ipc_mode, :memory, :network_mode, :pid_mode, :placement_constraints, :proxy_configuration, :requires_compatibilities, :task_role_arn, :volumes) SENSITIVE = [] include Aws::Structure end # An Elastic Inference accelerator to use for the containers in the # task. # # @note When making an API call, you may pass AwsEcsTaskDefinitionInferenceAcceleratorsDetails # data as a hash: # # { # device_name: "NonEmptyString", # device_type: "NonEmptyString", # } # # @!attribute [rw] device_name # The Elastic Inference accelerator device name. # @return [String] # # @!attribute [rw] device_type # The Elastic Inference accelerator type to use. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionInferenceAcceleratorsDetails AWS API Documentation # class AwsEcsTaskDefinitionInferenceAcceleratorsDetails < Struct.new( :device_name, :device_type) SENSITIVE = [] include Aws::Structure end # A placement constraint object to use for tasks. # # @note When making an API call, you may pass AwsEcsTaskDefinitionPlacementConstraintsDetails # data as a hash: # # { # expression: "NonEmptyString", # type: "NonEmptyString", # } # # @!attribute [rw] expression # A cluster query language expression to apply to the constraint. # @return [String] # # @!attribute [rw] type # The type of constraint. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionPlacementConstraintsDetails AWS API Documentation # class AwsEcsTaskDefinitionPlacementConstraintsDetails < Struct.new( :expression, :type) SENSITIVE = [] include Aws::Structure end # The configuration details for the App Mesh proxy. # # @note When making an API call, you may pass AwsEcsTaskDefinitionProxyConfigurationDetails # data as a hash: # # { # container_name: "NonEmptyString", # proxy_configuration_properties: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # type: "NonEmptyString", # } # # @!attribute [rw] container_name # The name of the container that will serve as the App Mesh proxy. # @return [String] # # @!attribute [rw] proxy_configuration_properties # The set of network configuration parameters to provide to the # Container Network Interface (CNI) plugin, specified as key-value # pairs. # @return [Array] # # @!attribute [rw] type # The proxy type. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionProxyConfigurationDetails AWS API Documentation # class AwsEcsTaskDefinitionProxyConfigurationDetails < Struct.new( :container_name, :proxy_configuration_properties, :type) SENSITIVE = [] include Aws::Structure end # A network configuration parameter to provide to the Container Network # Interface (CNI) plugin. # # @note When making an API call, you may pass AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails # data as a hash: # # { # name: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] name # The name of the property. # @return [String] # # @!attribute [rw] value # The value of the property. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails AWS API Documentation # class AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails < Struct.new( :name, :value) SENSITIVE = [] include Aws::Structure end # A data volume to mount from another container. # # @note When making an API call, you may pass AwsEcsTaskDefinitionVolumesDetails # data as a hash: # # { # docker_volume_configuration: { # autoprovision: false, # driver: "NonEmptyString", # driver_opts: { # "NonEmptyString" => "NonEmptyString", # }, # labels: { # "NonEmptyString" => "NonEmptyString", # }, # scope: "NonEmptyString", # }, # efs_volume_configuration: { # authorization_config: { # access_point_id: "NonEmptyString", # iam: "NonEmptyString", # }, # filesystem_id: "NonEmptyString", # root_directory: "NonEmptyString", # transit_encryption: "NonEmptyString", # transit_encryption_port: 1, # }, # host: { # source_path: "NonEmptyString", # }, # name: "NonEmptyString", # } # # @!attribute [rw] docker_volume_configuration # Information about a Docker volume. # @return [Types::AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails] # # @!attribute [rw] efs_volume_configuration # Information about the Amazon Elastic File System file system that is # used for task storage. # @return [Types::AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails] # # @!attribute [rw] host # Information about a bind mount host volume. # @return [Types::AwsEcsTaskDefinitionVolumesHostDetails] # # @!attribute [rw] name # The name of the data volume. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionVolumesDetails AWS API Documentation # class AwsEcsTaskDefinitionVolumesDetails < Struct.new( :docker_volume_configuration, :efs_volume_configuration, :host, :name) SENSITIVE = [] include Aws::Structure end # Information about a Docker volume. # # @note When making an API call, you may pass AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails # data as a hash: # # { # autoprovision: false, # driver: "NonEmptyString", # driver_opts: { # "NonEmptyString" => "NonEmptyString", # }, # labels: { # "NonEmptyString" => "NonEmptyString", # }, # scope: "NonEmptyString", # } # # @!attribute [rw] autoprovision # Whether to create the Docker volume automatically if it does not # already exist. # @return [Boolean] # # @!attribute [rw] driver # The Docker volume driver to use. # @return [String] # # @!attribute [rw] driver_opts # A map of Docker driver-specific options that are passed through. # @return [Hash] # # @!attribute [rw] labels # Custom metadata to add to the Docker volume. # @return [Hash] # # @!attribute [rw] scope # The scope for the Docker volume that determines its lifecycle. # Docker volumes that are scoped to a task are provisioned # automatically when the task starts and destroyed when the task # stops. Docker volumes that are shared persist after the task stops. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails AWS API Documentation # class AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails < Struct.new( :autoprovision, :driver, :driver_opts, :labels, :scope) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails # data as a hash: # # { # access_point_id: "NonEmptyString", # iam: "NonEmptyString", # } # # @!attribute [rw] access_point_id # The Amazon EFS access point identifier to use. # @return [String] # # @!attribute [rw] iam # Whether to use the Amazon ECS task IAM role defined in a task # definition when mounting the Amazon EFS file system. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails AWS API Documentation # class AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails < Struct.new( :access_point_id, :iam) SENSITIVE = [] include Aws::Structure end # Information about the Amazon Elastic File System file system that is # used for task storage. # # @note When making an API call, you may pass AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails # data as a hash: # # { # authorization_config: { # access_point_id: "NonEmptyString", # iam: "NonEmptyString", # }, # filesystem_id: "NonEmptyString", # root_directory: "NonEmptyString", # transit_encryption: "NonEmptyString", # transit_encryption_port: 1, # } # # @!attribute [rw] authorization_config # The authorization configuration details for the Amazon EFS file # system. # @return [Types::AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails] # # @!attribute [rw] filesystem_id # The Amazon EFS file system identifier to use. # @return [String] # # @!attribute [rw] root_directory # The directory within the Amazon EFS file system to mount as the root # directory inside the host. # @return [String] # # @!attribute [rw] transit_encryption # Whether to enable encryption for Amazon EFS data in transit between # the Amazon ECS host and the Amazon EFS server. # @return [String] # # @!attribute [rw] transit_encryption_port # The port to use when sending encrypted data between the Amazon ECS # host and the Amazon EFS server. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails AWS API Documentation # class AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails < Struct.new( :authorization_config, :filesystem_id, :root_directory, :transit_encryption, :transit_encryption_port) SENSITIVE = [] include Aws::Structure end # Information about a bind mount host volume. # # @note When making an API call, you may pass AwsEcsTaskDefinitionVolumesHostDetails # data as a hash: # # { # source_path: "NonEmptyString", # } # # @!attribute [rw] source_path # The path on the host container instance that is presented to the # container. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEcsTaskDefinitionVolumesHostDetails AWS API Documentation # class AwsEcsTaskDefinitionVolumesHostDetails < Struct.new( :source_path) SENSITIVE = [] include Aws::Structure end # Provides details about an Amazon EKS cluster. # # @note When making an API call, you may pass AwsEksClusterDetails # data as a hash: # # { # arn: "NonEmptyString", # certificate_authority_data: "NonEmptyString", # cluster_status: "NonEmptyString", # endpoint: "NonEmptyString", # name: "NonEmptyString", # resources_vpc_config: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # }, # role_arn: "NonEmptyString", # version: "NonEmptyString", # logging: { # cluster_logging: [ # { # enabled: false, # types: ["NonEmptyString"], # }, # ], # }, # } # # @!attribute [rw] arn # The ARN of the cluster. # @return [String] # # @!attribute [rw] certificate_authority_data # The certificate authority data for the cluster. # @return [String] # # @!attribute [rw] cluster_status # The status of the cluster. # @return [String] # # @!attribute [rw] endpoint # The endpoint for the Amazon EKS API server. # @return [String] # # @!attribute [rw] name # The name of the cluster. # @return [String] # # @!attribute [rw] resources_vpc_config # The VPC configuration used by the cluster control plane. # @return [Types::AwsEksClusterResourcesVpcConfigDetails] # # @!attribute [rw] role_arn # The ARN of the IAM role that provides permissions for the Amazon EKS # control plane to make calls to Amazon Web Services API operations on # your behalf. # @return [String] # # @!attribute [rw] version # The Amazon EKS server version for the cluster. # @return [String] # # @!attribute [rw] logging # The logging configuration for the cluster. # @return [Types::AwsEksClusterLoggingDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEksClusterDetails AWS API Documentation # class AwsEksClusterDetails < Struct.new( :arn, :certificate_authority_data, :cluster_status, :endpoint, :name, :resources_vpc_config, :role_arn, :version, :logging) SENSITIVE = [] include Aws::Structure end # Details for a cluster logging configuration. # # @note When making an API call, you may pass AwsEksClusterLoggingClusterLoggingDetails # data as a hash: # # { # enabled: false, # types: ["NonEmptyString"], # } # # @!attribute [rw] enabled # Whether the logging types that are listed in `Types` are enabled. # @return [Boolean] # # @!attribute [rw] types # A list of logging types. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEksClusterLoggingClusterLoggingDetails AWS API Documentation # class AwsEksClusterLoggingClusterLoggingDetails < Struct.new( :enabled, :types) SENSITIVE = [] include Aws::Structure end # The logging configuration for an Amazon EKS cluster. # # @note When making an API call, you may pass AwsEksClusterLoggingDetails # data as a hash: # # { # cluster_logging: [ # { # enabled: false, # types: ["NonEmptyString"], # }, # ], # } # # @!attribute [rw] cluster_logging # Cluster logging configurations. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEksClusterLoggingDetails AWS API Documentation # class AwsEksClusterLoggingDetails < Struct.new( :cluster_logging) SENSITIVE = [] include Aws::Structure end # Information about the VPC configuration used by the cluster control # plane. # # @note When making an API call, you may pass AwsEksClusterResourcesVpcConfigDetails # data as a hash: # # { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # } # # @!attribute [rw] security_group_ids # The security groups that are associated with the cross-account # elastic network interfaces that are used to allow communication # between your nodes and the Amazon EKS control plane. # @return [Array] # # @!attribute [rw] subnet_ids # The subnets that are associated with the cluster. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsEksClusterResourcesVpcConfigDetails AWS API Documentation # class AwsEksClusterResourcesVpcConfigDetails < Struct.new( :security_group_ids, :subnet_ids) SENSITIVE = [] include Aws::Structure end # Contains details about an Elastic Beanstalk environment. # # @note When making an API call, you may pass AwsElasticBeanstalkEnvironmentDetails # data as a hash: # # { # application_name: "NonEmptyString", # cname: "NonEmptyString", # date_created: "NonEmptyString", # date_updated: "NonEmptyString", # description: "NonEmptyString", # endpoint_url: "NonEmptyString", # environment_arn: "NonEmptyString", # environment_id: "NonEmptyString", # environment_links: [ # { # environment_name: "NonEmptyString", # link_name: "NonEmptyString", # }, # ], # environment_name: "NonEmptyString", # option_settings: [ # { # namespace: "NonEmptyString", # option_name: "NonEmptyString", # resource_name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # platform_arn: "NonEmptyString", # solution_stack_name: "NonEmptyString", # status: "NonEmptyString", # tier: { # name: "NonEmptyString", # type: "NonEmptyString", # version: "NonEmptyString", # }, # version_label: "NonEmptyString", # } # # @!attribute [rw] application_name # The name of the application that is associated with the environment. # @return [String] # # @!attribute [rw] cname # The URL to the CNAME for this environment. # @return [String] # # @!attribute [rw] date_created # The creation date for this environment. # @return [String] # # @!attribute [rw] date_updated # The date when this environment was last modified. # @return [String] # # @!attribute [rw] description # A description of the environment. # @return [String] # # @!attribute [rw] endpoint_url # For load-balanced, autoscaling environments, the URL to the load # balancer. For single-instance environments, the IP address of the # instance. # @return [String] # # @!attribute [rw] environment_arn # The ARN of the environment. # @return [String] # # @!attribute [rw] environment_id # The identifier of the environment. # @return [String] # # @!attribute [rw] environment_links # Links to other environments in the same group. # @return [Array] # # @!attribute [rw] environment_name # The name of the environment. # @return [String] # # @!attribute [rw] option_settings # The configuration setting for the environment. # @return [Array] # # @!attribute [rw] platform_arn # The ARN of the platform version for the environment. # @return [String] # # @!attribute [rw] solution_stack_name # The name of the solution stack that is deployed with the # environment. # @return [String] # # @!attribute [rw] status # The current operational status of the environment. # @return [String] # # @!attribute [rw] tier # The tier of the environment. # @return [Types::AwsElasticBeanstalkEnvironmentTier] # # @!attribute [rw] version_label # The application version of the environment. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticBeanstalkEnvironmentDetails AWS API Documentation # class AwsElasticBeanstalkEnvironmentDetails < Struct.new( :application_name, :cname, :date_created, :date_updated, :description, :endpoint_url, :environment_arn, :environment_id, :environment_links, :environment_name, :option_settings, :platform_arn, :solution_stack_name, :status, :tier, :version_label) SENSITIVE = [] include Aws::Structure end # Contains information about a link to another environment that is in # the same group. # # @note When making an API call, you may pass AwsElasticBeanstalkEnvironmentEnvironmentLink # data as a hash: # # { # environment_name: "NonEmptyString", # link_name: "NonEmptyString", # } # # @!attribute [rw] environment_name # The name of the linked environment. # @return [String] # # @!attribute [rw] link_name # The name of the environment link. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticBeanstalkEnvironmentEnvironmentLink AWS API Documentation # class AwsElasticBeanstalkEnvironmentEnvironmentLink < Struct.new( :environment_name, :link_name) SENSITIVE = [] include Aws::Structure end # A configuration option setting for the environment. # # @note When making an API call, you may pass AwsElasticBeanstalkEnvironmentOptionSetting # data as a hash: # # { # namespace: "NonEmptyString", # option_name: "NonEmptyString", # resource_name: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] namespace # The type of resource that the configuration option is associated # with. # @return [String] # # @!attribute [rw] option_name # The name of the option. # @return [String] # # @!attribute [rw] resource_name # The name of the resource. # @return [String] # # @!attribute [rw] value # The value of the configuration setting. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticBeanstalkEnvironmentOptionSetting AWS API Documentation # class AwsElasticBeanstalkEnvironmentOptionSetting < Struct.new( :namespace, :option_name, :resource_name, :value) SENSITIVE = [] include Aws::Structure end # Contains information about the tier of the environment. # # @note When making an API call, you may pass AwsElasticBeanstalkEnvironmentTier # data as a hash: # # { # name: "NonEmptyString", # type: "NonEmptyString", # version: "NonEmptyString", # } # # @!attribute [rw] name # The name of the environment tier. # @return [String] # # @!attribute [rw] type # The type of environment tier. # @return [String] # # @!attribute [rw] version # The version of the environment tier. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticBeanstalkEnvironmentTier AWS API Documentation # class AwsElasticBeanstalkEnvironmentTier < Struct.new( :name, :type, :version) SENSITIVE = [] include Aws::Structure end # Information about an Elasticsearch domain. # # @note When making an API call, you may pass AwsElasticsearchDomainDetails # data as a hash: # # { # access_policies: "NonEmptyString", # domain_endpoint_options: { # enforce_https: false, # tls_security_policy: "NonEmptyString", # }, # domain_id: "NonEmptyString", # domain_name: "NonEmptyString", # endpoint: "NonEmptyString", # endpoints: { # "NonEmptyString" => "NonEmptyString", # }, # elasticsearch_version: "NonEmptyString", # elasticsearch_cluster_config: { # dedicated_master_count: 1, # dedicated_master_enabled: false, # dedicated_master_type: "NonEmptyString", # instance_count: 1, # instance_type: "NonEmptyString", # zone_awareness_config: { # availability_zone_count: 1, # }, # zone_awareness_enabled: false, # }, # encryption_at_rest_options: { # enabled: false, # kms_key_id: "NonEmptyString", # }, # log_publishing_options: { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # }, # node_to_node_encryption_options: { # enabled: false, # }, # service_software_options: { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # }, # vpc_options: { # availability_zones: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # } # # @!attribute [rw] access_policies # IAM policy document specifying the access policies for the new # Elasticsearch domain. # @return [String] # # @!attribute [rw] domain_endpoint_options # Additional options for the domain endpoint. # @return [Types::AwsElasticsearchDomainDomainEndpointOptions] # # @!attribute [rw] domain_id # Unique identifier for an Elasticsearch domain. # @return [String] # # @!attribute [rw] domain_name # Name of an Elasticsearch domain. # # Domain names are unique across all domains owned by the same account # within an Amazon Web Services Region. # # Domain names must start with a lowercase letter and must be between # 3 and 28 characters. # # Valid characters are a-z (lowercase only), 0-9, and – (hyphen). # @return [String] # # @!attribute [rw] endpoint # Domain-specific endpoint used to submit index, search, and data # upload requests to an Elasticsearch domain. # # The endpoint is a service URL. # @return [String] # # @!attribute [rw] endpoints # The key-value pair that exists if the Elasticsearch domain uses VPC # endpoints. # @return [Hash] # # @!attribute [rw] elasticsearch_version # OpenSearch version. # @return [String] # # @!attribute [rw] elasticsearch_cluster_config # Information about an OpenSearch cluster configuration. # @return [Types::AwsElasticsearchDomainElasticsearchClusterConfigDetails] # # @!attribute [rw] encryption_at_rest_options # Details about the configuration for encryption at rest. # @return [Types::AwsElasticsearchDomainEncryptionAtRestOptions] # # @!attribute [rw] log_publishing_options # Configures the CloudWatch Logs to publish for the Elasticsearch # domain. # @return [Types::AwsElasticsearchDomainLogPublishingOptions] # # @!attribute [rw] node_to_node_encryption_options # Details about the configuration for node-to-node encryption. # @return [Types::AwsElasticsearchDomainNodeToNodeEncryptionOptions] # # @!attribute [rw] service_software_options # Information about the status of a domain relative to the latest # service software. # @return [Types::AwsElasticsearchDomainServiceSoftwareOptions] # # @!attribute [rw] vpc_options # Information that OpenSearch derives based on `VPCOptions` for the # domain. # @return [Types::AwsElasticsearchDomainVPCOptions] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainDetails AWS API Documentation # class AwsElasticsearchDomainDetails < Struct.new( :access_policies, :domain_endpoint_options, :domain_id, :domain_name, :endpoint, :endpoints, :elasticsearch_version, :elasticsearch_cluster_config, :encryption_at_rest_options, :log_publishing_options, :node_to_node_encryption_options, :service_software_options, :vpc_options) SENSITIVE = [] include Aws::Structure end # Additional options for the domain endpoint, such as whether to require # HTTPS for all traffic. # # @note When making an API call, you may pass AwsElasticsearchDomainDomainEndpointOptions # data as a hash: # # { # enforce_https: false, # tls_security_policy: "NonEmptyString", # } # # @!attribute [rw] enforce_https # Whether to require that all traffic to the domain arrive over HTTPS. # @return [Boolean] # # @!attribute [rw] tls_security_policy # The TLS security policy to apply to the HTTPS endpoint of the # OpenSearch domain. # # Valid values: # # * `Policy-Min-TLS-1-0-2019-07`, which supports TLSv1.0 and higher # # * `Policy-Min-TLS-1-2-2019-07`, which only supports TLSv1.2 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainDomainEndpointOptions AWS API Documentation # class AwsElasticsearchDomainDomainEndpointOptions < Struct.new( :enforce_https, :tls_security_policy) SENSITIVE = [] include Aws::Structure end # details about the configuration of an OpenSearch cluster. # # @note When making an API call, you may pass AwsElasticsearchDomainElasticsearchClusterConfigDetails # data as a hash: # # { # dedicated_master_count: 1, # dedicated_master_enabled: false, # dedicated_master_type: "NonEmptyString", # instance_count: 1, # instance_type: "NonEmptyString", # zone_awareness_config: { # availability_zone_count: 1, # }, # zone_awareness_enabled: false, # } # # @!attribute [rw] dedicated_master_count # The number of instances to use for the master node. If this # attribute is specified, then `DedicatedMasterEnabled` must be # `true`. # @return [Integer] # # @!attribute [rw] dedicated_master_enabled # Whether to use a dedicated master node for the Elasticsearch domain. # A dedicated master node performs cluster management tasks, but # doesn't hold data or respond to data upload requests. # @return [Boolean] # # @!attribute [rw] dedicated_master_type # The hardware configuration of the computer that hosts the dedicated # master node. For example, `m3.medium.elasticsearch`. If this # attribute is specified, then `DedicatedMasterEnabled` must be # `true`. # @return [String] # # @!attribute [rw] instance_count # The number of data nodes to use in the Elasticsearch domain. # @return [Integer] # # @!attribute [rw] instance_type # The instance type for your data nodes. For example, # `m3.medium.elasticsearch`. # @return [String] # # @!attribute [rw] zone_awareness_config # Configuration options for zone awareness. Provided if # `ZoneAwarenessEnabled` is `true`. # @return [Types::AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails] # # @!attribute [rw] zone_awareness_enabled # Whether to enable zone awareness for the Elasticsearch domain. When # zone awareness is enabled, OpenSearch allocates the cluster's nodes # and replica index shards across Availability Zones in the same # Region. This prevents data loss and minimizes downtime if a node or # data center fails. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainElasticsearchClusterConfigDetails AWS API Documentation # class AwsElasticsearchDomainElasticsearchClusterConfigDetails < Struct.new( :dedicated_master_count, :dedicated_master_enabled, :dedicated_master_type, :instance_count, :instance_type, :zone_awareness_config, :zone_awareness_enabled) SENSITIVE = [] include Aws::Structure end # Configuration options for zone awareness. # # @note When making an API call, you may pass AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails # data as a hash: # # { # availability_zone_count: 1, # } # # @!attribute [rw] availability_zone_count # he number of Availability Zones that the domain uses. Valid values # are 2 and 3. The default is 2. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails AWS API Documentation # class AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails < Struct.new( :availability_zone_count) SENSITIVE = [] include Aws::Structure end # Details about the configuration for encryption at rest. # # @note When making an API call, you may pass AwsElasticsearchDomainEncryptionAtRestOptions # data as a hash: # # { # enabled: false, # kms_key_id: "NonEmptyString", # } # # @!attribute [rw] enabled # Whether encryption at rest is enabled. # @return [Boolean] # # @!attribute [rw] kms_key_id # The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainEncryptionAtRestOptions AWS API Documentation # class AwsElasticsearchDomainEncryptionAtRestOptions < Struct.new( :enabled, :kms_key_id) SENSITIVE = [] include Aws::Structure end # configures the CloudWatch Logs to publish for the Elasticsearch # domain. # # @note When making an API call, you may pass AwsElasticsearchDomainLogPublishingOptions # data as a hash: # # { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # } # # @!attribute [rw] index_slow_logs # Configures the OpenSearch index logs publishing. # @return [Types::AwsElasticsearchDomainLogPublishingOptionsLogConfig] # # @!attribute [rw] search_slow_logs # Configures the OpenSearch search slow log publishing. # @return [Types::AwsElasticsearchDomainLogPublishingOptionsLogConfig] # # @!attribute [rw] audit_logs # The log configuration. # @return [Types::AwsElasticsearchDomainLogPublishingOptionsLogConfig] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainLogPublishingOptions AWS API Documentation # class AwsElasticsearchDomainLogPublishingOptions < Struct.new( :index_slow_logs, :search_slow_logs, :audit_logs) SENSITIVE = [] include Aws::Structure end # The log configuration. # # @note When making an API call, you may pass AwsElasticsearchDomainLogPublishingOptionsLogConfig # data as a hash: # # { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # } # # @!attribute [rw] cloud_watch_logs_log_group_arn # The ARN of the CloudWatch Logs group to publish the logs to. # @return [String] # # @!attribute [rw] enabled # Whether the log publishing is enabled. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainLogPublishingOptionsLogConfig AWS API Documentation # class AwsElasticsearchDomainLogPublishingOptionsLogConfig < Struct.new( :cloud_watch_logs_log_group_arn, :enabled) SENSITIVE = [] include Aws::Structure end # Details about the configuration for node-to-node encryption. # # @note When making an API call, you may pass AwsElasticsearchDomainNodeToNodeEncryptionOptions # data as a hash: # # { # enabled: false, # } # # @!attribute [rw] enabled # Whether node-to-node encryption is enabled. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainNodeToNodeEncryptionOptions AWS API Documentation # class AwsElasticsearchDomainNodeToNodeEncryptionOptions < Struct.new( :enabled) SENSITIVE = [] include Aws::Structure end # Information about the state of the domain relative to the latest # service software. # # @note When making an API call, you may pass AwsElasticsearchDomainServiceSoftwareOptions # data as a hash: # # { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # } # # @!attribute [rw] automated_update_date # The epoch time when the deployment window closes for required # updates. After this time, Amazon OpenSearch Service schedules the # software upgrade automatically. # @return [String] # # @!attribute [rw] cancellable # Whether a request to update the domain can be canceled. # @return [Boolean] # # @!attribute [rw] current_version # The version of the service software that is currently installed on # the domain. # @return [String] # # @!attribute [rw] description # A more detailed description of the service software status. # @return [String] # # @!attribute [rw] new_version # The most recent version of the service software. # @return [String] # # @!attribute [rw] update_available # Whether a service software update is available for the domain. # @return [Boolean] # # @!attribute [rw] update_status # The status of the service software update. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainServiceSoftwareOptions AWS API Documentation # class AwsElasticsearchDomainServiceSoftwareOptions < Struct.new( :automated_update_date, :cancellable, :current_version, :description, :new_version, :update_available, :update_status) SENSITIVE = [] include Aws::Structure end # Information that OpenSearch derives based on `VPCOptions` for the # domain. # # @note When making an API call, you may pass AwsElasticsearchDomainVPCOptions # data as a hash: # # { # availability_zones: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # } # # @!attribute [rw] availability_zones # The list of Availability Zones associated with the VPC subnets. # @return [Array] # # @!attribute [rw] security_group_ids # The list of security group IDs associated with the VPC endpoints for # the domain. # @return [Array] # # @!attribute [rw] subnet_ids # A list of subnet IDs associated with the VPC endpoints for the # domain. # @return [Array] # # @!attribute [rw] vpc_id # ID for the VPC. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElasticsearchDomainVPCOptions AWS API Documentation # class AwsElasticsearchDomainVPCOptions < Struct.new( :availability_zones, :security_group_ids, :subnet_ids, :vpc_id) SENSITIVE = [] include Aws::Structure end # Contains information about a stickiness policy that was created using # `CreateAppCookieStickinessPolicy`. # # @note When making an API call, you may pass AwsElbAppCookieStickinessPolicy # data as a hash: # # { # cookie_name: "NonEmptyString", # policy_name: "NonEmptyString", # } # # @!attribute [rw] cookie_name # The name of the application cookie used for stickiness. # @return [String] # # @!attribute [rw] policy_name # The mnemonic name for the policy being created. The name must be # unique within the set of policies for the load balancer. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbAppCookieStickinessPolicy AWS API Documentation # class AwsElbAppCookieStickinessPolicy < Struct.new( :cookie_name, :policy_name) SENSITIVE = [] include Aws::Structure end # Contains information about a stickiness policy that was created using # `CreateLBCookieStickinessPolicy`. # # @note When making an API call, you may pass AwsElbLbCookieStickinessPolicy # data as a hash: # # { # cookie_expiration_period: 1, # policy_name: "NonEmptyString", # } # # @!attribute [rw] cookie_expiration_period # The amount of time, in seconds, after which the cookie is considered # stale. If an expiration period is not specified, the stickiness # session lasts for the duration of the browser session. # @return [Integer] # # @!attribute [rw] policy_name # The name of the policy. The name must be unique within the set of # policies for the load balancer. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLbCookieStickinessPolicy AWS API Documentation # class AwsElbLbCookieStickinessPolicy < Struct.new( :cookie_expiration_period, :policy_name) SENSITIVE = [] include Aws::Structure end # Contains information about the access log configuration for the load # balancer. # # @note When making an API call, you may pass AwsElbLoadBalancerAccessLog # data as a hash: # # { # emit_interval: 1, # enabled: false, # s3_bucket_name: "NonEmptyString", # s3_bucket_prefix: "NonEmptyString", # } # # @!attribute [rw] emit_interval # The interval in minutes for publishing the access logs. # # You can publish access logs either every 5 minutes or every 60 # minutes. # @return [Integer] # # @!attribute [rw] enabled # Indicates whether access logs are enabled for the load balancer. # @return [Boolean] # # @!attribute [rw] s3_bucket_name # The name of the S3 bucket where the access logs are stored. # @return [String] # # @!attribute [rw] s3_bucket_prefix # The logical hierarchy that was created for the S3 bucket. # # If a prefix is not provided, the log is placed at the root level of # the bucket. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerAccessLog AWS API Documentation # class AwsElbLoadBalancerAccessLog < Struct.new( :emit_interval, :enabled, :s3_bucket_name, :s3_bucket_prefix) SENSITIVE = [] include Aws::Structure end # Contains attributes for the load balancer. # # @note When making an API call, you may pass AwsElbLoadBalancerAttributes # data as a hash: # # { # access_log: { # emit_interval: 1, # enabled: false, # s3_bucket_name: "NonEmptyString", # s3_bucket_prefix: "NonEmptyString", # }, # connection_draining: { # enabled: false, # timeout: 1, # }, # connection_settings: { # idle_timeout: 1, # }, # cross_zone_load_balancing: { # enabled: false, # }, # } # # @!attribute [rw] access_log # Information about the access log configuration for the load # balancer. # # If the access log is enabled, the load balancer captures detailed # information about all requests. It delivers the information to a # specified S3 bucket. # @return [Types::AwsElbLoadBalancerAccessLog] # # @!attribute [rw] connection_draining # Information about the connection draining configuration for the load # balancer. # # If connection draining is enabled, the load balancer allows existing # requests to complete before it shifts traffic away from a # deregistered or unhealthy instance. # @return [Types::AwsElbLoadBalancerConnectionDraining] # # @!attribute [rw] connection_settings # Connection settings for the load balancer. # # If an idle timeout is configured, the load balancer allows # connections to remain idle for the specified duration. When a # connection is idle, no data is sent over the connection. # @return [Types::AwsElbLoadBalancerConnectionSettings] # # @!attribute [rw] cross_zone_load_balancing # Cross-zone load balancing settings for the load balancer. # # If cross-zone load balancing is enabled, the load balancer routes # the request traffic evenly across all instances regardless of the # Availability Zones. # @return [Types::AwsElbLoadBalancerCrossZoneLoadBalancing] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerAttributes AWS API Documentation # class AwsElbLoadBalancerAttributes < Struct.new( :access_log, :connection_draining, :connection_settings, :cross_zone_load_balancing) SENSITIVE = [] include Aws::Structure end # Provides information about the configuration of an EC2 instance for # the load balancer. # # @note When making an API call, you may pass AwsElbLoadBalancerBackendServerDescription # data as a hash: # # { # instance_port: 1, # policy_names: ["NonEmptyString"], # } # # @!attribute [rw] instance_port # The port on which the EC2 instance is listening. # @return [Integer] # # @!attribute [rw] policy_names # The names of the policies that are enabled for the EC2 instance. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerBackendServerDescription AWS API Documentation # class AwsElbLoadBalancerBackendServerDescription < Struct.new( :instance_port, :policy_names) SENSITIVE = [] include Aws::Structure end # Contains information about the connection draining configuration for # the load balancer. # # @note When making an API call, you may pass AwsElbLoadBalancerConnectionDraining # data as a hash: # # { # enabled: false, # timeout: 1, # } # # @!attribute [rw] enabled # Indicates whether connection draining is enabled for the load # balancer. # @return [Boolean] # # @!attribute [rw] timeout # The maximum time, in seconds, to keep the existing connections open # before deregistering the instances. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerConnectionDraining AWS API Documentation # class AwsElbLoadBalancerConnectionDraining < Struct.new( :enabled, :timeout) SENSITIVE = [] include Aws::Structure end # Contains connection settings for the load balancer. # # @note When making an API call, you may pass AwsElbLoadBalancerConnectionSettings # data as a hash: # # { # idle_timeout: 1, # } # # @!attribute [rw] idle_timeout # The time, in seconds, that the connection can be idle (no data is # sent over the connection) before it is closed by the load balancer. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerConnectionSettings AWS API Documentation # class AwsElbLoadBalancerConnectionSettings < Struct.new( :idle_timeout) SENSITIVE = [] include Aws::Structure end # Contains cross-zone load balancing settings for the load balancer. # # @note When making an API call, you may pass AwsElbLoadBalancerCrossZoneLoadBalancing # data as a hash: # # { # enabled: false, # } # # @!attribute [rw] enabled # Indicates whether cross-zone load balancing is enabled for the load # balancer. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerCrossZoneLoadBalancing AWS API Documentation # class AwsElbLoadBalancerCrossZoneLoadBalancing < Struct.new( :enabled) SENSITIVE = [] include Aws::Structure end # Contains details about a Classic Load Balancer. # # @note When making an API call, you may pass AwsElbLoadBalancerDetails # data as a hash: # # { # availability_zones: ["NonEmptyString"], # backend_server_descriptions: [ # { # instance_port: 1, # policy_names: ["NonEmptyString"], # }, # ], # canonical_hosted_zone_name: "NonEmptyString", # canonical_hosted_zone_name_id: "NonEmptyString", # created_time: "NonEmptyString", # dns_name: "NonEmptyString", # health_check: { # healthy_threshold: 1, # interval: 1, # target: "NonEmptyString", # timeout: 1, # unhealthy_threshold: 1, # }, # instances: [ # { # instance_id: "NonEmptyString", # }, # ], # listener_descriptions: [ # { # listener: { # instance_port: 1, # instance_protocol: "NonEmptyString", # load_balancer_port: 1, # protocol: "NonEmptyString", # ssl_certificate_id: "NonEmptyString", # }, # policy_names: ["NonEmptyString"], # }, # ], # load_balancer_attributes: { # access_log: { # emit_interval: 1, # enabled: false, # s3_bucket_name: "NonEmptyString", # s3_bucket_prefix: "NonEmptyString", # }, # connection_draining: { # enabled: false, # timeout: 1, # }, # connection_settings: { # idle_timeout: 1, # }, # cross_zone_load_balancing: { # enabled: false, # }, # }, # load_balancer_name: "NonEmptyString", # policies: { # app_cookie_stickiness_policies: [ # { # cookie_name: "NonEmptyString", # policy_name: "NonEmptyString", # }, # ], # lb_cookie_stickiness_policies: [ # { # cookie_expiration_period: 1, # policy_name: "NonEmptyString", # }, # ], # other_policies: ["NonEmptyString"], # }, # scheme: "NonEmptyString", # security_groups: ["NonEmptyString"], # source_security_group: { # group_name: "NonEmptyString", # owner_alias: "NonEmptyString", # }, # subnets: ["NonEmptyString"], # vpc_id: "NonEmptyString", # } # # @!attribute [rw] availability_zones # The list of Availability Zones for the load balancer. # @return [Array] # # @!attribute [rw] backend_server_descriptions # Information about the configuration of the EC2 instances. # @return [Array] # # @!attribute [rw] canonical_hosted_zone_name # The name of the Amazon Route 53 hosted zone for the load balancer. # @return [String] # # @!attribute [rw] canonical_hosted_zone_name_id # The ID of the Amazon Route 53 hosted zone for the load balancer. # @return [String] # # @!attribute [rw] created_time # Indicates when the load balancer was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] dns_name # The DNS name of the load balancer. # @return [String] # # @!attribute [rw] health_check # Information about the health checks that are conducted on the load # balancer. # @return [Types::AwsElbLoadBalancerHealthCheck] # # @!attribute [rw] instances # List of EC2 instances for the load balancer. # @return [Array] # # @!attribute [rw] listener_descriptions # The policies that are enabled for the load balancer listeners. # @return [Array] # # @!attribute [rw] load_balancer_attributes # The attributes for a load balancer. # @return [Types::AwsElbLoadBalancerAttributes] # # @!attribute [rw] load_balancer_name # The name of the load balancer. # @return [String] # # @!attribute [rw] policies # The policies for a load balancer. # @return [Types::AwsElbLoadBalancerPolicies] # # @!attribute [rw] scheme # The type of load balancer. Only provided if the load balancer is in # a VPC. # # If `Scheme` is `internet-facing`, the load balancer has a public DNS # name that resolves to a public IP address. # # If `Scheme` is `internal`, the load balancer has a public DNS name # that resolves to a private IP address. # @return [String] # # @!attribute [rw] security_groups # The security groups for the load balancer. Only provided if the load # balancer is in a VPC. # @return [Array] # # @!attribute [rw] source_security_group # Information about the security group for the load balancer. This is # the security group that is used for inbound rules. # @return [Types::AwsElbLoadBalancerSourceSecurityGroup] # # @!attribute [rw] subnets # The list of subnet identifiers for the load balancer. # @return [Array] # # @!attribute [rw] vpc_id # The identifier of the VPC for the load balancer. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerDetails AWS API Documentation # class AwsElbLoadBalancerDetails < Struct.new( :availability_zones, :backend_server_descriptions, :canonical_hosted_zone_name, :canonical_hosted_zone_name_id, :created_time, :dns_name, :health_check, :instances, :listener_descriptions, :load_balancer_attributes, :load_balancer_name, :policies, :scheme, :security_groups, :source_security_group, :subnets, :vpc_id) SENSITIVE = [] include Aws::Structure end # Contains information about the health checks that are conducted on the # load balancer. # # @note When making an API call, you may pass AwsElbLoadBalancerHealthCheck # data as a hash: # # { # healthy_threshold: 1, # interval: 1, # target: "NonEmptyString", # timeout: 1, # unhealthy_threshold: 1, # } # # @!attribute [rw] healthy_threshold # The number of consecutive health check successes required before the # instance is moved to the Healthy state. # @return [Integer] # # @!attribute [rw] interval # The approximate interval, in seconds, between health checks of an # individual instance. # @return [Integer] # # @!attribute [rw] target # The instance that is being checked. The target specifies the # protocol and port. The available protocols are TCP, SSL, HTTP, and # HTTPS. The range of valid ports is 1 through 65535. # # For the HTTP and HTTPS protocols, the target also specifies the ping # path. # # For the TCP protocol, the target is specified as `TCP: `. # # For the SSL protocol, the target is specified as `SSL. `. # # For the HTTP and HTTPS protocols, the target is specified as ` # :/ `. # @return [String] # # @!attribute [rw] timeout # The amount of time, in seconds, during which no response means a # failed health check. # @return [Integer] # # @!attribute [rw] unhealthy_threshold # The number of consecutive health check failures that must occur # before the instance is moved to the Unhealthy state. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerHealthCheck AWS API Documentation # class AwsElbLoadBalancerHealthCheck < Struct.new( :healthy_threshold, :interval, :target, :timeout, :unhealthy_threshold) SENSITIVE = [] include Aws::Structure end # Provides information about an EC2 instance for a load balancer. # # @note When making an API call, you may pass AwsElbLoadBalancerInstance # data as a hash: # # { # instance_id: "NonEmptyString", # } # # @!attribute [rw] instance_id # The instance identifier. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerInstance AWS API Documentation # class AwsElbLoadBalancerInstance < Struct.new( :instance_id) SENSITIVE = [] include Aws::Structure end # Information about a load balancer listener. # # @note When making an API call, you may pass AwsElbLoadBalancerListener # data as a hash: # # { # instance_port: 1, # instance_protocol: "NonEmptyString", # load_balancer_port: 1, # protocol: "NonEmptyString", # ssl_certificate_id: "NonEmptyString", # } # # @!attribute [rw] instance_port # The port on which the instance is listening. # @return [Integer] # # @!attribute [rw] instance_protocol # The protocol to use to route traffic to instances. # # Valid values: `HTTP` \| `HTTPS` \| `TCP` \| `SSL` # @return [String] # # @!attribute [rw] load_balancer_port # The port on which the load balancer is listening. # # On EC2-VPC, you can specify any port from the range 1-65535. # # On EC2-Classic, you can specify any port from the following list: # 25, 80, 443, 465, 587, 1024-65535. # @return [Integer] # # @!attribute [rw] protocol # The load balancer transport protocol to use for routing. # # Valid values: `HTTP` \| `HTTPS` \| `TCP` \| `SSL` # @return [String] # # @!attribute [rw] ssl_certificate_id # The ARN of the server certificate. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerListener AWS API Documentation # class AwsElbLoadBalancerListener < Struct.new( :instance_port, :instance_protocol, :load_balancer_port, :protocol, :ssl_certificate_id) SENSITIVE = [] include Aws::Structure end # Lists the policies that are enabled for a load balancer listener. # # @note When making an API call, you may pass AwsElbLoadBalancerListenerDescription # data as a hash: # # { # listener: { # instance_port: 1, # instance_protocol: "NonEmptyString", # load_balancer_port: 1, # protocol: "NonEmptyString", # ssl_certificate_id: "NonEmptyString", # }, # policy_names: ["NonEmptyString"], # } # # @!attribute [rw] listener # Information about the listener. # @return [Types::AwsElbLoadBalancerListener] # # @!attribute [rw] policy_names # The policies enabled for the listener. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerListenerDescription AWS API Documentation # class AwsElbLoadBalancerListenerDescription < Struct.new( :listener, :policy_names) SENSITIVE = [] include Aws::Structure end # Contains information about the policies for a load balancer. # # @note When making an API call, you may pass AwsElbLoadBalancerPolicies # data as a hash: # # { # app_cookie_stickiness_policies: [ # { # cookie_name: "NonEmptyString", # policy_name: "NonEmptyString", # }, # ], # lb_cookie_stickiness_policies: [ # { # cookie_expiration_period: 1, # policy_name: "NonEmptyString", # }, # ], # other_policies: ["NonEmptyString"], # } # # @!attribute [rw] app_cookie_stickiness_policies # The stickiness policies that are created using # `CreateAppCookieStickinessPolicy`. # @return [Array] # # @!attribute [rw] lb_cookie_stickiness_policies # The stickiness policies that are created using # `CreateLBCookieStickinessPolicy`. # @return [Array] # # @!attribute [rw] other_policies # The policies other than the stickiness policies. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerPolicies AWS API Documentation # class AwsElbLoadBalancerPolicies < Struct.new( :app_cookie_stickiness_policies, :lb_cookie_stickiness_policies, :other_policies) SENSITIVE = [] include Aws::Structure end # Contains information about the security group for the load balancer. # # @note When making an API call, you may pass AwsElbLoadBalancerSourceSecurityGroup # data as a hash: # # { # group_name: "NonEmptyString", # owner_alias: "NonEmptyString", # } # # @!attribute [rw] group_name # The name of the security group. # @return [String] # # @!attribute [rw] owner_alias # The owner of the security group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbLoadBalancerSourceSecurityGroup AWS API Documentation # class AwsElbLoadBalancerSourceSecurityGroup < Struct.new( :group_name, :owner_alias) SENSITIVE = [] include Aws::Structure end # A load balancer attribute. # # @note When making an API call, you may pass AwsElbv2LoadBalancerAttribute # data as a hash: # # { # key: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] key # The name of the load balancer attribute. # @return [String] # # @!attribute [rw] value # The value of the load balancer attribute. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbv2LoadBalancerAttribute AWS API Documentation # class AwsElbv2LoadBalancerAttribute < Struct.new( :key, :value) SENSITIVE = [] include Aws::Structure end # Information about a load balancer. # # @note When making an API call, you may pass AwsElbv2LoadBalancerDetails # data as a hash: # # { # availability_zones: [ # { # zone_name: "NonEmptyString", # subnet_id: "NonEmptyString", # }, # ], # canonical_hosted_zone_id: "NonEmptyString", # created_time: "NonEmptyString", # dns_name: "NonEmptyString", # ip_address_type: "NonEmptyString", # scheme: "NonEmptyString", # security_groups: ["NonEmptyString"], # state: { # code: "NonEmptyString", # reason: "NonEmptyString", # }, # type: "NonEmptyString", # vpc_id: "NonEmptyString", # load_balancer_attributes: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # }, # ], # } # # @!attribute [rw] availability_zones # The Availability Zones for the load balancer. # @return [Array] # # @!attribute [rw] canonical_hosted_zone_id # The ID of the Amazon Route 53 hosted zone associated with the load # balancer. # @return [String] # # @!attribute [rw] created_time # Indicates when the load balancer was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] dns_name # The public DNS name of the load balancer. # @return [String] # # @!attribute [rw] ip_address_type # The type of IP addresses used by the subnets for your load balancer. # The possible values are `ipv4` (for IPv4 addresses) and `dualstack` # (for IPv4 and IPv6 addresses). # @return [String] # # @!attribute [rw] scheme # The nodes of an Internet-facing load balancer have public IP # addresses. # @return [String] # # @!attribute [rw] security_groups # The IDs of the security groups for the load balancer. # @return [Array] # # @!attribute [rw] state # The state of the load balancer. # @return [Types::LoadBalancerState] # # @!attribute [rw] type # The type of load balancer. # @return [String] # # @!attribute [rw] vpc_id # The ID of the VPC for the load balancer. # @return [String] # # @!attribute [rw] load_balancer_attributes # Attributes of the load balancer. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsElbv2LoadBalancerDetails AWS API Documentation # class AwsElbv2LoadBalancerDetails < Struct.new( :availability_zones, :canonical_hosted_zone_id, :created_time, :dns_name, :ip_address_type, :scheme, :security_groups, :state, :type, :vpc_id, :load_balancer_attributes) SENSITIVE = [] include Aws::Structure end # IAM access key details related to a finding. # # @note When making an API call, you may pass AwsIamAccessKeyDetails # data as a hash: # # { # user_name: "NonEmptyString", # status: "Active", # accepts Active, Inactive # created_at: "NonEmptyString", # principal_id: "NonEmptyString", # principal_type: "NonEmptyString", # principal_name: "NonEmptyString", # account_id: "NonEmptyString", # access_key_id: "NonEmptyString", # session_context: { # attributes: { # mfa_authenticated: false, # creation_date: "NonEmptyString", # }, # session_issuer: { # type: "NonEmptyString", # principal_id: "NonEmptyString", # arn: "NonEmptyString", # account_id: "NonEmptyString", # user_name: "NonEmptyString", # }, # }, # } # # @!attribute [rw] user_name # The user associated with the IAM access key related to a finding. # # The `UserName` parameter has been replaced with the `PrincipalName` # parameter because access keys can also be assigned to principals # that are not IAM users. # @return [String] # # @!attribute [rw] status # The status of the IAM access key related to a finding. # @return [String] # # @!attribute [rw] created_at # Indicates when the IAM access key was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] principal_id # The ID of the principal associated with an access key. # @return [String] # # @!attribute [rw] principal_type # The type of principal associated with an access key. # @return [String] # # @!attribute [rw] principal_name # The name of the principal. # @return [String] # # @!attribute [rw] account_id # The Amazon Web Services account ID of the account for the key. # @return [String] # # @!attribute [rw] access_key_id # The identifier of the access key. # @return [String] # # @!attribute [rw] session_context # Information about the session that the key was used for. # @return [Types::AwsIamAccessKeySessionContext] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamAccessKeyDetails AWS API Documentation # class AwsIamAccessKeyDetails < Struct.new( :user_name, :status, :created_at, :principal_id, :principal_type, :principal_name, :account_id, :access_key_id, :session_context) SENSITIVE = [] include Aws::Structure end # Provides information about the session that the key was used for. # # @note When making an API call, you may pass AwsIamAccessKeySessionContext # data as a hash: # # { # attributes: { # mfa_authenticated: false, # creation_date: "NonEmptyString", # }, # session_issuer: { # type: "NonEmptyString", # principal_id: "NonEmptyString", # arn: "NonEmptyString", # account_id: "NonEmptyString", # user_name: "NonEmptyString", # }, # } # # @!attribute [rw] attributes # Attributes of the session that the key was used for. # @return [Types::AwsIamAccessKeySessionContextAttributes] # # @!attribute [rw] session_issuer # Information about the entity that created the session. # @return [Types::AwsIamAccessKeySessionContextSessionIssuer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamAccessKeySessionContext AWS API Documentation # class AwsIamAccessKeySessionContext < Struct.new( :attributes, :session_issuer) SENSITIVE = [] include Aws::Structure end # Attributes of the session that the key was used for. # # @note When making an API call, you may pass AwsIamAccessKeySessionContextAttributes # data as a hash: # # { # mfa_authenticated: false, # creation_date: "NonEmptyString", # } # # @!attribute [rw] mfa_authenticated # Indicates whether the session used multi-factor authentication # (MFA). # @return [Boolean] # # @!attribute [rw] creation_date # Indicates when the session was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamAccessKeySessionContextAttributes AWS API Documentation # class AwsIamAccessKeySessionContextAttributes < Struct.new( :mfa_authenticated, :creation_date) SENSITIVE = [] include Aws::Structure end # Information about the entity that created the session. # # @note When making an API call, you may pass AwsIamAccessKeySessionContextSessionIssuer # data as a hash: # # { # type: "NonEmptyString", # principal_id: "NonEmptyString", # arn: "NonEmptyString", # account_id: "NonEmptyString", # user_name: "NonEmptyString", # } # # @!attribute [rw] type # The type of principal (user, role, or group) that created the # session. # @return [String] # # @!attribute [rw] principal_id # The principal ID of the principal (user, role, or group) that # created the session. # @return [String] # # @!attribute [rw] arn # The ARN of the session. # @return [String] # # @!attribute [rw] account_id # The identifier of the Amazon Web Services account that created the # session. # @return [String] # # @!attribute [rw] user_name # The name of the principal that created the session. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamAccessKeySessionContextSessionIssuer AWS API Documentation # class AwsIamAccessKeySessionContextSessionIssuer < Struct.new( :type, :principal_id, :arn, :account_id, :user_name) SENSITIVE = [] include Aws::Structure end # A managed policy that is attached to an IAM principal. # # @note When making an API call, you may pass AwsIamAttachedManagedPolicy # data as a hash: # # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # } # # @!attribute [rw] policy_name # The name of the policy. # @return [String] # # @!attribute [rw] policy_arn # The ARN of the policy. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamAttachedManagedPolicy AWS API Documentation # class AwsIamAttachedManagedPolicy < Struct.new( :policy_name, :policy_arn) SENSITIVE = [] include Aws::Structure end # Contains details about an IAM group. # # @note When making an API call, you may pass AwsIamGroupDetails # data as a hash: # # { # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # group_id: "NonEmptyString", # group_name: "NonEmptyString", # group_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # path: "NonEmptyString", # } # # @!attribute [rw] attached_managed_policies # A list of the managed policies that are attached to the IAM group. # @return [Array] # # @!attribute [rw] create_date # Indicates when the IAM group was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] group_id # The identifier of the IAM group. # @return [String] # # @!attribute [rw] group_name # The name of the IAM group. # @return [String] # # @!attribute [rw] group_policy_list # The list of inline policies that are embedded in the group. # @return [Array] # # @!attribute [rw] path # The path to the group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamGroupDetails AWS API Documentation # class AwsIamGroupDetails < Struct.new( :attached_managed_policies, :create_date, :group_id, :group_name, :group_policy_list, :path) SENSITIVE = [] include Aws::Structure end # A managed policy that is attached to the IAM group. # # @note When making an API call, you may pass AwsIamGroupPolicy # data as a hash: # # { # policy_name: "NonEmptyString", # } # # @!attribute [rw] policy_name # The name of the policy. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamGroupPolicy AWS API Documentation # class AwsIamGroupPolicy < Struct.new( :policy_name) SENSITIVE = [] include Aws::Structure end # Information about an instance profile. # # @note When making an API call, you may pass AwsIamInstanceProfile # data as a hash: # # { # arn: "NonEmptyString", # create_date: "NonEmptyString", # instance_profile_id: "NonEmptyString", # instance_profile_name: "NonEmptyString", # path: "NonEmptyString", # roles: [ # { # arn: "NonEmptyString", # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # create_date: "NonEmptyString", # path: "NonEmptyString", # role_id: "NonEmptyString", # role_name: "NonEmptyString", # }, # ], # } # # @!attribute [rw] arn # The ARN of the instance profile. # @return [String] # # @!attribute [rw] create_date # Indicates when the instance profile was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] instance_profile_id # The identifier of the instance profile. # @return [String] # # @!attribute [rw] instance_profile_name # The name of the instance profile. # @return [String] # # @!attribute [rw] path # The path to the instance profile. # @return [String] # # @!attribute [rw] roles # The roles associated with the instance profile. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamInstanceProfile AWS API Documentation # class AwsIamInstanceProfile < Struct.new( :arn, :create_date, :instance_profile_id, :instance_profile_name, :path, :roles) SENSITIVE = [] include Aws::Structure end # Information about a role associated with an instance profile. # # @note When making an API call, you may pass AwsIamInstanceProfileRole # data as a hash: # # { # arn: "NonEmptyString", # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # create_date: "NonEmptyString", # path: "NonEmptyString", # role_id: "NonEmptyString", # role_name: "NonEmptyString", # } # # @!attribute [rw] arn # The ARN of the role. # @return [String] # # @!attribute [rw] assume_role_policy_document # The policy that grants an entity permission to assume the role. # @return [String] # # @!attribute [rw] create_date # Indicates when the role was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] path # The path to the role. # @return [String] # # @!attribute [rw] role_id # The identifier of the role. # @return [String] # # @!attribute [rw] role_name # The name of the role. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamInstanceProfileRole AWS API Documentation # class AwsIamInstanceProfileRole < Struct.new( :arn, :assume_role_policy_document, :create_date, :path, :role_id, :role_name) SENSITIVE = [] include Aws::Structure end # Information about the policy used to set the permissions boundary for # an IAM principal. # # @note When making an API call, you may pass AwsIamPermissionsBoundary # data as a hash: # # { # permissions_boundary_arn: "NonEmptyString", # permissions_boundary_type: "NonEmptyString", # } # # @!attribute [rw] permissions_boundary_arn # The ARN of the policy used to set the permissions boundary. # @return [String] # # @!attribute [rw] permissions_boundary_type # The usage type for the permissions boundary. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamPermissionsBoundary AWS API Documentation # class AwsIamPermissionsBoundary < Struct.new( :permissions_boundary_arn, :permissions_boundary_type) SENSITIVE = [] include Aws::Structure end # Represents an IAM permissions policy. # # @note When making an API call, you may pass AwsIamPolicyDetails # data as a hash: # # { # attachment_count: 1, # create_date: "NonEmptyString", # default_version_id: "NonEmptyString", # description: "NonEmptyString", # is_attachable: false, # path: "NonEmptyString", # permissions_boundary_usage_count: 1, # policy_id: "NonEmptyString", # policy_name: "NonEmptyString", # policy_version_list: [ # { # version_id: "NonEmptyString", # is_default_version: false, # create_date: "NonEmptyString", # }, # ], # update_date: "NonEmptyString", # } # # @!attribute [rw] attachment_count # The number of users, groups, and roles that the policy is attached # to. # @return [Integer] # # @!attribute [rw] create_date # When the policy was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] default_version_id # The identifier of the default version of the policy. # @return [String] # # @!attribute [rw] description # A description of the policy. # @return [String] # # @!attribute [rw] is_attachable # Whether the policy can be attached to a user, group, or role. # @return [Boolean] # # @!attribute [rw] path # The path to the policy. # @return [String] # # @!attribute [rw] permissions_boundary_usage_count # The number of users and roles that use the policy to set the # permissions boundary. # @return [Integer] # # @!attribute [rw] policy_id # The unique identifier of the policy. # @return [String] # # @!attribute [rw] policy_name # The name of the policy. # @return [String] # # @!attribute [rw] policy_version_list # List of versions of the policy. # @return [Array] # # @!attribute [rw] update_date # When the policy was most recently updated. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamPolicyDetails AWS API Documentation # class AwsIamPolicyDetails < Struct.new( :attachment_count, :create_date, :default_version_id, :description, :is_attachable, :path, :permissions_boundary_usage_count, :policy_id, :policy_name, :policy_version_list, :update_date) SENSITIVE = [] include Aws::Structure end # A version of an IAM policy. # # @note When making an API call, you may pass AwsIamPolicyVersion # data as a hash: # # { # version_id: "NonEmptyString", # is_default_version: false, # create_date: "NonEmptyString", # } # # @!attribute [rw] version_id # The identifier of the policy version. # @return [String] # # @!attribute [rw] is_default_version # Whether the version is the default version. # @return [Boolean] # # @!attribute [rw] create_date # Indicates when the version was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamPolicyVersion AWS API Documentation # class AwsIamPolicyVersion < Struct.new( :version_id, :is_default_version, :create_date) SENSITIVE = [] include Aws::Structure end # Contains information about an IAM role, including all of the role's # policies. # # @note When making an API call, you may pass AwsIamRoleDetails # data as a hash: # # { # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # instance_profile_list: [ # { # arn: "NonEmptyString", # create_date: "NonEmptyString", # instance_profile_id: "NonEmptyString", # instance_profile_name: "NonEmptyString", # path: "NonEmptyString", # roles: [ # { # arn: "NonEmptyString", # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # create_date: "NonEmptyString", # path: "NonEmptyString", # role_id: "NonEmptyString", # role_name: "NonEmptyString", # }, # ], # }, # ], # permissions_boundary: { # permissions_boundary_arn: "NonEmptyString", # permissions_boundary_type: "NonEmptyString", # }, # role_id: "NonEmptyString", # role_name: "NonEmptyString", # role_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # max_session_duration: 1, # path: "NonEmptyString", # } # # @!attribute [rw] assume_role_policy_document # The trust policy that grants permission to assume the role. # @return [String] # # @!attribute [rw] attached_managed_policies # The list of the managed policies that are attached to the role. # @return [Array] # # @!attribute [rw] create_date # Indicates when the role was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] instance_profile_list # The list of instance profiles that contain this role. # @return [Array] # # @!attribute [rw] permissions_boundary # Information about the policy used to set the permissions boundary # for an IAM principal. # @return [Types::AwsIamPermissionsBoundary] # # @!attribute [rw] role_id # The stable and unique string identifying the role. # @return [String] # # @!attribute [rw] role_name # The friendly name that identifies the role. # @return [String] # # @!attribute [rw] role_policy_list # The list of inline policies that are embedded in the role. # @return [Array] # # @!attribute [rw] max_session_duration # The maximum session duration (in seconds) that you want to set for # the specified role. # @return [Integer] # # @!attribute [rw] path # The path to the role. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamRoleDetails AWS API Documentation # class AwsIamRoleDetails < Struct.new( :assume_role_policy_document, :attached_managed_policies, :create_date, :instance_profile_list, :permissions_boundary, :role_id, :role_name, :role_policy_list, :max_session_duration, :path) SENSITIVE = [] include Aws::Structure end # An inline policy that is embedded in the role. # # @note When making an API call, you may pass AwsIamRolePolicy # data as a hash: # # { # policy_name: "NonEmptyString", # } # # @!attribute [rw] policy_name # The name of the policy. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamRolePolicy AWS API Documentation # class AwsIamRolePolicy < Struct.new( :policy_name) SENSITIVE = [] include Aws::Structure end # Information about an IAM user. # # @note When making an API call, you may pass AwsIamUserDetails # data as a hash: # # { # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # group_list: ["NonEmptyString"], # path: "NonEmptyString", # permissions_boundary: { # permissions_boundary_arn: "NonEmptyString", # permissions_boundary_type: "NonEmptyString", # }, # user_id: "NonEmptyString", # user_name: "NonEmptyString", # user_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # } # # @!attribute [rw] attached_managed_policies # A list of the managed policies that are attached to the user. # @return [Array] # # @!attribute [rw] create_date # Indicates when the user was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] group_list # A list of IAM groups that the user belongs to. # @return [Array] # # @!attribute [rw] path # The path to the user. # @return [String] # # @!attribute [rw] permissions_boundary # The permissions boundary for the user. # @return [Types::AwsIamPermissionsBoundary] # # @!attribute [rw] user_id # The unique identifier for the user. # @return [String] # # @!attribute [rw] user_name # The name of the user. # @return [String] # # @!attribute [rw] user_policy_list # The list of inline policies that are embedded in the user. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamUserDetails AWS API Documentation # class AwsIamUserDetails < Struct.new( :attached_managed_policies, :create_date, :group_list, :path, :permissions_boundary, :user_id, :user_name, :user_policy_list) SENSITIVE = [] include Aws::Structure end # Information about an inline policy that is embedded in the user. # # @note When making an API call, you may pass AwsIamUserPolicy # data as a hash: # # { # policy_name: "NonEmptyString", # } # # @!attribute [rw] policy_name # The name of the policy. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsIamUserPolicy AWS API Documentation # class AwsIamUserPolicy < Struct.new( :policy_name) SENSITIVE = [] include Aws::Structure end # Contains metadata about an KMS key. # # @note When making an API call, you may pass AwsKmsKeyDetails # data as a hash: # # { # aws_account_id: "NonEmptyString", # creation_date: 1.0, # key_id: "NonEmptyString", # key_manager: "NonEmptyString", # key_state: "NonEmptyString", # origin: "NonEmptyString", # description: "NonEmptyString", # key_rotation_status: false, # } # # @!attribute [rw] aws_account_id # The twelve-digit account ID of the Amazon Web Services account that # owns the KMS key. # @return [String] # # @!attribute [rw] creation_date # Indicates when the KMS key was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [Float] # # @!attribute [rw] key_id # The globally unique identifier for the KMS key. # @return [String] # # @!attribute [rw] key_manager # The manager of the KMS key. KMS keys in your Amazon Web Services # account are either customer managed or Amazon Web Services managed. # @return [String] # # @!attribute [rw] key_state # The state of the KMS key. # @return [String] # # @!attribute [rw] origin # The source of the KMS key material. # # When this value is `AWS_KMS`, KMS created the key material. # # When this value is `EXTERNAL`, the key material was imported from # your existing key management infrastructure or the KMS key lacks key # material. # # When this value is `AWS_CLOUDHSM`, the key material was created in # the CloudHSM cluster associated with a custom key store. # @return [String] # # @!attribute [rw] description # A description of the key. # @return [String] # # @!attribute [rw] key_rotation_status # Whether the key has key rotation enabled. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsKmsKeyDetails AWS API Documentation # class AwsKmsKeyDetails < Struct.new( :aws_account_id, :creation_date, :key_id, :key_manager, :key_state, :origin, :description, :key_rotation_status) SENSITIVE = [] include Aws::Structure end # The code for the Lambda function. You can specify either an object in # Amazon S3, or upload a deployment package directly. # # @note When making an API call, you may pass AwsLambdaFunctionCode # data as a hash: # # { # s3_bucket: "NonEmptyString", # s3_key: "NonEmptyString", # s3_object_version: "NonEmptyString", # zip_file: "NonEmptyString", # } # # @!attribute [rw] s3_bucket # An Amazon S3 bucket in the same Amazon Web Services Region as your # function. The bucket can be in a different Amazon Web Services # account. # @return [String] # # @!attribute [rw] s3_key # The Amazon S3 key of the deployment package. # @return [String] # # @!attribute [rw] s3_object_version # For versioned objects, the version of the deployment package object # to use. # @return [String] # # @!attribute [rw] zip_file # The base64-encoded contents of the deployment package. Amazon Web # Services SDK and Amazon Web Services CLI clients handle the encoding # for you. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionCode AWS API Documentation # class AwsLambdaFunctionCode < Struct.new( :s3_bucket, :s3_key, :s3_object_version, :zip_file) SENSITIVE = [] include Aws::Structure end # The dead-letter queue for failed asynchronous invocations. # # @note When making an API call, you may pass AwsLambdaFunctionDeadLetterConfig # data as a hash: # # { # target_arn: "NonEmptyString", # } # # @!attribute [rw] target_arn # The ARN of an SQS queue or SNS topic. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionDeadLetterConfig AWS API Documentation # class AwsLambdaFunctionDeadLetterConfig < Struct.new( :target_arn) SENSITIVE = [] include Aws::Structure end # Details about a function's configuration. # # @note When making an API call, you may pass AwsLambdaFunctionDetails # data as a hash: # # { # code: { # s3_bucket: "NonEmptyString", # s3_key: "NonEmptyString", # s3_object_version: "NonEmptyString", # zip_file: "NonEmptyString", # }, # code_sha_256: "NonEmptyString", # dead_letter_config: { # target_arn: "NonEmptyString", # }, # environment: { # variables: { # "NonEmptyString" => "NonEmptyString", # }, # error: { # error_code: "NonEmptyString", # message: "NonEmptyString", # }, # }, # function_name: "NonEmptyString", # handler: "NonEmptyString", # kms_key_arn: "NonEmptyString", # last_modified: "NonEmptyString", # layers: [ # { # arn: "NonEmptyString", # code_size: 1, # }, # ], # master_arn: "NonEmptyString", # memory_size: 1, # revision_id: "NonEmptyString", # role: "NonEmptyString", # runtime: "NonEmptyString", # timeout: 1, # tracing_config: { # mode: "NonEmptyString", # }, # vpc_config: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # version: "NonEmptyString", # } # # @!attribute [rw] code # An `AwsLambdaFunctionCode` object. # @return [Types::AwsLambdaFunctionCode] # # @!attribute [rw] code_sha_256 # The SHA256 hash of the function's deployment package. # @return [String] # # @!attribute [rw] dead_letter_config # The function's dead letter queue. # @return [Types::AwsLambdaFunctionDeadLetterConfig] # # @!attribute [rw] environment # The function's environment variables. # @return [Types::AwsLambdaFunctionEnvironment] # # @!attribute [rw] function_name # The name of the function. # @return [String] # # @!attribute [rw] handler # The function that Lambda calls to begin executing your function. # @return [String] # # @!attribute [rw] kms_key_arn # The KMS key that is used to encrypt the function's environment # variables. This key is only returned if you've configured a # customer managed customer managed key. # @return [String] # # @!attribute [rw] last_modified # Indicates when the function was last updated. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] layers # The function's layers. # @return [Array] # # @!attribute [rw] master_arn # For Lambda@Edge functions, the ARN of the master function. # @return [String] # # @!attribute [rw] memory_size # The memory that is allocated to the function. # @return [Integer] # # @!attribute [rw] revision_id # The latest updated revision of the function or alias. # @return [String] # # @!attribute [rw] role # The function's execution role. # @return [String] # # @!attribute [rw] runtime # The runtime environment for the Lambda function. # @return [String] # # @!attribute [rw] timeout # The amount of time that Lambda allows a function to run before # stopping it. # @return [Integer] # # @!attribute [rw] tracing_config # The function's X-Ray tracing configuration. # @return [Types::AwsLambdaFunctionTracingConfig] # # @!attribute [rw] vpc_config # The function's networking configuration. # @return [Types::AwsLambdaFunctionVpcConfig] # # @!attribute [rw] version # The version of the Lambda function. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionDetails AWS API Documentation # class AwsLambdaFunctionDetails < Struct.new( :code, :code_sha_256, :dead_letter_config, :environment, :function_name, :handler, :kms_key_arn, :last_modified, :layers, :master_arn, :memory_size, :revision_id, :role, :runtime, :timeout, :tracing_config, :vpc_config, :version) SENSITIVE = [] include Aws::Structure end # A function's environment variable settings. # # @note When making an API call, you may pass AwsLambdaFunctionEnvironment # data as a hash: # # { # variables: { # "NonEmptyString" => "NonEmptyString", # }, # error: { # error_code: "NonEmptyString", # message: "NonEmptyString", # }, # } # # @!attribute [rw] variables # Environment variable key-value pairs. # @return [Hash] # # @!attribute [rw] error # An `AwsLambdaFunctionEnvironmentError` object. # @return [Types::AwsLambdaFunctionEnvironmentError] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionEnvironment AWS API Documentation # class AwsLambdaFunctionEnvironment < Struct.new( :variables, :error) SENSITIVE = [] include Aws::Structure end # Error messages for environment variables that could not be applied. # # @note When making an API call, you may pass AwsLambdaFunctionEnvironmentError # data as a hash: # # { # error_code: "NonEmptyString", # message: "NonEmptyString", # } # # @!attribute [rw] error_code # The error code. # @return [String] # # @!attribute [rw] message # The error message. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionEnvironmentError AWS API Documentation # class AwsLambdaFunctionEnvironmentError < Struct.new( :error_code, :message) SENSITIVE = [] include Aws::Structure end # An Lambda layer. # # @note When making an API call, you may pass AwsLambdaFunctionLayer # data as a hash: # # { # arn: "NonEmptyString", # code_size: 1, # } # # @!attribute [rw] arn # The ARN of the function layer. # @return [String] # # @!attribute [rw] code_size # The size of the layer archive in bytes. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionLayer AWS API Documentation # class AwsLambdaFunctionLayer < Struct.new( :arn, :code_size) SENSITIVE = [] include Aws::Structure end # The function's X-Ray tracing configuration. # # @note When making an API call, you may pass AwsLambdaFunctionTracingConfig # data as a hash: # # { # mode: "NonEmptyString", # } # # @!attribute [rw] mode # The tracing mode. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionTracingConfig AWS API Documentation # class AwsLambdaFunctionTracingConfig < Struct.new( :mode) SENSITIVE = [] include Aws::Structure end # The VPC security groups and subnets that are attached to a Lambda # function. # # @note When making an API call, you may pass AwsLambdaFunctionVpcConfig # data as a hash: # # { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # } # # @!attribute [rw] security_group_ids # A list of VPC security groups IDs. # @return [Array] # # @!attribute [rw] subnet_ids # A list of VPC subnet IDs. # @return [Array] # # @!attribute [rw] vpc_id # The ID of the VPC. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaFunctionVpcConfig AWS API Documentation # class AwsLambdaFunctionVpcConfig < Struct.new( :security_group_ids, :subnet_ids, :vpc_id) SENSITIVE = [] include Aws::Structure end # Details about a Lambda layer version. # # @note When making an API call, you may pass AwsLambdaLayerVersionDetails # data as a hash: # # { # version: 1, # compatible_runtimes: ["NonEmptyString"], # created_date: "NonEmptyString", # } # # @!attribute [rw] version # The version number. # @return [Integer] # # @!attribute [rw] compatible_runtimes # The layer's compatible runtimes. Maximum number of five items. # # Valid values: `nodejs10.x` \| `nodejs12.x` \| `java8` \| `java11` \| # `python2.7` \| `python3.6` \| `python3.7` \| `python3.8` \| # `dotnetcore1.0` \| `dotnetcore2.1` \| `go1.x` \| `ruby2.5` \| # `provided` # @return [Array] # # @!attribute [rw] created_date # Indicates when the version was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsLambdaLayerVersionDetails AWS API Documentation # class AwsLambdaLayerVersionDetails < Struct.new( :version, :compatible_runtimes, :created_date) SENSITIVE = [] include Aws::Structure end # Details about an Network Firewall firewall. # # @note When making an API call, you may pass AwsNetworkFirewallFirewallDetails # data as a hash: # # { # delete_protection: false, # description: "NonEmptyString", # firewall_arn: "NonEmptyString", # firewall_id: "NonEmptyString", # firewall_name: "NonEmptyString", # firewall_policy_arn: "NonEmptyString", # firewall_policy_change_protection: false, # subnet_change_protection: false, # subnet_mappings: [ # { # subnet_id: "NonEmptyString", # }, # ], # vpc_id: "NonEmptyString", # } # # @!attribute [rw] delete_protection # Whether the firewall is protected from deletion. If set to `true`, # then the firewall cannot be deleted. # @return [Boolean] # # @!attribute [rw] description # A description of the firewall. # @return [String] # # @!attribute [rw] firewall_arn # The ARN of the firewall. # @return [String] # # @!attribute [rw] firewall_id # The identifier of the firewall. # @return [String] # # @!attribute [rw] firewall_name # A descriptive name of the firewall. # @return [String] # # @!attribute [rw] firewall_policy_arn # The ARN of the firewall policy. # @return [String] # # @!attribute [rw] firewall_policy_change_protection # Whether the firewall is protected from a change to the firewall # policy. If set to `true`, you cannot associate a different policy # with the firewall. # @return [Boolean] # # @!attribute [rw] subnet_change_protection # Whether the firewall is protected from a change to the subnet # associations. If set to `true`, you cannot map different subnets to # the firewall. # @return [Boolean] # # @!attribute [rw] subnet_mappings # The public subnets that Network Firewall uses for the firewall. Each # subnet must belong to a different Availability Zone. # @return [Array] # # @!attribute [rw] vpc_id # The identifier of the VPC where the firewall is used. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallDetails AWS API Documentation # class AwsNetworkFirewallFirewallDetails < Struct.new( :delete_protection, :description, :firewall_arn, :firewall_id, :firewall_name, :firewall_policy_arn, :firewall_policy_change_protection, :subnet_change_protection, :subnet_mappings, :vpc_id) SENSITIVE = [] include Aws::Structure end # Details about a firewall policy. A firewall policy defines the # behavior of a network firewall. # # @note When making an API call, you may pass AwsNetworkFirewallFirewallPolicyDetails # data as a hash: # # { # firewall_policy: { # stateful_rule_group_references: [ # { # resource_arn: "NonEmptyString", # }, # ], # stateless_custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_default_actions: ["NonEmptyString"], # stateless_fragment_default_actions: ["NonEmptyString"], # stateless_rule_group_references: [ # { # priority: 1, # resource_arn: "NonEmptyString", # }, # ], # }, # firewall_policy_arn: "NonEmptyString", # firewall_policy_id: "NonEmptyString", # firewall_policy_name: "NonEmptyString", # description: "NonEmptyString", # } # # @!attribute [rw] firewall_policy # The firewall policy configuration. # @return [Types::FirewallPolicyDetails] # # @!attribute [rw] firewall_policy_arn # The ARN of the firewall policy. # @return [String] # # @!attribute [rw] firewall_policy_id # The identifier of the firewall policy. # @return [String] # # @!attribute [rw] firewall_policy_name # The name of the firewall policy. # @return [String] # # @!attribute [rw] description # A description of the firewall policy. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallPolicyDetails AWS API Documentation # class AwsNetworkFirewallFirewallPolicyDetails < Struct.new( :firewall_policy, :firewall_policy_arn, :firewall_policy_id, :firewall_policy_name, :description) SENSITIVE = [] include Aws::Structure end # A public subnet that Network Firewall uses for the firewall. # # @note When making an API call, you may pass AwsNetworkFirewallFirewallSubnetMappingsDetails # data as a hash: # # { # subnet_id: "NonEmptyString", # } # # @!attribute [rw] subnet_id # The identifier of the subnet # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallFirewallSubnetMappingsDetails AWS API Documentation # class AwsNetworkFirewallFirewallSubnetMappingsDetails < Struct.new( :subnet_id) SENSITIVE = [] include Aws::Structure end # Details about an Network Firewall rule group. Rule groups are used to # inspect and control network traffic. Stateless rule groups apply to # individual packets. Stateful rule groups apply to packets in the # context of their traffic flow. # # Rule groups are referenced in firewall policies. # # @note When making an API call, you may pass AwsNetworkFirewallRuleGroupDetails # data as a hash: # # { # capacity: 1, # description: "NonEmptyString", # rule_group: { # rule_variables: { # ip_sets: { # definition: ["NonEmptyString"], # }, # port_sets: { # definition: ["NonEmptyString"], # }, # }, # rules_source: { # rules_source_list: { # generated_rules_type: "NonEmptyString", # target_types: ["NonEmptyString"], # targets: ["NonEmptyString"], # }, # rules_string: "NonEmptyString", # stateful_rules: [ # { # action: "NonEmptyString", # header: { # destination: "NonEmptyString", # destination_port: "NonEmptyString", # direction: "NonEmptyString", # protocol: "NonEmptyString", # source: "NonEmptyString", # source_port: "NonEmptyString", # }, # rule_options: [ # { # keyword: "NonEmptyString", # settings: ["NonEmptyString"], # }, # ], # }, # ], # stateless_rules_and_custom_actions: { # custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_rules: [ # { # priority: 1, # rule_definition: { # actions: ["NonEmptyString"], # match_attributes: { # destination_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # destinations: [ # { # address_definition: "NonEmptyString", # }, # ], # protocols: [1], # source_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # sources: [ # { # address_definition: "NonEmptyString", # }, # ], # tcp_flags: [ # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # }, # ], # }, # }, # }, # ], # }, # }, # }, # rule_group_arn: "NonEmptyString", # rule_group_id: "NonEmptyString", # rule_group_name: "NonEmptyString", # type: "NonEmptyString", # } # # @!attribute [rw] capacity # The maximum number of operating resources that this rule group can # use. # @return [Integer] # # @!attribute [rw] description # A description of the rule group. # @return [String] # # @!attribute [rw] rule_group # Details about the rule group. # @return [Types::RuleGroupDetails] # # @!attribute [rw] rule_group_arn # The ARN of the rule group. # @return [String] # # @!attribute [rw] rule_group_id # The identifier of the rule group. # @return [String] # # @!attribute [rw] rule_group_name # The descriptive name of the rule group. # @return [String] # # @!attribute [rw] type # The type of rule group. A rule group can be stateful or stateless. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsNetworkFirewallRuleGroupDetails AWS API Documentation # class AwsNetworkFirewallRuleGroupDetails < Struct.new( :capacity, :description, :rule_group, :rule_group_arn, :rule_group_id, :rule_group_name, :type) SENSITIVE = [] include Aws::Structure end # Details about the configuration of an OpenSearch cluster. # # @note When making an API call, you may pass AwsOpenSearchServiceDomainClusterConfigDetails # data as a hash: # # { # instance_count: 1, # warm_enabled: false, # warm_count: 1, # dedicated_master_enabled: false, # zone_awareness_config: { # availability_zone_count: 1, # }, # dedicated_master_count: 1, # instance_type: "NonEmptyString", # warm_type: "NonEmptyString", # zone_awareness_enabled: false, # dedicated_master_type: "NonEmptyString", # } # # @!attribute [rw] instance_count # The number of data nodes to use in the OpenSearch domain. # @return [Integer] # # @!attribute [rw] warm_enabled # Whether UltraWarm is enabled. # @return [Boolean] # # @!attribute [rw] warm_count # The number of UltraWarm instances. # @return [Integer] # # @!attribute [rw] dedicated_master_enabled # Whether to use a dedicated master node for the OpenSearch domain. A # dedicated master node performs cluster management tasks, but does # not hold data or respond to data upload requests. # @return [Boolean] # # @!attribute [rw] zone_awareness_config # Configuration options for zone awareness. Provided if # `ZoneAwarenessEnabled` is `true`. # @return [Types::AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails] # # @!attribute [rw] dedicated_master_count # The number of instances to use for the master node. If this # attribute is specified, then `DedicatedMasterEnabled` must be # `true`. # @return [Integer] # # @!attribute [rw] instance_type # The instance type for your data nodes. # @return [String] # # @!attribute [rw] warm_type # The type of UltraWarm instance. # @return [String] # # @!attribute [rw] zone_awareness_enabled # Whether to enable zone awareness for the OpenSearch domain. When # zone awareness is enabled, OpenSearch Service allocates the # cluster's nodes and replica index shards across Availability Zones # (AZs) in the same Region. This prevents data loss and minimizes # downtime if a node or data center fails. # @return [Boolean] # # @!attribute [rw] dedicated_master_type # The hardware configuration of the computer that hosts the dedicated # master node. # # If this attribute is specified, then `DedicatedMasterEnabled` must # be `true`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainClusterConfigDetails AWS API Documentation # class AwsOpenSearchServiceDomainClusterConfigDetails < Struct.new( :instance_count, :warm_enabled, :warm_count, :dedicated_master_enabled, :zone_awareness_config, :dedicated_master_count, :instance_type, :warm_type, :zone_awareness_enabled, :dedicated_master_type) SENSITIVE = [] include Aws::Structure end # Configuration options for zone awareness. # # @note When making an API call, you may pass AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails # data as a hash: # # { # availability_zone_count: 1, # } # # @!attribute [rw] availability_zone_count # The number of Availability Zones that the domain uses. Valid values # are 2 and 3. The default is 2. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails AWS API Documentation # class AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails < Struct.new( :availability_zone_count) SENSITIVE = [] include Aws::Structure end # Information about an Amazon OpenSearch Service domain. # # @note When making an API call, you may pass AwsOpenSearchServiceDomainDetails # data as a hash: # # { # arn: "NonEmptyString", # access_policies: "NonEmptyString", # domain_name: "NonEmptyString", # id: "NonEmptyString", # domain_endpoint: "NonEmptyString", # engine_version: "NonEmptyString", # encryption_at_rest_options: { # enabled: false, # kms_key_id: "NonEmptyString", # }, # node_to_node_encryption_options: { # enabled: false, # }, # service_software_options: { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # optional_deployment: false, # }, # cluster_config: { # instance_count: 1, # warm_enabled: false, # warm_count: 1, # dedicated_master_enabled: false, # zone_awareness_config: { # availability_zone_count: 1, # }, # dedicated_master_count: 1, # instance_type: "NonEmptyString", # warm_type: "NonEmptyString", # zone_awareness_enabled: false, # dedicated_master_type: "NonEmptyString", # }, # domain_endpoint_options: { # custom_endpoint_certificate_arn: "NonEmptyString", # custom_endpoint_enabled: false, # enforce_https: false, # custom_endpoint: "NonEmptyString", # tls_security_policy: "NonEmptyString", # }, # vpc_options: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # }, # log_publishing_options: { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # }, # domain_endpoints: { # "NonEmptyString" => "NonEmptyString", # }, # } # # @!attribute [rw] arn # The ARN of the OpenSearch Service domain. # @return [String] # # @!attribute [rw] access_policies # IAM policy document that specifies the access policies for the # OpenSearch Service domain. # @return [String] # # @!attribute [rw] domain_name # The name of the endpoint. # @return [String] # # @!attribute [rw] id # The identifier of the domain. # @return [String] # # @!attribute [rw] domain_endpoint # The domain endpoint. # @return [String] # # @!attribute [rw] engine_version # The version of the domain engine. # @return [String] # # @!attribute [rw] encryption_at_rest_options # Details about the configuration for encryption at rest. # @return [Types::AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails] # # @!attribute [rw] node_to_node_encryption_options # Details about the configuration for node-to-node encryption. # @return [Types::AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails] # # @!attribute [rw] service_software_options # Information about the status of a domain relative to the latest # service software. # @return [Types::AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails] # # @!attribute [rw] cluster_config # Details about the configuration of an OpenSearch cluster. # @return [Types::AwsOpenSearchServiceDomainClusterConfigDetails] # # @!attribute [rw] domain_endpoint_options # Additional options for the domain endpoint. # @return [Types::AwsOpenSearchServiceDomainDomainEndpointOptionsDetails] # # @!attribute [rw] vpc_options # Information that OpenSearch Service derives based on `VPCOptions` # for the domain. # @return [Types::AwsOpenSearchServiceDomainVpcOptionsDetails] # # @!attribute [rw] log_publishing_options # Configures the CloudWatch Logs to publish for the OpenSearch domain. # @return [Types::AwsOpenSearchServiceDomainLogPublishingOptionsDetails] # # @!attribute [rw] domain_endpoints # The domain endpoints. Used if the OpenSearch domain resides in a # VPC. # # This is a map of key-value pairs. The key is always `vpc`. The value # is the endpoint. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainDetails AWS API Documentation # class AwsOpenSearchServiceDomainDetails < Struct.new( :arn, :access_policies, :domain_name, :id, :domain_endpoint, :engine_version, :encryption_at_rest_options, :node_to_node_encryption_options, :service_software_options, :cluster_config, :domain_endpoint_options, :vpc_options, :log_publishing_options, :domain_endpoints) SENSITIVE = [] include Aws::Structure end # Information about additional options for the domain endpoint. # # @note When making an API call, you may pass AwsOpenSearchServiceDomainDomainEndpointOptionsDetails # data as a hash: # # { # custom_endpoint_certificate_arn: "NonEmptyString", # custom_endpoint_enabled: false, # enforce_https: false, # custom_endpoint: "NonEmptyString", # tls_security_policy: "NonEmptyString", # } # # @!attribute [rw] custom_endpoint_certificate_arn # The ARN for the security certificate. The certificate is managed in # ACM. # @return [String] # # @!attribute [rw] custom_endpoint_enabled # Whether to enable a custom endpoint for the domain. # @return [Boolean] # # @!attribute [rw] enforce_https # Whether to require that all traffic to the domain arrive over HTTPS. # @return [Boolean] # # @!attribute [rw] custom_endpoint # The fully qualified URL for the custom endpoint. # @return [String] # # @!attribute [rw] tls_security_policy # The TLS security policy to apply to the HTTPS endpoint of the # OpenSearch domain. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainDomainEndpointOptionsDetails AWS API Documentation # class AwsOpenSearchServiceDomainDomainEndpointOptionsDetails < Struct.new( :custom_endpoint_certificate_arn, :custom_endpoint_enabled, :enforce_https, :custom_endpoint, :tls_security_policy) SENSITIVE = [] include Aws::Structure end # Details about the configuration for encryption at rest for the # OpenSearch domain. # # @note When making an API call, you may pass AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails # data as a hash: # # { # enabled: false, # kms_key_id: "NonEmptyString", # } # # @!attribute [rw] enabled # Whether encryption at rest is enabled. # @return [Boolean] # # @!attribute [rw] kms_key_id # The KMS key ID. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails AWS API Documentation # class AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails < Struct.new( :enabled, :kms_key_id) SENSITIVE = [] include Aws::Structure end # Configuration details for a log publishing option. # # @note When making an API call, you may pass AwsOpenSearchServiceDomainLogPublishingOption # data as a hash: # # { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # } # # @!attribute [rw] cloud_watch_logs_log_group_arn # The ARN of the CloudWatch Logs group to publish the logs to. # @return [String] # # @!attribute [rw] enabled # Whether the log publishing is enabled. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainLogPublishingOption AWS API Documentation # class AwsOpenSearchServiceDomainLogPublishingOption < Struct.new( :cloud_watch_logs_log_group_arn, :enabled) SENSITIVE = [] include Aws::Structure end # Configures the CloudWatch Logs to publish for the OpenSearch domain. # # @note When making an API call, you may pass AwsOpenSearchServiceDomainLogPublishingOptionsDetails # data as a hash: # # { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # } # # @!attribute [rw] index_slow_logs # Configures the OpenSearch index logs publishing. # @return [Types::AwsOpenSearchServiceDomainLogPublishingOption] # # @!attribute [rw] search_slow_logs # Configures the OpenSearch search slow log publishing. # @return [Types::AwsOpenSearchServiceDomainLogPublishingOption] # # @!attribute [rw] audit_logs # Configures the OpenSearch audit logs publishing. # @return [Types::AwsOpenSearchServiceDomainLogPublishingOption] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainLogPublishingOptionsDetails AWS API Documentation # class AwsOpenSearchServiceDomainLogPublishingOptionsDetails < Struct.new( :index_slow_logs, :search_slow_logs, :audit_logs) SENSITIVE = [] include Aws::Structure end # Provides details about the configuration for node-to-node encryption. # # @note When making an API call, you may pass AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails # data as a hash: # # { # enabled: false, # } # # @!attribute [rw] enabled # Whether node-to-node encryption is enabled. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails AWS API Documentation # class AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails < Struct.new( :enabled) SENSITIVE = [] include Aws::Structure end # Provides information about the state of the domain relative to the # latest service software. # # @note When making an API call, you may pass AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails # data as a hash: # # { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # optional_deployment: false, # } # # @!attribute [rw] automated_update_date # The epoch time when the deployment window closes for required # updates. After this time, OpenSearch Service schedules the software # upgrade automatically. # @return [String] # # @!attribute [rw] cancellable # Whether a request to update the domain can be canceled. # @return [Boolean] # # @!attribute [rw] current_version # The version of the service software that is currently installed on # the domain. # @return [String] # # @!attribute [rw] description # A more detailed description of the service software status. # @return [String] # # @!attribute [rw] new_version # The most recent version of the service software. # @return [String] # # @!attribute [rw] update_available # Whether a service software update is available for the domain. # @return [Boolean] # # @!attribute [rw] update_status # The status of the service software update. # @return [String] # # @!attribute [rw] optional_deployment # Whether the service software update is optional. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails AWS API Documentation # class AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails < Struct.new( :automated_update_date, :cancellable, :current_version, :description, :new_version, :update_available, :update_status, :optional_deployment) SENSITIVE = [] include Aws::Structure end # Contains information that OpenSearch Service derives based on the # `VPCOptions` for the domain. # # @note When making an API call, you may pass AwsOpenSearchServiceDomainVpcOptionsDetails # data as a hash: # # { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # } # # @!attribute [rw] security_group_ids # The list of security group IDs that are associated with the VPC # endpoints for the domain. # @return [Array] # # @!attribute [rw] subnet_ids # A list of subnet IDs that are associated with the VPC endpoints for # the domain. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsOpenSearchServiceDomainVpcOptionsDetails AWS API Documentation # class AwsOpenSearchServiceDomainVpcOptionsDetails < Struct.new( :security_group_ids, :subnet_ids) SENSITIVE = [] include Aws::Structure end # An IAM role that is associated with the Amazon RDS DB cluster. # # @note When making an API call, you may pass AwsRdsDbClusterAssociatedRole # data as a hash: # # { # role_arn: "NonEmptyString", # status: "NonEmptyString", # } # # @!attribute [rw] role_arn # The ARN of the IAM role. # @return [String] # # @!attribute [rw] status # The status of the association between the IAM role and the DB # cluster. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbClusterAssociatedRole AWS API Documentation # class AwsRdsDbClusterAssociatedRole < Struct.new( :role_arn, :status) SENSITIVE = [] include Aws::Structure end # Information about an Amazon RDS DB cluster. # # @note When making an API call, you may pass AwsRdsDbClusterDetails # data as a hash: # # { # allocated_storage: 1, # availability_zones: ["NonEmptyString"], # backup_retention_period: 1, # database_name: "NonEmptyString", # status: "NonEmptyString", # endpoint: "NonEmptyString", # reader_endpoint: "NonEmptyString", # custom_endpoints: ["NonEmptyString"], # multi_az: false, # engine: "NonEmptyString", # engine_version: "NonEmptyString", # port: 1, # master_username: "NonEmptyString", # preferred_backup_window: "NonEmptyString", # preferred_maintenance_window: "NonEmptyString", # read_replica_identifiers: ["NonEmptyString"], # vpc_security_groups: [ # { # vpc_security_group_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # hosted_zone_id: "NonEmptyString", # storage_encrypted: false, # kms_key_id: "NonEmptyString", # db_cluster_resource_id: "NonEmptyString", # associated_roles: [ # { # role_arn: "NonEmptyString", # status: "NonEmptyString", # }, # ], # cluster_create_time: "NonEmptyString", # enabled_cloud_watch_logs_exports: ["NonEmptyString"], # engine_mode: "NonEmptyString", # deletion_protection: false, # http_endpoint_enabled: false, # activity_stream_status: "NonEmptyString", # copy_tags_to_snapshot: false, # cross_account_clone: false, # domain_memberships: [ # { # domain: "NonEmptyString", # status: "NonEmptyString", # fqdn: "NonEmptyString", # iam_role_name: "NonEmptyString", # }, # ], # db_cluster_parameter_group: "NonEmptyString", # db_subnet_group: "NonEmptyString", # db_cluster_option_group_memberships: [ # { # db_cluster_option_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # db_cluster_identifier: "NonEmptyString", # db_cluster_members: [ # { # is_cluster_writer: false, # promotion_tier: 1, # db_instance_identifier: "NonEmptyString", # db_cluster_parameter_group_status: "NonEmptyString", # }, # ], # iam_database_authentication_enabled: false, # } # # @!attribute [rw] allocated_storage # For all database engines except Aurora, specifies the allocated # storage size in gibibytes (GiB). # @return [Integer] # # @!attribute [rw] availability_zones # A list of Availability Zones (AZs) where instances in the DB cluster # can be created. # @return [Array] # # @!attribute [rw] backup_retention_period # The number of days for which automated backups are retained. # @return [Integer] # # @!attribute [rw] database_name # The name of the database. # @return [String] # # @!attribute [rw] status # The current status of this DB cluster. # @return [String] # # @!attribute [rw] endpoint # The connection endpoint for the primary instance of the DB cluster. # @return [String] # # @!attribute [rw] reader_endpoint # The reader endpoint for the DB cluster. # @return [String] # # @!attribute [rw] custom_endpoints # A list of custom endpoints for the DB cluster. # @return [Array] # # @!attribute [rw] multi_az # Whether the DB cluster has instances in multiple Availability Zones. # @return [Boolean] # # @!attribute [rw] engine # The name of the database engine to use for this DB cluster. # @return [String] # # @!attribute [rw] engine_version # The version number of the database engine to use. # @return [String] # # @!attribute [rw] port # The port number on which the DB instances in the DB cluster accept # connections. # @return [Integer] # # @!attribute [rw] master_username # The name of the master user for the DB cluster. # @return [String] # # @!attribute [rw] preferred_backup_window # The range of time each day when automated backups are created, if # automated backups are enabled. # # Uses the format `HH:MM-HH:MM`. For example, `04:52-05:22`. # @return [String] # # @!attribute [rw] preferred_maintenance_window # The weekly time range during which system maintenance can occur, in # Universal Coordinated Time (UTC). # # Uses the format `:HH:MM-:HH:MM`. # # For the day values, use # `mon`\|`tue`\|`wed`\|`thu`\|`fri`\|`sat`\|`sun`. # # For example, `sun:09:32-sun:10:02`. # @return [String] # # @!attribute [rw] read_replica_identifiers # The identifiers of the read replicas that are associated with this # DB cluster. # @return [Array] # # @!attribute [rw] vpc_security_groups # A list of VPC security groups that the DB cluster belongs to. # @return [Array] # # @!attribute [rw] hosted_zone_id # Specifies the identifier that Amazon Route 53 assigns when you # create a hosted zone. # @return [String] # # @!attribute [rw] storage_encrypted # Whether the DB cluster is encrypted. # @return [Boolean] # # @!attribute [rw] kms_key_id # The ARN of the KMS master key that is used to encrypt the database # instances in the DB cluster. # @return [String] # # @!attribute [rw] db_cluster_resource_id # The identifier of the DB cluster. The identifier must be unique # within each Amazon Web Services Region and is immutable. # @return [String] # # @!attribute [rw] associated_roles # A list of the IAM roles that are associated with the DB cluster. # @return [Array] # # @!attribute [rw] cluster_create_time # Indicates when the DB cluster was created, in Universal Coordinated # Time (UTC). # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] enabled_cloud_watch_logs_exports # A list of log types that this DB cluster is configured to export to # CloudWatch Logs. # @return [Array] # # @!attribute [rw] engine_mode # The database engine mode of the DB cluster. # @return [String] # # @!attribute [rw] deletion_protection # Whether the DB cluster has deletion protection enabled. # @return [Boolean] # # @!attribute [rw] http_endpoint_enabled # Whether the HTTP endpoint for an Aurora Serverless DB cluster is # enabled. # @return [Boolean] # # @!attribute [rw] activity_stream_status # The status of the database activity stream. # @return [String] # # @!attribute [rw] copy_tags_to_snapshot # Whether tags are copied from the DB cluster to snapshots of the DB # cluster. # @return [Boolean] # # @!attribute [rw] cross_account_clone # Whether the DB cluster is a clone of a DB cluster owned by a # different Amazon Web Services account. # @return [Boolean] # # @!attribute [rw] domain_memberships # The Active Directory domain membership records that are associated # with the DB cluster. # @return [Array] # # @!attribute [rw] db_cluster_parameter_group # The name of the DB cluster parameter group for the DB cluster. # @return [String] # # @!attribute [rw] db_subnet_group # The subnet group that is associated with the DB cluster, including # the name, description, and subnets in the subnet group. # @return [String] # # @!attribute [rw] db_cluster_option_group_memberships # The list of option group memberships for this DB cluster. # @return [Array] # # @!attribute [rw] db_cluster_identifier # The DB cluster identifier that the user assigned to the cluster. # This identifier is the unique key that identifies a DB cluster. # @return [String] # # @!attribute [rw] db_cluster_members # The list of instances that make up the DB cluster. # @return [Array] # # @!attribute [rw] iam_database_authentication_enabled # Whether the mapping of IAM accounts to database accounts is enabled. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbClusterDetails AWS API Documentation # class AwsRdsDbClusterDetails < Struct.new( :allocated_storage, :availability_zones, :backup_retention_period, :database_name, :status, :endpoint, :reader_endpoint, :custom_endpoints, :multi_az, :engine, :engine_version, :port, :master_username, :preferred_backup_window, :preferred_maintenance_window, :read_replica_identifiers, :vpc_security_groups, :hosted_zone_id, :storage_encrypted, :kms_key_id, :db_cluster_resource_id, :associated_roles, :cluster_create_time, :enabled_cloud_watch_logs_exports, :engine_mode, :deletion_protection, :http_endpoint_enabled, :activity_stream_status, :copy_tags_to_snapshot, :cross_account_clone, :domain_memberships, :db_cluster_parameter_group, :db_subnet_group, :db_cluster_option_group_memberships, :db_cluster_identifier, :db_cluster_members, :iam_database_authentication_enabled) SENSITIVE = [] include Aws::Structure end # Information about an instance in the DB cluster. # # @note When making an API call, you may pass AwsRdsDbClusterMember # data as a hash: # # { # is_cluster_writer: false, # promotion_tier: 1, # db_instance_identifier: "NonEmptyString", # db_cluster_parameter_group_status: "NonEmptyString", # } # # @!attribute [rw] is_cluster_writer # Whether the cluster member is the primary instance for the DB # cluster. # @return [Boolean] # # @!attribute [rw] promotion_tier # Specifies the order in which an Aurora replica is promoted to the # primary instance when the existing primary instance fails. # @return [Integer] # # @!attribute [rw] db_instance_identifier # The instance identifier for this member of the DB cluster. # @return [String] # # @!attribute [rw] db_cluster_parameter_group_status # The status of the DB cluster parameter group for this member of the # DB cluster. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbClusterMember AWS API Documentation # class AwsRdsDbClusterMember < Struct.new( :is_cluster_writer, :promotion_tier, :db_instance_identifier, :db_cluster_parameter_group_status) SENSITIVE = [] include Aws::Structure end # Information about an option group membership for a DB cluster. # # @note When making an API call, you may pass AwsRdsDbClusterOptionGroupMembership # data as a hash: # # { # db_cluster_option_group_name: "NonEmptyString", # status: "NonEmptyString", # } # # @!attribute [rw] db_cluster_option_group_name # The name of the DB cluster option group. # @return [String] # # @!attribute [rw] status # The status of the DB cluster option group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbClusterOptionGroupMembership AWS API Documentation # class AwsRdsDbClusterOptionGroupMembership < Struct.new( :db_cluster_option_group_name, :status) SENSITIVE = [] include Aws::Structure end # Information about an Amazon RDS DB cluster snapshot. # # @note When making an API call, you may pass AwsRdsDbClusterSnapshotDetails # data as a hash: # # { # availability_zones: ["NonEmptyString"], # snapshot_create_time: "NonEmptyString", # engine: "NonEmptyString", # allocated_storage: 1, # status: "NonEmptyString", # port: 1, # vpc_id: "NonEmptyString", # cluster_create_time: "NonEmptyString", # master_username: "NonEmptyString", # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # snapshot_type: "NonEmptyString", # percent_progress: 1, # storage_encrypted: false, # kms_key_id: "NonEmptyString", # db_cluster_identifier: "NonEmptyString", # db_cluster_snapshot_identifier: "NonEmptyString", # iam_database_authentication_enabled: false, # } # # @!attribute [rw] availability_zones # A list of Availability Zones where instances in the DB cluster can # be created. # @return [Array] # # @!attribute [rw] snapshot_create_time # Indicates when the snapshot was taken. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] engine # The name of the database engine that you want to use for this DB # instance. # @return [String] # # @!attribute [rw] allocated_storage # Specifies the allocated storage size in gibibytes (GiB). # @return [Integer] # # @!attribute [rw] status # The status of this DB cluster snapshot. # @return [String] # # @!attribute [rw] port # The port number on which the DB instances in the DB cluster accept # connections. # @return [Integer] # # @!attribute [rw] vpc_id # The VPC ID that is associated with the DB cluster snapshot. # @return [String] # # @!attribute [rw] cluster_create_time # Indicates when the DB cluster was created, in Universal Coordinated # Time (UTC). # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] master_username # The name of the master user for the DB cluster. # @return [String] # # @!attribute [rw] engine_version # The version of the database engine to use. # @return [String] # # @!attribute [rw] license_model # The license model information for this DB cluster snapshot. # @return [String] # # @!attribute [rw] snapshot_type # The type of DB cluster snapshot. # @return [String] # # @!attribute [rw] percent_progress # Specifies the percentage of the estimated data that has been # transferred. # @return [Integer] # # @!attribute [rw] storage_encrypted # Whether the DB cluster is encrypted. # @return [Boolean] # # @!attribute [rw] kms_key_id # The ARN of the KMS master key that is used to encrypt the database # instances in the DB cluster. # @return [String] # # @!attribute [rw] db_cluster_identifier # The DB cluster identifier. # @return [String] # # @!attribute [rw] db_cluster_snapshot_identifier # The identifier of the DB cluster snapshot. # @return [String] # # @!attribute [rw] iam_database_authentication_enabled # Whether mapping of IAM accounts to database accounts is enabled. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbClusterSnapshotDetails AWS API Documentation # class AwsRdsDbClusterSnapshotDetails < Struct.new( :availability_zones, :snapshot_create_time, :engine, :allocated_storage, :status, :port, :vpc_id, :cluster_create_time, :master_username, :engine_version, :license_model, :snapshot_type, :percent_progress, :storage_encrypted, :kms_key_id, :db_cluster_identifier, :db_cluster_snapshot_identifier, :iam_database_authentication_enabled) SENSITIVE = [] include Aws::Structure end # Information about an Active Directory domain membership record # associated with the DB instance. # # @note When making an API call, you may pass AwsRdsDbDomainMembership # data as a hash: # # { # domain: "NonEmptyString", # status: "NonEmptyString", # fqdn: "NonEmptyString", # iam_role_name: "NonEmptyString", # } # # @!attribute [rw] domain # The identifier of the Active Directory domain. # @return [String] # # @!attribute [rw] status # The status of the Active Directory Domain membership for the DB # instance. # @return [String] # # @!attribute [rw] fqdn # The fully qualified domain name of the Active Directory domain. # @return [String] # # @!attribute [rw] iam_role_name # The name of the IAM role to use when making API calls to the # Directory Service. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbDomainMembership AWS API Documentation # class AwsRdsDbDomainMembership < Struct.new( :domain, :status, :fqdn, :iam_role_name) SENSITIVE = [] include Aws::Structure end # An IAM role associated with the DB instance. # # @note When making an API call, you may pass AwsRdsDbInstanceAssociatedRole # data as a hash: # # { # role_arn: "NonEmptyString", # feature_name: "NonEmptyString", # status: "NonEmptyString", # } # # @!attribute [rw] role_arn # The ARN of the IAM role that is associated with the DB instance. # @return [String] # # @!attribute [rw] feature_name # The name of the feature associated with the IAM role. # @return [String] # # @!attribute [rw] status # Describes the state of the association between the IAM role and the # DB instance. The `Status` property returns one of the following # values: # # * `ACTIVE` - The IAM role ARN is associated with the DB instance and # can be used to access other Amazon Web Services services on your # behalf. # # * `PENDING` - The IAM role ARN is being associated with the DB # instance. # # * `INVALID` - The IAM role ARN is associated with the DB instance. # But the DB instance is unable to assume the IAM role in order to # access other Amazon Web Services services on your behalf. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbInstanceAssociatedRole AWS API Documentation # class AwsRdsDbInstanceAssociatedRole < Struct.new( :role_arn, :feature_name, :status) SENSITIVE = [] include Aws::Structure end # Contains the details of an Amazon RDS DB instance. # # @note When making an API call, you may pass AwsRdsDbInstanceDetails # data as a hash: # # { # associated_roles: [ # { # role_arn: "NonEmptyString", # feature_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # ca_certificate_identifier: "NonEmptyString", # db_cluster_identifier: "NonEmptyString", # db_instance_identifier: "NonEmptyString", # db_instance_class: "NonEmptyString", # db_instance_port: 1, # dbi_resource_id: "NonEmptyString", # db_name: "NonEmptyString", # deletion_protection: false, # endpoint: { # address: "NonEmptyString", # port: 1, # hosted_zone_id: "NonEmptyString", # }, # engine: "NonEmptyString", # engine_version: "NonEmptyString", # iam_database_authentication_enabled: false, # instance_create_time: "NonEmptyString", # kms_key_id: "NonEmptyString", # publicly_accessible: false, # storage_encrypted: false, # tde_credential_arn: "NonEmptyString", # vpc_security_groups: [ # { # vpc_security_group_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # multi_az: false, # enhanced_monitoring_resource_arn: "NonEmptyString", # db_instance_status: "NonEmptyString", # master_username: "NonEmptyString", # allocated_storage: 1, # preferred_backup_window: "NonEmptyString", # backup_retention_period: 1, # db_security_groups: ["NonEmptyString"], # db_parameter_groups: [ # { # db_parameter_group_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # }, # ], # availability_zone: "NonEmptyString", # db_subnet_group: { # db_subnet_group_name: "NonEmptyString", # db_subnet_group_description: "NonEmptyString", # vpc_id: "NonEmptyString", # subnet_group_status: "NonEmptyString", # subnets: [ # { # subnet_identifier: "NonEmptyString", # subnet_availability_zone: { # name: "NonEmptyString", # }, # subnet_status: "NonEmptyString", # }, # ], # db_subnet_group_arn: "NonEmptyString", # }, # preferred_maintenance_window: "NonEmptyString", # pending_modified_values: { # db_instance_class: "NonEmptyString", # allocated_storage: 1, # master_user_password: "NonEmptyString", # port: 1, # backup_retention_period: 1, # multi_az: false, # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # iops: 1, # db_instance_identifier: "NonEmptyString", # storage_type: "NonEmptyString", # ca_certificate_identifier: "NonEmptyString", # db_subnet_group_name: "NonEmptyString", # pending_cloud_watch_logs_exports: { # log_types_to_enable: ["NonEmptyString"], # log_types_to_disable: ["NonEmptyString"], # }, # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # }, # latest_restorable_time: "NonEmptyString", # auto_minor_version_upgrade: false, # read_replica_source_db_instance_identifier: "NonEmptyString", # read_replica_db_instance_identifiers: ["NonEmptyString"], # read_replica_db_cluster_identifiers: ["NonEmptyString"], # license_model: "NonEmptyString", # iops: 1, # option_group_memberships: [ # { # option_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # character_set_name: "NonEmptyString", # secondary_availability_zone: "NonEmptyString", # status_infos: [ # { # status_type: "NonEmptyString", # normal: false, # status: "NonEmptyString", # message: "NonEmptyString", # }, # ], # storage_type: "NonEmptyString", # domain_memberships: [ # { # domain: "NonEmptyString", # status: "NonEmptyString", # fqdn: "NonEmptyString", # iam_role_name: "NonEmptyString", # }, # ], # copy_tags_to_snapshot: false, # monitoring_interval: 1, # monitoring_role_arn: "NonEmptyString", # promotion_tier: 1, # timezone: "NonEmptyString", # performance_insights_enabled: false, # performance_insights_kms_key_id: "NonEmptyString", # performance_insights_retention_period: 1, # enabled_cloud_watch_logs_exports: ["NonEmptyString"], # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # listener_endpoint: { # address: "NonEmptyString", # port: 1, # hosted_zone_id: "NonEmptyString", # }, # max_allocated_storage: 1, # } # # @!attribute [rw] associated_roles # The IAM roles associated with the DB instance. # @return [Array] # # @!attribute [rw] ca_certificate_identifier # The identifier of the CA certificate for this DB instance. # @return [String] # # @!attribute [rw] db_cluster_identifier # If the DB instance is a member of a DB cluster, contains the name of # the DB cluster that the DB instance is a member of. # @return [String] # # @!attribute [rw] db_instance_identifier # Contains a user-supplied database identifier. This identifier is the # unique key that identifies a DB instance. # @return [String] # # @!attribute [rw] db_instance_class # Contains the name of the compute and memory capacity class of the DB # instance. # @return [String] # # @!attribute [rw] db_instance_port # Specifies the port that the DB instance listens on. If the DB # instance is part of a DB cluster, this can be a different port than # the DB cluster port. # @return [Integer] # # @!attribute [rw] dbi_resource_id # The Amazon Web Services Region-unique, immutable identifier for the # DB instance. This identifier is found in CloudTrail log entries # whenever the KMS key for the DB instance is accessed. # @return [String] # # @!attribute [rw] db_name # The meaning of this parameter differs according to the database # engine you use. # # **MySQL, MariaDB, SQL Server, PostgreSQL** # # Contains the name of the initial database of this instance that was # provided at create time, if one was specified when the DB instance # was created. This same name is returned for the life of the DB # instance. # # **Oracle** # # Contains the Oracle System ID (SID) of the created DB instance. Not # shown when the returned parameters do not apply to an Oracle DB # instance. # @return [String] # # @!attribute [rw] deletion_protection # Indicates whether the DB instance has deletion protection enabled. # # When deletion protection is enabled, the database cannot be deleted. # @return [Boolean] # # @!attribute [rw] endpoint # Specifies the connection endpoint. # @return [Types::AwsRdsDbInstanceEndpoint] # # @!attribute [rw] engine # Provides the name of the database engine to use for this DB # instance. # @return [String] # # @!attribute [rw] engine_version # Indicates the database engine version. # @return [String] # # @!attribute [rw] iam_database_authentication_enabled # True if mapping of IAM accounts to database accounts is enabled, and # otherwise false. # # IAM database authentication can be enabled for the following # database engines. # # * For MySQL 5.6, minor version 5.6.34 or higher # # * For MySQL 5.7, minor version 5.7.16 or higher # # * Aurora 5.6 or higher # @return [Boolean] # # @!attribute [rw] instance_create_time # Indicates when the DB instance was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] kms_key_id # If `StorageEncrypted` is true, the KMS key identifier for the # encrypted DB instance. # @return [String] # # @!attribute [rw] publicly_accessible # Specifies the accessibility options for the DB instance. # # A value of true specifies an Internet-facing instance with a # publicly resolvable DNS name, which resolves to a public IP address. # # A value of false specifies an internal instance with a DNS name that # resolves to a private IP address. # @return [Boolean] # # @!attribute [rw] storage_encrypted # Specifies whether the DB instance is encrypted. # @return [Boolean] # # @!attribute [rw] tde_credential_arn # The ARN from the key store with which the instance is associated for # TDE encryption. # @return [String] # # @!attribute [rw] vpc_security_groups # A list of VPC security groups that the DB instance belongs to. # @return [Array] # # @!attribute [rw] multi_az # Whether the DB instance is a multiple Availability Zone deployment. # @return [Boolean] # # @!attribute [rw] enhanced_monitoring_resource_arn # The ARN of the CloudWatch Logs log stream that receives the enhanced # monitoring metrics data for the DB instance. # @return [String] # # @!attribute [rw] db_instance_status # The current status of the DB instance. # @return [String] # # @!attribute [rw] master_username # The master user name of the DB instance. # @return [String] # # @!attribute [rw] allocated_storage # The amount of storage (in gigabytes) to initially allocate for the # DB instance. # @return [Integer] # # @!attribute [rw] preferred_backup_window # The range of time each day when automated backups are created, if # automated backups are enabled. # # Uses the format `HH:MM-HH:MM`. For example, `04:52-05:22`. # @return [String] # # @!attribute [rw] backup_retention_period # The number of days for which to retain automated backups. # @return [Integer] # # @!attribute [rw] db_security_groups # A list of the DB security groups to assign to the DB instance. # @return [Array] # # @!attribute [rw] db_parameter_groups # A list of the DB parameter groups to assign to the DB instance. # @return [Array] # # @!attribute [rw] availability_zone # The Availability Zone where the DB instance will be created. # @return [String] # # @!attribute [rw] db_subnet_group # Information about the subnet group that is associated with the DB # instance. # @return [Types::AwsRdsDbSubnetGroup] # # @!attribute [rw] preferred_maintenance_window # The weekly time range during which system maintenance can occur, in # Universal Coordinated Time (UTC). # # Uses the format `:HH:MM-:HH:MM`. # # For the day values, use # `mon`\|`tue`\|`wed`\|`thu`\|`fri`\|`sat`\|`sun`. # # For example, `sun:09:32-sun:10:02`. # @return [String] # # @!attribute [rw] pending_modified_values # Changes to the DB instance that are currently pending. # @return [Types::AwsRdsDbPendingModifiedValues] # # @!attribute [rw] latest_restorable_time # Specifies the latest time to which a database can be restored with # point-in-time restore. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] auto_minor_version_upgrade # Indicates whether minor version patches are applied automatically. # @return [Boolean] # # @!attribute [rw] read_replica_source_db_instance_identifier # If this DB instance is a read replica, contains the identifier of # the source DB instance. # @return [String] # # @!attribute [rw] read_replica_db_instance_identifiers # List of identifiers of the read replicas associated with this DB # instance. # @return [Array] # # @!attribute [rw] read_replica_db_cluster_identifiers # List of identifiers of Aurora DB clusters to which the RDS DB # instance is replicated as a read replica. # @return [Array] # # @!attribute [rw] license_model # License model information for this DB instance. # @return [String] # # @!attribute [rw] iops # Specifies the provisioned IOPS (I/O operations per second) for this # DB instance. # @return [Integer] # # @!attribute [rw] option_group_memberships # The list of option group memberships for this DB instance. # @return [Array] # # @!attribute [rw] character_set_name # The name of the character set that this DB instance is associated # with. # @return [String] # # @!attribute [rw] secondary_availability_zone # For a DB instance with multi-Availability Zone support, the name of # the secondary Availability Zone. # @return [String] # # @!attribute [rw] status_infos # The status of a read replica. If the instance isn't a read replica, # this is empty. # @return [Array] # # @!attribute [rw] storage_type # The storage type for the DB instance. # @return [String] # # @!attribute [rw] domain_memberships # The Active Directory domain membership records associated with the # DB instance. # @return [Array] # # @!attribute [rw] copy_tags_to_snapshot # Whether to copy resource tags to snapshots of the DB instance. # @return [Boolean] # # @!attribute [rw] monitoring_interval # The interval, in seconds, between points when enhanced monitoring # metrics are collected for the DB instance. # @return [Integer] # # @!attribute [rw] monitoring_role_arn # The ARN for the IAM role that permits Amazon RDS to send enhanced # monitoring metrics to CloudWatch Logs. # @return [String] # # @!attribute [rw] promotion_tier # The order in which to promote an Aurora replica to the primary # instance after a failure of the existing primary instance. # @return [Integer] # # @!attribute [rw] timezone # The time zone of the DB instance. # @return [String] # # @!attribute [rw] performance_insights_enabled # Indicates whether Performance Insights is enabled for the DB # instance. # @return [Boolean] # # @!attribute [rw] performance_insights_kms_key_id # The identifier of the KMS key used to encrypt the Performance # Insights data. # @return [String] # # @!attribute [rw] performance_insights_retention_period # The number of days to retain Performance Insights data. # @return [Integer] # # @!attribute [rw] enabled_cloud_watch_logs_exports # A list of log types that this DB instance is configured to export to # CloudWatch Logs. # @return [Array] # # @!attribute [rw] processor_features # The number of CPU cores and the number of threads per core for the # DB instance class of the DB instance. # @return [Array] # # @!attribute [rw] listener_endpoint # Specifies the connection endpoint. # @return [Types::AwsRdsDbInstanceEndpoint] # # @!attribute [rw] max_allocated_storage # The upper limit to which Amazon RDS can automatically scale the # storage of the DB instance. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbInstanceDetails AWS API Documentation # class AwsRdsDbInstanceDetails < Struct.new( :associated_roles, :ca_certificate_identifier, :db_cluster_identifier, :db_instance_identifier, :db_instance_class, :db_instance_port, :dbi_resource_id, :db_name, :deletion_protection, :endpoint, :engine, :engine_version, :iam_database_authentication_enabled, :instance_create_time, :kms_key_id, :publicly_accessible, :storage_encrypted, :tde_credential_arn, :vpc_security_groups, :multi_az, :enhanced_monitoring_resource_arn, :db_instance_status, :master_username, :allocated_storage, :preferred_backup_window, :backup_retention_period, :db_security_groups, :db_parameter_groups, :availability_zone, :db_subnet_group, :preferred_maintenance_window, :pending_modified_values, :latest_restorable_time, :auto_minor_version_upgrade, :read_replica_source_db_instance_identifier, :read_replica_db_instance_identifiers, :read_replica_db_cluster_identifiers, :license_model, :iops, :option_group_memberships, :character_set_name, :secondary_availability_zone, :status_infos, :storage_type, :domain_memberships, :copy_tags_to_snapshot, :monitoring_interval, :monitoring_role_arn, :promotion_tier, :timezone, :performance_insights_enabled, :performance_insights_kms_key_id, :performance_insights_retention_period, :enabled_cloud_watch_logs_exports, :processor_features, :listener_endpoint, :max_allocated_storage) SENSITIVE = [] include Aws::Structure end # Specifies the connection endpoint. # # @note When making an API call, you may pass AwsRdsDbInstanceEndpoint # data as a hash: # # { # address: "NonEmptyString", # port: 1, # hosted_zone_id: "NonEmptyString", # } # # @!attribute [rw] address # Specifies the DNS address of the DB instance. # @return [String] # # @!attribute [rw] port # Specifies the port that the database engine is listening on. # @return [Integer] # # @!attribute [rw] hosted_zone_id # Specifies the ID that Amazon Route 53 assigns when you create a # hosted zone. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbInstanceEndpoint AWS API Documentation # class AwsRdsDbInstanceEndpoint < Struct.new( :address, :port, :hosted_zone_id) SENSITIVE = [] include Aws::Structure end # A VPC security groups that the DB instance belongs to. # # @note When making an API call, you may pass AwsRdsDbInstanceVpcSecurityGroup # data as a hash: # # { # vpc_security_group_id: "NonEmptyString", # status: "NonEmptyString", # } # # @!attribute [rw] vpc_security_group_id # The name of the VPC security group. # @return [String] # # @!attribute [rw] status # The status of the VPC security group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbInstanceVpcSecurityGroup AWS API Documentation # class AwsRdsDbInstanceVpcSecurityGroup < Struct.new( :vpc_security_group_id, :status) SENSITIVE = [] include Aws::Structure end # An option group membership. # # @note When making an API call, you may pass AwsRdsDbOptionGroupMembership # data as a hash: # # { # option_group_name: "NonEmptyString", # status: "NonEmptyString", # } # # @!attribute [rw] option_group_name # The name of the option group. # @return [String] # # @!attribute [rw] status # The status of the option group membership. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbOptionGroupMembership AWS API Documentation # class AwsRdsDbOptionGroupMembership < Struct.new( :option_group_name, :status) SENSITIVE = [] include Aws::Structure end # Provides information about a parameter group for a DB instance. # # @note When making an API call, you may pass AwsRdsDbParameterGroup # data as a hash: # # { # db_parameter_group_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # } # # @!attribute [rw] db_parameter_group_name # The name of the parameter group. # @return [String] # # @!attribute [rw] parameter_apply_status # The status of parameter updates. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbParameterGroup AWS API Documentation # class AwsRdsDbParameterGroup < Struct.new( :db_parameter_group_name, :parameter_apply_status) SENSITIVE = [] include Aws::Structure end # Changes to a DB instance that are currently pending. # # @note When making an API call, you may pass AwsRdsDbPendingModifiedValues # data as a hash: # # { # db_instance_class: "NonEmptyString", # allocated_storage: 1, # master_user_password: "NonEmptyString", # port: 1, # backup_retention_period: 1, # multi_az: false, # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # iops: 1, # db_instance_identifier: "NonEmptyString", # storage_type: "NonEmptyString", # ca_certificate_identifier: "NonEmptyString", # db_subnet_group_name: "NonEmptyString", # pending_cloud_watch_logs_exports: { # log_types_to_enable: ["NonEmptyString"], # log_types_to_disable: ["NonEmptyString"], # }, # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # } # # @!attribute [rw] db_instance_class # The new DB instance class for the DB instance. # @return [String] # # @!attribute [rw] allocated_storage # The new value of the allocated storage for the DB instance. # @return [Integer] # # @!attribute [rw] master_user_password # The new master user password for the DB instance. # @return [String] # # @!attribute [rw] port # The new port for the DB instance. # @return [Integer] # # @!attribute [rw] backup_retention_period # The new backup retention period for the DB instance. # @return [Integer] # # @!attribute [rw] multi_az # Indicates that a single Availability Zone DB instance is changing to # a multiple Availability Zone deployment. # @return [Boolean] # # @!attribute [rw] engine_version # The new engine version for the DB instance. # @return [String] # # @!attribute [rw] license_model # The new license model value for the DB instance. # @return [String] # # @!attribute [rw] iops # The new provisioned IOPS value for the DB instance. # @return [Integer] # # @!attribute [rw] db_instance_identifier # The new DB instance identifier for the DB instance. # @return [String] # # @!attribute [rw] storage_type # The new storage type for the DB instance. # @return [String] # # @!attribute [rw] ca_certificate_identifier # The new CA certificate identifier for the DB instance. # @return [String] # # @!attribute [rw] db_subnet_group_name # The name of the new subnet group for the DB instance. # @return [String] # # @!attribute [rw] pending_cloud_watch_logs_exports # A list of log types that are being enabled or disabled. # @return [Types::AwsRdsPendingCloudWatchLogsExports] # # @!attribute [rw] processor_features # Processor features that are being updated. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbPendingModifiedValues AWS API Documentation # class AwsRdsDbPendingModifiedValues < Struct.new( :db_instance_class, :allocated_storage, :master_user_password, :port, :backup_retention_period, :multi_az, :engine_version, :license_model, :iops, :db_instance_identifier, :storage_type, :ca_certificate_identifier, :db_subnet_group_name, :pending_cloud_watch_logs_exports, :processor_features) SENSITIVE = [] include Aws::Structure end # A processor feature. # # @note When making an API call, you may pass AwsRdsDbProcessorFeature # data as a hash: # # { # name: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] name # The name of the processor feature. # @return [String] # # @!attribute [rw] value # The value of the processor feature. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbProcessorFeature AWS API Documentation # class AwsRdsDbProcessorFeature < Struct.new( :name, :value) SENSITIVE = [] include Aws::Structure end # Provides details about an Amazon RDS DB cluster snapshot. # # @note When making an API call, you may pass AwsRdsDbSnapshotDetails # data as a hash: # # { # db_snapshot_identifier: "NonEmptyString", # db_instance_identifier: "NonEmptyString", # snapshot_create_time: "NonEmptyString", # engine: "NonEmptyString", # allocated_storage: 1, # status: "NonEmptyString", # port: 1, # availability_zone: "NonEmptyString", # vpc_id: "NonEmptyString", # instance_create_time: "NonEmptyString", # master_username: "NonEmptyString", # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # snapshot_type: "NonEmptyString", # iops: 1, # option_group_name: "NonEmptyString", # percent_progress: 1, # source_region: "NonEmptyString", # source_db_snapshot_identifier: "NonEmptyString", # storage_type: "NonEmptyString", # tde_credential_arn: "NonEmptyString", # encrypted: false, # kms_key_id: "NonEmptyString", # timezone: "NonEmptyString", # iam_database_authentication_enabled: false, # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # dbi_resource_id: "NonEmptyString", # } # # @!attribute [rw] db_snapshot_identifier # The name or ARN of the DB snapshot that is used to restore the DB # instance. # @return [String] # # @!attribute [rw] db_instance_identifier # A name for the DB instance. # @return [String] # # @!attribute [rw] snapshot_create_time # When the snapshot was taken in Coordinated Universal Time (UTC). # @return [String] # # @!attribute [rw] engine # The name of the database engine to use for this DB instance. # @return [String] # # @!attribute [rw] allocated_storage # The amount of storage (in gigabytes) to be initially allocated for # the database instance. # @return [Integer] # # @!attribute [rw] status # The status of this DB snapshot. # @return [String] # # @!attribute [rw] port # The port that the database engine was listening on at the time of # the snapshot. # @return [Integer] # # @!attribute [rw] availability_zone # Specifies the name of the Availability Zone in which the DB instance # was located at the time of the DB snapshot. # @return [String] # # @!attribute [rw] vpc_id # The VPC ID associated with the DB snapshot. # @return [String] # # @!attribute [rw] instance_create_time # Specifies the time in Coordinated Universal Time (UTC) when the DB # instance, from which the snapshot was taken, was created. # @return [String] # # @!attribute [rw] master_username # The master user name for the DB snapshot. # @return [String] # # @!attribute [rw] engine_version # The version of the database engine. # @return [String] # # @!attribute [rw] license_model # License model information for the restored DB instance. # @return [String] # # @!attribute [rw] snapshot_type # The type of the DB snapshot. # @return [String] # # @!attribute [rw] iops # The provisioned IOPS (I/O operations per second) value of the DB # instance at the time of the snapshot. # @return [Integer] # # @!attribute [rw] option_group_name # The option group name for the DB snapshot. # @return [String] # # @!attribute [rw] percent_progress # The percentage of the estimated data that has been transferred. # @return [Integer] # # @!attribute [rw] source_region # The Amazon Web Services Region that the DB snapshot was created in # or copied from. # @return [String] # # @!attribute [rw] source_db_snapshot_identifier # The DB snapshot ARN that the DB snapshot was copied from. # @return [String] # # @!attribute [rw] storage_type # The storage type associated with the DB snapshot. # @return [String] # # @!attribute [rw] tde_credential_arn # The ARN from the key store with which to associate the instance for # TDE encryption. # @return [String] # # @!attribute [rw] encrypted # Whether the DB snapshot is encrypted. # @return [Boolean] # # @!attribute [rw] kms_key_id # If `Encrypted` is `true`, the KMS key identifier for the encrypted # DB snapshot. # @return [String] # # @!attribute [rw] timezone # The time zone of the DB snapshot. # @return [String] # # @!attribute [rw] iam_database_authentication_enabled # Whether mapping of IAM accounts to database accounts is enabled. # @return [Boolean] # # @!attribute [rw] processor_features # The number of CPU cores and the number of threads per core for the # DB instance class of the DB instance. # @return [Array] # # @!attribute [rw] dbi_resource_id # The identifier for the source DB instance. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbSnapshotDetails AWS API Documentation # class AwsRdsDbSnapshotDetails < Struct.new( :db_snapshot_identifier, :db_instance_identifier, :snapshot_create_time, :engine, :allocated_storage, :status, :port, :availability_zone, :vpc_id, :instance_create_time, :master_username, :engine_version, :license_model, :snapshot_type, :iops, :option_group_name, :percent_progress, :source_region, :source_db_snapshot_identifier, :storage_type, :tde_credential_arn, :encrypted, :kms_key_id, :timezone, :iam_database_authentication_enabled, :processor_features, :dbi_resource_id) SENSITIVE = [] include Aws::Structure end # Information about the status of a read replica. # # @note When making an API call, you may pass AwsRdsDbStatusInfo # data as a hash: # # { # status_type: "NonEmptyString", # normal: false, # status: "NonEmptyString", # message: "NonEmptyString", # } # # @!attribute [rw] status_type # The type of status. For a read replica, the status type is read # replication. # @return [String] # # @!attribute [rw] normal # Whether the read replica instance is operating normally. # @return [Boolean] # # @!attribute [rw] status # The status of the read replica instance. # @return [String] # # @!attribute [rw] message # If the read replica is currently in an error state, provides the # error details. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbStatusInfo AWS API Documentation # class AwsRdsDbStatusInfo < Struct.new( :status_type, :normal, :status, :message) SENSITIVE = [] include Aws::Structure end # Information about the subnet group for the database instance. # # @note When making an API call, you may pass AwsRdsDbSubnetGroup # data as a hash: # # { # db_subnet_group_name: "NonEmptyString", # db_subnet_group_description: "NonEmptyString", # vpc_id: "NonEmptyString", # subnet_group_status: "NonEmptyString", # subnets: [ # { # subnet_identifier: "NonEmptyString", # subnet_availability_zone: { # name: "NonEmptyString", # }, # subnet_status: "NonEmptyString", # }, # ], # db_subnet_group_arn: "NonEmptyString", # } # # @!attribute [rw] db_subnet_group_name # The name of the subnet group. # @return [String] # # @!attribute [rw] db_subnet_group_description # The description of the subnet group. # @return [String] # # @!attribute [rw] vpc_id # The VPC ID of the subnet group. # @return [String] # # @!attribute [rw] subnet_group_status # The status of the subnet group. # @return [String] # # @!attribute [rw] subnets # A list of subnets in the subnet group. # @return [Array] # # @!attribute [rw] db_subnet_group_arn # The ARN of the subnet group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbSubnetGroup AWS API Documentation # class AwsRdsDbSubnetGroup < Struct.new( :db_subnet_group_name, :db_subnet_group_description, :vpc_id, :subnet_group_status, :subnets, :db_subnet_group_arn) SENSITIVE = [] include Aws::Structure end # Information about a subnet in a subnet group. # # @note When making an API call, you may pass AwsRdsDbSubnetGroupSubnet # data as a hash: # # { # subnet_identifier: "NonEmptyString", # subnet_availability_zone: { # name: "NonEmptyString", # }, # subnet_status: "NonEmptyString", # } # # @!attribute [rw] subnet_identifier # The identifier of a subnet in the subnet group. # @return [String] # # @!attribute [rw] subnet_availability_zone # Information about the Availability Zone for a subnet in the subnet # group. # @return [Types::AwsRdsDbSubnetGroupSubnetAvailabilityZone] # # @!attribute [rw] subnet_status # The status of a subnet in the subnet group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbSubnetGroupSubnet AWS API Documentation # class AwsRdsDbSubnetGroupSubnet < Struct.new( :subnet_identifier, :subnet_availability_zone, :subnet_status) SENSITIVE = [] include Aws::Structure end # An Availability Zone for a subnet in a subnet group. # # @note When making an API call, you may pass AwsRdsDbSubnetGroupSubnetAvailabilityZone # data as a hash: # # { # name: "NonEmptyString", # } # # @!attribute [rw] name # The name of the Availability Zone for a subnet in the subnet group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsDbSubnetGroupSubnetAvailabilityZone AWS API Documentation # class AwsRdsDbSubnetGroupSubnetAvailabilityZone < Struct.new( :name) SENSITIVE = [] include Aws::Structure end # Details about an Amazon RDS event notification subscription. The # subscription allows Amazon RDS to post events to an SNS topic. # # @note When making an API call, you may pass AwsRdsEventSubscriptionDetails # data as a hash: # # { # cust_subscription_id: "NonEmptyString", # customer_aws_id: "NonEmptyString", # enabled: false, # event_categories_list: ["NonEmptyString"], # event_subscription_arn: "NonEmptyString", # sns_topic_arn: "NonEmptyString", # source_ids_list: ["NonEmptyString"], # source_type: "NonEmptyString", # status: "NonEmptyString", # subscription_creation_time: "NonEmptyString", # } # # @!attribute [rw] cust_subscription_id # The identifier of the account that is associated with the event # notification subscription. # @return [String] # # @!attribute [rw] customer_aws_id # The identifier of the event notification subscription. # @return [String] # # @!attribute [rw] enabled # Whether the event notification subscription is enabled. # @return [Boolean] # # @!attribute [rw] event_categories_list # The list of event categories for the event notification # subscription. # @return [Array] # # @!attribute [rw] event_subscription_arn # The ARN of the event notification subscription. # @return [String] # # @!attribute [rw] sns_topic_arn # The ARN of the SNS topic to post the event notifications to. # @return [String] # # @!attribute [rw] source_ids_list # A list of source identifiers for the event notification # subscription. # @return [Array] # # @!attribute [rw] source_type # The source type for the event notification subscription. # @return [String] # # @!attribute [rw] status # The status of the event notification subscription. # # Valid values: `creating` \| `modifying` \| `deleting` \| `active` \| # `no-permission` \| `topic-not-exist` # @return [String] # # @!attribute [rw] subscription_creation_time # The datetime when the event notification subscription was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsEventSubscriptionDetails AWS API Documentation # class AwsRdsEventSubscriptionDetails < Struct.new( :cust_subscription_id, :customer_aws_id, :enabled, :event_categories_list, :event_subscription_arn, :sns_topic_arn, :source_ids_list, :source_type, :status, :subscription_creation_time) SENSITIVE = [] include Aws::Structure end # Identifies the log types to enable and disable. # # @note When making an API call, you may pass AwsRdsPendingCloudWatchLogsExports # data as a hash: # # { # log_types_to_enable: ["NonEmptyString"], # log_types_to_disable: ["NonEmptyString"], # } # # @!attribute [rw] log_types_to_enable # A list of log types that are being enabled. # @return [Array] # # @!attribute [rw] log_types_to_disable # A list of log types that are being disabled. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRdsPendingCloudWatchLogsExports AWS API Documentation # class AwsRdsPendingCloudWatchLogsExports < Struct.new( :log_types_to_enable, :log_types_to_disable) SENSITIVE = [] include Aws::Structure end # A node in an Amazon Redshift cluster. # # @note When making an API call, you may pass AwsRedshiftClusterClusterNode # data as a hash: # # { # node_role: "NonEmptyString", # private_ip_address: "NonEmptyString", # public_ip_address: "NonEmptyString", # } # # @!attribute [rw] node_role # The role of the node. A node might be a leader node or a compute # node. # @return [String] # # @!attribute [rw] private_ip_address # The private IP address of the node. # @return [String] # # @!attribute [rw] public_ip_address # The public IP address of the node. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterClusterNode AWS API Documentation # class AwsRedshiftClusterClusterNode < Struct.new( :node_role, :private_ip_address, :public_ip_address) SENSITIVE = [] include Aws::Structure end # A cluster parameter group that is associated with an Amazon Redshift # cluster. # # @note When making an API call, you may pass AwsRedshiftClusterClusterParameterGroup # data as a hash: # # { # cluster_parameter_status_list: [ # { # parameter_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # parameter_apply_error_description: "NonEmptyString", # }, # ], # parameter_apply_status: "NonEmptyString", # parameter_group_name: "NonEmptyString", # } # # @!attribute [rw] cluster_parameter_status_list # The list of parameter statuses. # @return [Array] # # @!attribute [rw] parameter_apply_status # The status of updates to the parameters. # @return [String] # # @!attribute [rw] parameter_group_name # The name of the parameter group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterClusterParameterGroup AWS API Documentation # class AwsRedshiftClusterClusterParameterGroup < Struct.new( :cluster_parameter_status_list, :parameter_apply_status, :parameter_group_name) SENSITIVE = [] include Aws::Structure end # The status of a parameter in a cluster parameter group for an Amazon # Redshift cluster. # # @note When making an API call, you may pass AwsRedshiftClusterClusterParameterStatus # data as a hash: # # { # parameter_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # parameter_apply_error_description: "NonEmptyString", # } # # @!attribute [rw] parameter_name # The name of the parameter. # @return [String] # # @!attribute [rw] parameter_apply_status # The status of the parameter. Indicates whether the parameter is in # sync with the database, waiting for a cluster reboot, or encountered # an error when it was applied. # # Valid values: `in-sync` \| `pending-reboot` \| `applying` \| # `invalid-parameter` \| `apply-deferred` \| `apply-error` \| # `unknown-error` # @return [String] # # @!attribute [rw] parameter_apply_error_description # The error that prevented the parameter from being applied to the # database. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterClusterParameterStatus AWS API Documentation # class AwsRedshiftClusterClusterParameterStatus < Struct.new( :parameter_name, :parameter_apply_status, :parameter_apply_error_description) SENSITIVE = [] include Aws::Structure end # A security group that is associated with the cluster. # # @note When making an API call, you may pass AwsRedshiftClusterClusterSecurityGroup # data as a hash: # # { # cluster_security_group_name: "NonEmptyString", # status: "NonEmptyString", # } # # @!attribute [rw] cluster_security_group_name # The name of the cluster security group. # @return [String] # # @!attribute [rw] status # The status of the cluster security group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterClusterSecurityGroup AWS API Documentation # class AwsRedshiftClusterClusterSecurityGroup < Struct.new( :cluster_security_group_name, :status) SENSITIVE = [] include Aws::Structure end # Information about a cross-Region snapshot copy. # # @note When making an API call, you may pass AwsRedshiftClusterClusterSnapshotCopyStatus # data as a hash: # # { # destination_region: "NonEmptyString", # manual_snapshot_retention_period: 1, # retention_period: 1, # snapshot_copy_grant_name: "NonEmptyString", # } # # @!attribute [rw] destination_region # The destination Region that snapshots are automatically copied to # when cross-Region snapshot copy is enabled. # @return [String] # # @!attribute [rw] manual_snapshot_retention_period # The number of days that manual snapshots are retained in the # destination region after they are copied from a source region. # # If the value is -1, then the manual snapshot is retained # indefinitely. # # Valid values: Either -1 or an integer between 1 and 3,653 # @return [Integer] # # @!attribute [rw] retention_period # The number of days to retain automated snapshots in the destination # Region after they are copied from a source Region. # @return [Integer] # # @!attribute [rw] snapshot_copy_grant_name # The name of the snapshot copy grant. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterClusterSnapshotCopyStatus AWS API Documentation # class AwsRedshiftClusterClusterSnapshotCopyStatus < Struct.new( :destination_region, :manual_snapshot_retention_period, :retention_period, :snapshot_copy_grant_name) SENSITIVE = [] include Aws::Structure end # A time windows during which maintenance was deferred for an Amazon # Redshift cluster. # # @note When making an API call, you may pass AwsRedshiftClusterDeferredMaintenanceWindow # data as a hash: # # { # defer_maintenance_end_time: "NonEmptyString", # defer_maintenance_identifier: "NonEmptyString", # defer_maintenance_start_time: "NonEmptyString", # } # # @!attribute [rw] defer_maintenance_end_time # The end of the time window for which maintenance was deferred. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] defer_maintenance_identifier # The identifier of the maintenance window. # @return [String] # # @!attribute [rw] defer_maintenance_start_time # The start of the time window for which maintenance was deferred. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterDeferredMaintenanceWindow AWS API Documentation # class AwsRedshiftClusterDeferredMaintenanceWindow < Struct.new( :defer_maintenance_end_time, :defer_maintenance_identifier, :defer_maintenance_start_time) SENSITIVE = [] include Aws::Structure end # Details about an Amazon Redshift cluster. # # @note When making an API call, you may pass AwsRedshiftClusterDetails # data as a hash: # # { # allow_version_upgrade: false, # automated_snapshot_retention_period: 1, # availability_zone: "NonEmptyString", # cluster_availability_status: "NonEmptyString", # cluster_create_time: "NonEmptyString", # cluster_identifier: "NonEmptyString", # cluster_nodes: [ # { # node_role: "NonEmptyString", # private_ip_address: "NonEmptyString", # public_ip_address: "NonEmptyString", # }, # ], # cluster_parameter_groups: [ # { # cluster_parameter_status_list: [ # { # parameter_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # parameter_apply_error_description: "NonEmptyString", # }, # ], # parameter_apply_status: "NonEmptyString", # parameter_group_name: "NonEmptyString", # }, # ], # cluster_public_key: "NonEmptyString", # cluster_revision_number: "NonEmptyString", # cluster_security_groups: [ # { # cluster_security_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # cluster_snapshot_copy_status: { # destination_region: "NonEmptyString", # manual_snapshot_retention_period: 1, # retention_period: 1, # snapshot_copy_grant_name: "NonEmptyString", # }, # cluster_status: "NonEmptyString", # cluster_subnet_group_name: "NonEmptyString", # cluster_version: "NonEmptyString", # db_name: "NonEmptyString", # deferred_maintenance_windows: [ # { # defer_maintenance_end_time: "NonEmptyString", # defer_maintenance_identifier: "NonEmptyString", # defer_maintenance_start_time: "NonEmptyString", # }, # ], # elastic_ip_status: { # elastic_ip: "NonEmptyString", # status: "NonEmptyString", # }, # elastic_resize_number_of_node_options: "NonEmptyString", # encrypted: false, # endpoint: { # address: "NonEmptyString", # port: 1, # }, # enhanced_vpc_routing: false, # expected_next_snapshot_schedule_time: "NonEmptyString", # expected_next_snapshot_schedule_time_status: "NonEmptyString", # hsm_status: { # hsm_client_certificate_identifier: "NonEmptyString", # hsm_configuration_identifier: "NonEmptyString", # status: "NonEmptyString", # }, # iam_roles: [ # { # apply_status: "NonEmptyString", # iam_role_arn: "NonEmptyString", # }, # ], # kms_key_id: "NonEmptyString", # maintenance_track_name: "NonEmptyString", # manual_snapshot_retention_period: 1, # master_username: "NonEmptyString", # next_maintenance_window_start_time: "NonEmptyString", # node_type: "NonEmptyString", # number_of_nodes: 1, # pending_actions: ["NonEmptyString"], # pending_modified_values: { # automated_snapshot_retention_period: 1, # cluster_identifier: "NonEmptyString", # cluster_type: "NonEmptyString", # cluster_version: "NonEmptyString", # encryption_type: "NonEmptyString", # enhanced_vpc_routing: false, # maintenance_track_name: "NonEmptyString", # master_user_password: "NonEmptyString", # node_type: "NonEmptyString", # number_of_nodes: 1, # publicly_accessible: false, # }, # preferred_maintenance_window: "NonEmptyString", # publicly_accessible: false, # resize_info: { # allow_cancel_resize: false, # resize_type: "NonEmptyString", # }, # restore_status: { # current_restore_rate_in_mega_bytes_per_second: 1.0, # elapsed_time_in_seconds: 1, # estimated_time_to_completion_in_seconds: 1, # progress_in_mega_bytes: 1, # snapshot_size_in_mega_bytes: 1, # status: "NonEmptyString", # }, # snapshot_schedule_identifier: "NonEmptyString", # snapshot_schedule_state: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_security_groups: [ # { # status: "NonEmptyString", # vpc_security_group_id: "NonEmptyString", # }, # ], # } # # @!attribute [rw] allow_version_upgrade # Indicates whether major version upgrades are applied automatically # to the cluster during the maintenance window. # @return [Boolean] # # @!attribute [rw] automated_snapshot_retention_period # The number of days that automatic cluster snapshots are retained. # @return [Integer] # # @!attribute [rw] availability_zone # The name of the Availability Zone in which the cluster is located. # @return [String] # # @!attribute [rw] cluster_availability_status # The availability status of the cluster for queries. Possible values # are the following: # # * `Available` - The cluster is available for queries. # # * `Unavailable` - The cluster is not available for queries. # # * `Maintenance` - The cluster is intermittently available for # queries due to maintenance activities. # # * `Modifying` -The cluster is intermittently available for queries # due to changes that modify the cluster. # # * `Failed` - The cluster failed and is not available for queries. # @return [String] # # @!attribute [rw] cluster_create_time # Indicates when the cluster was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] cluster_identifier # The unique identifier of the cluster. # @return [String] # # @!attribute [rw] cluster_nodes # The nodes in the cluster. # @return [Array] # # @!attribute [rw] cluster_parameter_groups # The list of cluster parameter groups that are associated with this # cluster. # @return [Array] # # @!attribute [rw] cluster_public_key # The public key for the cluster. # @return [String] # # @!attribute [rw] cluster_revision_number # The specific revision number of the database in the cluster. # @return [String] # # @!attribute [rw] cluster_security_groups # A list of cluster security groups that are associated with the # cluster. # @return [Array] # # @!attribute [rw] cluster_snapshot_copy_status # Information about the destination Region and retention period for # the cross-Region snapshot copy. # @return [Types::AwsRedshiftClusterClusterSnapshotCopyStatus] # # @!attribute [rw] cluster_status # The current status of the cluster. # # Valid values: `available` \| `available, prep-for-resize` \| # `available, resize-cleanup` \|` cancelling-resize` \| `creating` \| # `deleting` \| `final-snapshot` \| `hardware-failure` \| # `incompatible-hsm` \|` incompatible-network` \| # `incompatible-parameters` \| `incompatible-restore` \| `modifying` # \| `paused` \| `rebooting` \| `renaming` \| `resizing` \| # `rotating-keys` \| `storage-full` \| `updating-hsm` # @return [String] # # @!attribute [rw] cluster_subnet_group_name # The name of the subnet group that is associated with the cluster. # This parameter is valid only when the cluster is in a VPC. # @return [String] # # @!attribute [rw] cluster_version # The version ID of the Amazon Redshift engine that runs on the # cluster. # @return [String] # # @!attribute [rw] db_name # The name of the initial database that was created when the cluster # was created. # # The same name is returned for the life of the cluster. # # If an initial database is not specified, a database named `devdev` # is created by default. # @return [String] # # @!attribute [rw] deferred_maintenance_windows # List of time windows during which maintenance was deferred. # @return [Array] # # @!attribute [rw] elastic_ip_status # Information about the status of the Elastic IP (EIP) address. # @return [Types::AwsRedshiftClusterElasticIpStatus] # # @!attribute [rw] elastic_resize_number_of_node_options # The number of nodes that you can use the elastic resize method to # resize the cluster to. # @return [String] # # @!attribute [rw] encrypted # Indicates whether the data in the cluster is encrypted at rest. # @return [Boolean] # # @!attribute [rw] endpoint # The connection endpoint. # @return [Types::AwsRedshiftClusterEndpoint] # # @!attribute [rw] enhanced_vpc_routing # Indicates whether to create the cluster with enhanced VPC routing # enabled. # @return [Boolean] # # @!attribute [rw] expected_next_snapshot_schedule_time # Indicates when the next snapshot is expected to be taken. The # cluster must have a valid snapshot schedule and have backups # enabled. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] expected_next_snapshot_schedule_time_status # The status of the next expected snapshot. # # Valid values: `OnTrack` \| `Pending` # @return [String] # # @!attribute [rw] hsm_status # Information about whether the Amazon Redshift cluster finished # applying any changes to hardware security module (HSM) settings that # were specified in a modify cluster command. # @return [Types::AwsRedshiftClusterHsmStatus] # # @!attribute [rw] iam_roles # A list of IAM roles that the cluster can use to access other Amazon # Web Services services. # @return [Array] # # @!attribute [rw] kms_key_id # The identifier of the KMS encryption key that is used to encrypt # data in the cluster. # @return [String] # # @!attribute [rw] maintenance_track_name # The name of the maintenance track for the cluster. # @return [String] # # @!attribute [rw] manual_snapshot_retention_period # The default number of days to retain a manual snapshot. # # If the value is -1, the snapshot is retained indefinitely. # # This setting doesn't change the retention period of existing # snapshots. # # Valid values: Either -1 or an integer between 1 and 3,653 # @return [Integer] # # @!attribute [rw] master_username # The master user name for the cluster. This name is used to connect # to the database that is specified in as the value of `DBName`. # @return [String] # # @!attribute [rw] next_maintenance_window_start_time # Indicates the start of the next maintenance window. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] node_type # The node type for the nodes in the cluster. # @return [String] # # @!attribute [rw] number_of_nodes # The number of compute nodes in the cluster. # @return [Integer] # # @!attribute [rw] pending_actions # A list of cluster operations that are waiting to start. # @return [Array] # # @!attribute [rw] pending_modified_values # A list of changes to the cluster that are currently pending. # @return [Types::AwsRedshiftClusterPendingModifiedValues] # # @!attribute [rw] preferred_maintenance_window # The weekly time range, in Universal Coordinated Time (UTC), during # which system maintenance can occur. # # Format: ` :HH:MM-:HH:MM` # # For the day values, use `mon` \| `tue` \| `wed` \| `thu` \| `fri` \| # `sat` \| `sun` # # For example, `sun:09:32-sun:10:02` # @return [String] # # @!attribute [rw] publicly_accessible # Whether the cluster can be accessed from a public network. # @return [Boolean] # # @!attribute [rw] resize_info # Information about the resize operation for the cluster. # @return [Types::AwsRedshiftClusterResizeInfo] # # @!attribute [rw] restore_status # Information about the status of a cluster restore action. Only # applies to a cluster that was created by restoring a snapshot. # @return [Types::AwsRedshiftClusterRestoreStatus] # # @!attribute [rw] snapshot_schedule_identifier # A unique identifier for the cluster snapshot schedule. # @return [String] # # @!attribute [rw] snapshot_schedule_state # The current state of the cluster snapshot schedule. # # Valid values: `MODIFYING` \| `ACTIVE` \| `FAILED` # @return [String] # # @!attribute [rw] vpc_id # The identifier of the VPC that the cluster is in, if the cluster is # in a VPC. # @return [String] # # @!attribute [rw] vpc_security_groups # The list of VPC security groups that the cluster belongs to, if the # cluster is in a VPC. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterDetails AWS API Documentation # class AwsRedshiftClusterDetails < Struct.new( :allow_version_upgrade, :automated_snapshot_retention_period, :availability_zone, :cluster_availability_status, :cluster_create_time, :cluster_identifier, :cluster_nodes, :cluster_parameter_groups, :cluster_public_key, :cluster_revision_number, :cluster_security_groups, :cluster_snapshot_copy_status, :cluster_status, :cluster_subnet_group_name, :cluster_version, :db_name, :deferred_maintenance_windows, :elastic_ip_status, :elastic_resize_number_of_node_options, :encrypted, :endpoint, :enhanced_vpc_routing, :expected_next_snapshot_schedule_time, :expected_next_snapshot_schedule_time_status, :hsm_status, :iam_roles, :kms_key_id, :maintenance_track_name, :manual_snapshot_retention_period, :master_username, :next_maintenance_window_start_time, :node_type, :number_of_nodes, :pending_actions, :pending_modified_values, :preferred_maintenance_window, :publicly_accessible, :resize_info, :restore_status, :snapshot_schedule_identifier, :snapshot_schedule_state, :vpc_id, :vpc_security_groups) SENSITIVE = [] include Aws::Structure end # The status of the elastic IP (EIP) address for an Amazon Redshift # cluster. # # @note When making an API call, you may pass AwsRedshiftClusterElasticIpStatus # data as a hash: # # { # elastic_ip: "NonEmptyString", # status: "NonEmptyString", # } # # @!attribute [rw] elastic_ip # The elastic IP address for the cluster. # @return [String] # # @!attribute [rw] status # The status of the elastic IP address. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterElasticIpStatus AWS API Documentation # class AwsRedshiftClusterElasticIpStatus < Struct.new( :elastic_ip, :status) SENSITIVE = [] include Aws::Structure end # The connection endpoint for an Amazon Redshift cluster. # # @note When making an API call, you may pass AwsRedshiftClusterEndpoint # data as a hash: # # { # address: "NonEmptyString", # port: 1, # } # # @!attribute [rw] address # The DNS address of the cluster. # @return [String] # # @!attribute [rw] port # The port that the database engine listens on. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterEndpoint AWS API Documentation # class AwsRedshiftClusterEndpoint < Struct.new( :address, :port) SENSITIVE = [] include Aws::Structure end # Information about whether an Amazon Redshift cluster finished applying # any hardware changes to security module (HSM) settings that were # specified in a modify cluster command. # # @note When making an API call, you may pass AwsRedshiftClusterHsmStatus # data as a hash: # # { # hsm_client_certificate_identifier: "NonEmptyString", # hsm_configuration_identifier: "NonEmptyString", # status: "NonEmptyString", # } # # @!attribute [rw] hsm_client_certificate_identifier # The name of the HSM client certificate that the Amazon Redshift # cluster uses to retrieve the data encryption keys that are stored in # an HSM. # @return [String] # # @!attribute [rw] hsm_configuration_identifier # The name of the HSM configuration that contains the information that # the Amazon Redshift cluster can use to retrieve and store keys in an # HSM. # @return [String] # # @!attribute [rw] status # Indicates whether the Amazon Redshift cluster has finished applying # any HSM settings changes specified in a modify cluster command. # # Type: String # # Valid values: `active` \| `applying` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterHsmStatus AWS API Documentation # class AwsRedshiftClusterHsmStatus < Struct.new( :hsm_client_certificate_identifier, :hsm_configuration_identifier, :status) SENSITIVE = [] include Aws::Structure end # An IAM role that the cluster can use to access other Amazon Web # Services services. # # @note When making an API call, you may pass AwsRedshiftClusterIamRole # data as a hash: # # { # apply_status: "NonEmptyString", # iam_role_arn: "NonEmptyString", # } # # @!attribute [rw] apply_status # The status of the IAM role's association with the cluster. # # Valid values: `in-sync` \| `adding` \| `removing` # @return [String] # # @!attribute [rw] iam_role_arn # The ARN of the IAM role. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterIamRole AWS API Documentation # class AwsRedshiftClusterIamRole < Struct.new( :apply_status, :iam_role_arn) SENSITIVE = [] include Aws::Structure end # Changes to the Amazon Redshift cluster that are currently pending. # # @note When making an API call, you may pass AwsRedshiftClusterPendingModifiedValues # data as a hash: # # { # automated_snapshot_retention_period: 1, # cluster_identifier: "NonEmptyString", # cluster_type: "NonEmptyString", # cluster_version: "NonEmptyString", # encryption_type: "NonEmptyString", # enhanced_vpc_routing: false, # maintenance_track_name: "NonEmptyString", # master_user_password: "NonEmptyString", # node_type: "NonEmptyString", # number_of_nodes: 1, # publicly_accessible: false, # } # # @!attribute [rw] automated_snapshot_retention_period # The pending or in-progress change to the automated snapshot # retention period. # @return [Integer] # # @!attribute [rw] cluster_identifier # The pending or in-progress change to the identifier for the cluster. # @return [String] # # @!attribute [rw] cluster_type # The pending or in-progress change to the cluster type. # @return [String] # # @!attribute [rw] cluster_version # The pending or in-progress change to the service version. # @return [String] # # @!attribute [rw] encryption_type # The encryption type for a cluster. # @return [String] # # @!attribute [rw] enhanced_vpc_routing # Indicates whether to create the cluster with enhanced VPC routing # enabled. # @return [Boolean] # # @!attribute [rw] maintenance_track_name # The name of the maintenance track that the cluster changes to during # the next maintenance window. # @return [String] # # @!attribute [rw] master_user_password # The pending or in-progress change to the master user password for # the cluster. # @return [String] # # @!attribute [rw] node_type # The pending or in-progress change to the cluster's node type. # @return [String] # # @!attribute [rw] number_of_nodes # The pending or in-progress change to the number of nodes in the # cluster. # @return [Integer] # # @!attribute [rw] publicly_accessible # The pending or in-progress change to whether the cluster can be # connected to from the public network. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterPendingModifiedValues AWS API Documentation # class AwsRedshiftClusterPendingModifiedValues < Struct.new( :automated_snapshot_retention_period, :cluster_identifier, :cluster_type, :cluster_version, :encryption_type, :enhanced_vpc_routing, :maintenance_track_name, :master_user_password, :node_type, :number_of_nodes, :publicly_accessible) SENSITIVE = [] include Aws::Structure end # Information about the resize operation for the cluster. # # @note When making an API call, you may pass AwsRedshiftClusterResizeInfo # data as a hash: # # { # allow_cancel_resize: false, # resize_type: "NonEmptyString", # } # # @!attribute [rw] allow_cancel_resize # Indicates whether the resize operation can be canceled. # @return [Boolean] # # @!attribute [rw] resize_type # The type of resize operation. # # Valid values: `ClassicResize` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterResizeInfo AWS API Documentation # class AwsRedshiftClusterResizeInfo < Struct.new( :allow_cancel_resize, :resize_type) SENSITIVE = [] include Aws::Structure end # Information about the status of a cluster restore action. It only # applies if the cluster was created by restoring a snapshot. # # @note When making an API call, you may pass AwsRedshiftClusterRestoreStatus # data as a hash: # # { # current_restore_rate_in_mega_bytes_per_second: 1.0, # elapsed_time_in_seconds: 1, # estimated_time_to_completion_in_seconds: 1, # progress_in_mega_bytes: 1, # snapshot_size_in_mega_bytes: 1, # status: "NonEmptyString", # } # # @!attribute [rw] current_restore_rate_in_mega_bytes_per_second # The number of megabytes per second being transferred from the backup # storage. Returns the average rate for a completed backup. # # This field is only updated when you restore to DC2 and DS2 node # types. # @return [Float] # # @!attribute [rw] elapsed_time_in_seconds # The amount of time an in-progress restore has been running, or the # amount of time it took a completed restore to finish. # # This field is only updated when you restore to DC2 and DS2 node # types. # @return [Integer] # # @!attribute [rw] estimated_time_to_completion_in_seconds # The estimate of the time remaining before the restore is complete. # Returns 0 for a completed restore. # # This field is only updated when you restore to DC2 and DS2 node # types. # @return [Integer] # # @!attribute [rw] progress_in_mega_bytes # The number of megabytes that were transferred from snapshot storage. # # This field is only updated when you restore to DC2 and DS2 node # types. # @return [Integer] # # @!attribute [rw] snapshot_size_in_mega_bytes # The size of the set of snapshot data that was used to restore the # cluster. # # This field is only updated when you restore to DC2 and DS2 node # types. # @return [Integer] # # @!attribute [rw] status # The status of the restore action. # # Valid values: `starting` \| `restoring` \| `completed` \| `failed` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterRestoreStatus AWS API Documentation # class AwsRedshiftClusterRestoreStatus < Struct.new( :current_restore_rate_in_mega_bytes_per_second, :elapsed_time_in_seconds, :estimated_time_to_completion_in_seconds, :progress_in_mega_bytes, :snapshot_size_in_mega_bytes, :status) SENSITIVE = [] include Aws::Structure end # A VPC security group that the cluster belongs to, if the cluster is in # a VPC. # # @note When making an API call, you may pass AwsRedshiftClusterVpcSecurityGroup # data as a hash: # # { # status: "NonEmptyString", # vpc_security_group_id: "NonEmptyString", # } # # @!attribute [rw] status # The status of the VPC security group. # @return [String] # # @!attribute [rw] vpc_security_group_id # The identifier of the VPC security group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsRedshiftClusterVpcSecurityGroup AWS API Documentation # class AwsRedshiftClusterVpcSecurityGroup < Struct.new( :status, :vpc_security_group_id) SENSITIVE = [] include Aws::Structure end # provides information about the Amazon S3 Public Access Block # configuration for accounts. # # @note When making an API call, you may pass AwsS3AccountPublicAccessBlockDetails # data as a hash: # # { # block_public_acls: false, # block_public_policy: false, # ignore_public_acls: false, # restrict_public_buckets: false, # } # # @!attribute [rw] block_public_acls # Indicates whether to reject calls to update an S3 bucket if the # calls include a public access control list (ACL). # @return [Boolean] # # @!attribute [rw] block_public_policy # Indicates whether to reject calls to update the access policy for an # S3 bucket or access point if the policy allows public access. # @return [Boolean] # # @!attribute [rw] ignore_public_acls # Indicates whether Amazon S3 ignores public ACLs that are associated # with an S3 bucket. # @return [Boolean] # # @!attribute [rw] restrict_public_buckets # Indicates whether to restrict access to an access point or S3 bucket # that has a public policy to only Amazon Web Services service # principals and authorized users within the S3 bucket owner's # account. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3AccountPublicAccessBlockDetails AWS API Documentation # class AwsS3AccountPublicAccessBlockDetails < Struct.new( :block_public_acls, :block_public_policy, :ignore_public_acls, :restrict_public_buckets) SENSITIVE = [] include Aws::Structure end # The lifecycle configuration for the objects in the S3 bucket. # # @note When making an API call, you may pass AwsS3BucketBucketLifecycleConfigurationDetails # data as a hash: # # { # rules: [ # { # abort_incomplete_multipart_upload: { # days_after_initiation: 1, # }, # expiration_date: "NonEmptyString", # expiration_in_days: 1, # expired_object_delete_marker: false, # filter: { # predicate: { # operands: [ # { # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # }, # id: "NonEmptyString", # noncurrent_version_expiration_in_days: 1, # noncurrent_version_transitions: [ # { # days: 1, # storage_class: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # status: "NonEmptyString", # transitions: [ # { # date: "NonEmptyString", # days: 1, # storage_class: "NonEmptyString", # }, # ], # }, # ], # } # # @!attribute [rw] rules # The lifecycle rules. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationDetails AWS API Documentation # class AwsS3BucketBucketLifecycleConfigurationDetails < Struct.new( :rules) SENSITIVE = [] include Aws::Structure end # Information about what Amazon S3 does when a multipart upload is # incomplete. # # @note When making an API call, you may pass AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails # data as a hash: # # { # days_after_initiation: 1, # } # # @!attribute [rw] days_after_initiation # The number of days after which Amazon S3 cancels an incomplete # multipart upload. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails AWS API Documentation # class AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails < Struct.new( :days_after_initiation) SENSITIVE = [] include Aws::Structure end # Configuration for a lifecycle rule. # # @note When making an API call, you may pass AwsS3BucketBucketLifecycleConfigurationRulesDetails # data as a hash: # # { # abort_incomplete_multipart_upload: { # days_after_initiation: 1, # }, # expiration_date: "NonEmptyString", # expiration_in_days: 1, # expired_object_delete_marker: false, # filter: { # predicate: { # operands: [ # { # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # }, # id: "NonEmptyString", # noncurrent_version_expiration_in_days: 1, # noncurrent_version_transitions: [ # { # days: 1, # storage_class: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # status: "NonEmptyString", # transitions: [ # { # date: "NonEmptyString", # days: 1, # storage_class: "NonEmptyString", # }, # ], # } # # @!attribute [rw] abort_incomplete_multipart_upload # How Amazon S3 responds when a multipart upload is incomplete. # Specifically, provides a number of days before Amazon S3 cancels the # entire upload. # @return [Types::AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails] # # @!attribute [rw] expiration_date # The date when objects are moved or deleted. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] expiration_in_days # The length in days of the lifetime for objects that are subject to # the rule. # @return [Integer] # # @!attribute [rw] expired_object_delete_marker # Whether Amazon S3 removes a delete marker that has no noncurrent # versions. If set to `true`, the delete marker is expired. If set to # `false`, the policy takes no action. # # If you provide `ExpiredObjectDeleteMarker`, you cannot provide # `ExpirationInDays` or `ExpirationDate`. # @return [Boolean] # # @!attribute [rw] filter # Identifies the objects that a rule applies to. # @return [Types::AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails] # # @!attribute [rw] id # The unique identifier of the rule. # @return [String] # # @!attribute [rw] noncurrent_version_expiration_in_days # The number of days that an object is noncurrent before Amazon S3 can # perform the associated action. # @return [Integer] # # @!attribute [rw] noncurrent_version_transitions # Transition rules that describe when noncurrent objects transition to # a specified storage class. # @return [Array] # # @!attribute [rw] prefix # A prefix that identifies one or more objects that the rule applies # to. # @return [String] # # @!attribute [rw] status # The current status of the rule. Indicates whether the rule is # currently being applied. # @return [String] # # @!attribute [rw] transitions # Transition rules that indicate when objects transition to a # specified storage class. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesDetails AWS API Documentation # class AwsS3BucketBucketLifecycleConfigurationRulesDetails < Struct.new( :abort_incomplete_multipart_upload, :expiration_date, :expiration_in_days, :expired_object_delete_marker, :filter, :id, :noncurrent_version_expiration_in_days, :noncurrent_version_transitions, :prefix, :status, :transitions) SENSITIVE = [] include Aws::Structure end # Identifies the objects that a rule applies to. # # @note When making an API call, you may pass AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails # data as a hash: # # { # predicate: { # operands: [ # { # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # } # # @!attribute [rw] predicate # The configuration for the filter. # @return [Types::AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails AWS API Documentation # class AwsS3BucketBucketLifecycleConfigurationRulesFilterDetails < Struct.new( :predicate) SENSITIVE = [] include Aws::Structure end # The configuration for the filter. # # @note When making an API call, you may pass AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails # data as a hash: # # { # operands: [ # { # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # } # # @!attribute [rw] operands # The values to use for the filter. # @return [Array] # # @!attribute [rw] prefix # A prefix filter. # @return [String] # # @!attribute [rw] tag # A tag filter. # @return [Types::AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails] # # @!attribute [rw] type # Whether to use `AND` or `OR` to join the operands. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails AWS API Documentation # class AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails < Struct.new( :operands, :prefix, :tag, :type) SENSITIVE = [] include Aws::Structure end # A value to use for the filter. # # @note When making an API call, you may pass AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails # data as a hash: # # { # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # } # # @!attribute [rw] prefix # Prefix text for matching objects. # @return [String] # # @!attribute [rw] tag # A tag that is assigned to matching objects. # @return [Types::AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails] # # @!attribute [rw] type # The type of filter value. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails AWS API Documentation # class AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails < Struct.new( :prefix, :tag, :type) SENSITIVE = [] include Aws::Structure end # A tag that is assigned to matching objects. # # @note When making an API call, you may pass AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails # data as a hash: # # { # key: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] key # The tag key. # @return [String] # # @!attribute [rw] value # The tag value. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails AWS API Documentation # class AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails < Struct.new( :key, :value) SENSITIVE = [] include Aws::Structure end # A tag filter. # # @note When making an API call, you may pass AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails # data as a hash: # # { # key: "NonEmptyString", # value: "NonEmptyString", # } # # @!attribute [rw] key # The tag key. # @return [String] # # @!attribute [rw] value # The tag value # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails AWS API Documentation # class AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails < Struct.new( :key, :value) SENSITIVE = [] include Aws::Structure end # A transition rule that describes when noncurrent objects transition to # a specified storage class. # # @note When making an API call, you may pass AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails # data as a hash: # # { # days: 1, # storage_class: "NonEmptyString", # } # # @!attribute [rw] days # The number of days that an object is noncurrent before Amazon S3 can # perform the associated action. # @return [Integer] # # @!attribute [rw] storage_class # The class of storage to change the object to after the object is # noncurrent for the specified number of days. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails AWS API Documentation # class AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails < Struct.new( :days, :storage_class) SENSITIVE = [] include Aws::Structure end # A rule for when objects transition to specific storage classes. # # @note When making an API call, you may pass AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails # data as a hash: # # { # date: "NonEmptyString", # days: 1, # storage_class: "NonEmptyString", # } # # @!attribute [rw] date # A date on which to transition objects to the specified storage # class. If you provide `Date`, you cannot provide `Days`. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] days # The number of days after which to transition the object to the # specified storage class. If you provide `Days`, you cannot provide # `Date`. # @return [Integer] # # @!attribute [rw] storage_class # The storage class to transition the object to. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails AWS API Documentation # class AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails < Struct.new( :date, :days, :storage_class) SENSITIVE = [] include Aws::Structure end # Describes the versioning state of an S3 bucket. # # @note When making an API call, you may pass AwsS3BucketBucketVersioningConfiguration # data as a hash: # # { # is_mfa_delete_enabled: false, # status: "NonEmptyString", # } # # @!attribute [rw] is_mfa_delete_enabled # Specifies whether MFA delete is currently enabled in the S3 bucket # versioning configuration. If the S3 bucket was never configured with # MFA delete, then this attribute is not included. # @return [Boolean] # # @!attribute [rw] status # The versioning status of the S3 bucket. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketBucketVersioningConfiguration AWS API Documentation # class AwsS3BucketBucketVersioningConfiguration < Struct.new( :is_mfa_delete_enabled, :status) SENSITIVE = [] include Aws::Structure end # The details of an Amazon S3 bucket. # # @note When making an API call, you may pass AwsS3BucketDetails # data as a hash: # # { # owner_id: "NonEmptyString", # owner_name: "NonEmptyString", # owner_account_id: "NonEmptyString", # created_at: "NonEmptyString", # server_side_encryption_configuration: { # rules: [ # { # apply_server_side_encryption_by_default: { # sse_algorithm: "NonEmptyString", # kms_master_key_id: "NonEmptyString", # }, # }, # ], # }, # bucket_lifecycle_configuration: { # rules: [ # { # abort_incomplete_multipart_upload: { # days_after_initiation: 1, # }, # expiration_date: "NonEmptyString", # expiration_in_days: 1, # expired_object_delete_marker: false, # filter: { # predicate: { # operands: [ # { # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # }, # id: "NonEmptyString", # noncurrent_version_expiration_in_days: 1, # noncurrent_version_transitions: [ # { # days: 1, # storage_class: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # status: "NonEmptyString", # transitions: [ # { # date: "NonEmptyString", # days: 1, # storage_class: "NonEmptyString", # }, # ], # }, # ], # }, # public_access_block_configuration: { # block_public_acls: false, # block_public_policy: false, # ignore_public_acls: false, # restrict_public_buckets: false, # }, # access_control_list: "NonEmptyString", # bucket_logging_configuration: { # destination_bucket_name: "NonEmptyString", # log_file_prefix: "NonEmptyString", # }, # bucket_website_configuration: { # error_document: "NonEmptyString", # index_document_suffix: "NonEmptyString", # redirect_all_requests_to: { # hostname: "NonEmptyString", # protocol: "NonEmptyString", # }, # routing_rules: [ # { # condition: { # http_error_code_returned_equals: "NonEmptyString", # key_prefix_equals: "NonEmptyString", # }, # redirect: { # hostname: "NonEmptyString", # http_redirect_code: "NonEmptyString", # protocol: "NonEmptyString", # replace_key_prefix_with: "NonEmptyString", # replace_key_with: "NonEmptyString", # }, # }, # ], # }, # bucket_notification_configuration: { # configurations: [ # { # events: ["NonEmptyString"], # filter: { # s3_key_filter: { # filter_rules: [ # { # name: "Prefix", # accepts Prefix, Suffix # value: "NonEmptyString", # }, # ], # }, # }, # destination: "NonEmptyString", # type: "NonEmptyString", # }, # ], # }, # bucket_versioning_configuration: { # is_mfa_delete_enabled: false, # status: "NonEmptyString", # }, # } # # @!attribute [rw] owner_id # The canonical user ID of the owner of the S3 bucket. # @return [String] # # @!attribute [rw] owner_name # The display name of the owner of the S3 bucket. # @return [String] # # @!attribute [rw] owner_account_id # The Amazon Web Services account identifier of the account that owns # the S3 bucket. # @return [String] # # @!attribute [rw] created_at # Indicates when the S3 bucket was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] server_side_encryption_configuration # The encryption rules that are applied to the S3 bucket. # @return [Types::AwsS3BucketServerSideEncryptionConfiguration] # # @!attribute [rw] bucket_lifecycle_configuration # The lifecycle configuration for objects in the S3 bucket. # @return [Types::AwsS3BucketBucketLifecycleConfigurationDetails] # # @!attribute [rw] public_access_block_configuration # Provides information about the Amazon S3 Public Access Block # configuration for the S3 bucket. # @return [Types::AwsS3AccountPublicAccessBlockDetails] # # @!attribute [rw] access_control_list # The access control list for the S3 bucket. # @return [String] # # @!attribute [rw] bucket_logging_configuration # The logging configuration for the S3 bucket. # @return [Types::AwsS3BucketLoggingConfiguration] # # @!attribute [rw] bucket_website_configuration # The website configuration parameters for the S3 bucket. # @return [Types::AwsS3BucketWebsiteConfiguration] # # @!attribute [rw] bucket_notification_configuration # The notification configuration for the S3 bucket. # @return [Types::AwsS3BucketNotificationConfiguration] # # @!attribute [rw] bucket_versioning_configuration # The versioning state of an S3 bucket. # @return [Types::AwsS3BucketBucketVersioningConfiguration] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketDetails AWS API Documentation # class AwsS3BucketDetails < Struct.new( :owner_id, :owner_name, :owner_account_id, :created_at, :server_side_encryption_configuration, :bucket_lifecycle_configuration, :public_access_block_configuration, :access_control_list, :bucket_logging_configuration, :bucket_website_configuration, :bucket_notification_configuration, :bucket_versioning_configuration) SENSITIVE = [] include Aws::Structure end # Information about logging for the S3 bucket # # @note When making an API call, you may pass AwsS3BucketLoggingConfiguration # data as a hash: # # { # destination_bucket_name: "NonEmptyString", # log_file_prefix: "NonEmptyString", # } # # @!attribute [rw] destination_bucket_name # The name of the S3 bucket where log files for the S3 bucket are # stored. # @return [String] # # @!attribute [rw] log_file_prefix # The prefix added to log files for the S3 bucket. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketLoggingConfiguration AWS API Documentation # class AwsS3BucketLoggingConfiguration < Struct.new( :destination_bucket_name, :log_file_prefix) SENSITIVE = [] include Aws::Structure end # The notification configuration for the S3 bucket. # # @note When making an API call, you may pass AwsS3BucketNotificationConfiguration # data as a hash: # # { # configurations: [ # { # events: ["NonEmptyString"], # filter: { # s3_key_filter: { # filter_rules: [ # { # name: "Prefix", # accepts Prefix, Suffix # value: "NonEmptyString", # }, # ], # }, # }, # destination: "NonEmptyString", # type: "NonEmptyString", # }, # ], # } # # @!attribute [rw] configurations # Configurations for S3 bucket notifications. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketNotificationConfiguration AWS API Documentation # class AwsS3BucketNotificationConfiguration < Struct.new( :configurations) SENSITIVE = [] include Aws::Structure end # Details for an S3 bucket notification configuration. # # @note When making an API call, you may pass AwsS3BucketNotificationConfigurationDetail # data as a hash: # # { # events: ["NonEmptyString"], # filter: { # s3_key_filter: { # filter_rules: [ # { # name: "Prefix", # accepts Prefix, Suffix # value: "NonEmptyString", # }, # ], # }, # }, # destination: "NonEmptyString", # type: "NonEmptyString", # } # # @!attribute [rw] events # The list of events that trigger a notification. # @return [Array] # # @!attribute [rw] filter # The filters that determine which S3 buckets generate notifications. # @return [Types::AwsS3BucketNotificationConfigurationFilter] # # @!attribute [rw] destination # The ARN of the Lambda function, Amazon SQS queue, or Amazon SNS # topic that generates the notification. # @return [String] # # @!attribute [rw] type # Indicates the type of notification. Notifications can be generated # using Lambda functions, Amazon SQS queues or Amazon SNS topics. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketNotificationConfigurationDetail AWS API Documentation # class AwsS3BucketNotificationConfigurationDetail < Struct.new( :events, :filter, :destination, :type) SENSITIVE = [] include Aws::Structure end # Filtering information for the notifications. The filtering is based on # Amazon S3 key names. # # @note When making an API call, you may pass AwsS3BucketNotificationConfigurationFilter # data as a hash: # # { # s3_key_filter: { # filter_rules: [ # { # name: "Prefix", # accepts Prefix, Suffix # value: "NonEmptyString", # }, # ], # }, # } # # @!attribute [rw] s3_key_filter # Details for an Amazon S3 filter. # @return [Types::AwsS3BucketNotificationConfigurationS3KeyFilter] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketNotificationConfigurationFilter AWS API Documentation # class AwsS3BucketNotificationConfigurationFilter < Struct.new( :s3_key_filter) SENSITIVE = [] include Aws::Structure end # Details for an Amazon S3 filter. # # @note When making an API call, you may pass AwsS3BucketNotificationConfigurationS3KeyFilter # data as a hash: # # { # filter_rules: [ # { # name: "Prefix", # accepts Prefix, Suffix # value: "NonEmptyString", # }, # ], # } # # @!attribute [rw] filter_rules # The filter rules for the filter. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketNotificationConfigurationS3KeyFilter AWS API Documentation # class AwsS3BucketNotificationConfigurationS3KeyFilter < Struct.new( :filter_rules) SENSITIVE = [] include Aws::Structure end # Details for a filter rule. # # @note When making an API call, you may pass AwsS3BucketNotificationConfigurationS3KeyFilterRule # data as a hash: # # { # name: "Prefix", # accepts Prefix, Suffix # value: "NonEmptyString", # } # # @!attribute [rw] name # Indicates whether the filter is based on the prefix or suffix of the # Amazon S3 key. # @return [String] # # @!attribute [rw] value # The filter value. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketNotificationConfigurationS3KeyFilterRule AWS API Documentation # class AwsS3BucketNotificationConfigurationS3KeyFilterRule < Struct.new( :name, :value) SENSITIVE = [] include Aws::Structure end # Specifies the default server-side encryption to apply to new objects # in the bucket. # # @note When making an API call, you may pass AwsS3BucketServerSideEncryptionByDefault # data as a hash: # # { # sse_algorithm: "NonEmptyString", # kms_master_key_id: "NonEmptyString", # } # # @!attribute [rw] sse_algorithm # Server-side encryption algorithm to use for the default encryption. # @return [String] # # @!attribute [rw] kms_master_key_id # KMS key ID to use for the default encryption. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionByDefault AWS API Documentation # class AwsS3BucketServerSideEncryptionByDefault < Struct.new( :sse_algorithm, :kms_master_key_id) SENSITIVE = [] include Aws::Structure end # The encryption configuration for the S3 bucket. # # @note When making an API call, you may pass AwsS3BucketServerSideEncryptionConfiguration # data as a hash: # # { # rules: [ # { # apply_server_side_encryption_by_default: { # sse_algorithm: "NonEmptyString", # kms_master_key_id: "NonEmptyString", # }, # }, # ], # } # # @!attribute [rw] rules # The encryption rules that are applied to the S3 bucket. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionConfiguration AWS API Documentation # class AwsS3BucketServerSideEncryptionConfiguration < Struct.new( :rules) SENSITIVE = [] include Aws::Structure end # An encryption rule to apply to the S3 bucket. # # @note When making an API call, you may pass AwsS3BucketServerSideEncryptionRule # data as a hash: # # { # apply_server_side_encryption_by_default: { # sse_algorithm: "NonEmptyString", # kms_master_key_id: "NonEmptyString", # }, # } # # @!attribute [rw] apply_server_side_encryption_by_default # Specifies the default server-side encryption to apply to new objects # in the bucket. If a `PUT` object request doesn't specify any # server-side encryption, this default encryption is applied. # @return [Types::AwsS3BucketServerSideEncryptionByDefault] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketServerSideEncryptionRule AWS API Documentation # class AwsS3BucketServerSideEncryptionRule < Struct.new( :apply_server_side_encryption_by_default) SENSITIVE = [] include Aws::Structure end # Website parameters for the S3 bucket. # # @note When making an API call, you may pass AwsS3BucketWebsiteConfiguration # data as a hash: # # { # error_document: "NonEmptyString", # index_document_suffix: "NonEmptyString", # redirect_all_requests_to: { # hostname: "NonEmptyString", # protocol: "NonEmptyString", # }, # routing_rules: [ # { # condition: { # http_error_code_returned_equals: "NonEmptyString", # key_prefix_equals: "NonEmptyString", # }, # redirect: { # hostname: "NonEmptyString", # http_redirect_code: "NonEmptyString", # protocol: "NonEmptyString", # replace_key_prefix_with: "NonEmptyString", # replace_key_with: "NonEmptyString", # }, # }, # ], # } # # @!attribute [rw] error_document # The name of the error document for the website. # @return [String] # # @!attribute [rw] index_document_suffix # The name of the index document for the website. # @return [String] # # @!attribute [rw] redirect_all_requests_to # The redirect behavior for requests to the website. # @return [Types::AwsS3BucketWebsiteConfigurationRedirectTo] # # @!attribute [rw] routing_rules # The rules for applying redirects for requests to the website. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketWebsiteConfiguration AWS API Documentation # class AwsS3BucketWebsiteConfiguration < Struct.new( :error_document, :index_document_suffix, :redirect_all_requests_to, :routing_rules) SENSITIVE = [] include Aws::Structure end # The redirect behavior for requests to the website. # # @note When making an API call, you may pass AwsS3BucketWebsiteConfigurationRedirectTo # data as a hash: # # { # hostname: "NonEmptyString", # protocol: "NonEmptyString", # } # # @!attribute [rw] hostname # The name of the host to redirect requests to. # @return [String] # # @!attribute [rw] protocol # The protocol to use when redirecting requests. By default, uses the # same protocol as the original request. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketWebsiteConfigurationRedirectTo AWS API Documentation # class AwsS3BucketWebsiteConfigurationRedirectTo < Struct.new( :hostname, :protocol) SENSITIVE = [] include Aws::Structure end # A rule for redirecting requests to the website. # # @note When making an API call, you may pass AwsS3BucketWebsiteConfigurationRoutingRule # data as a hash: # # { # condition: { # http_error_code_returned_equals: "NonEmptyString", # key_prefix_equals: "NonEmptyString", # }, # redirect: { # hostname: "NonEmptyString", # http_redirect_code: "NonEmptyString", # protocol: "NonEmptyString", # replace_key_prefix_with: "NonEmptyString", # replace_key_with: "NonEmptyString", # }, # } # # @!attribute [rw] condition # Provides the condition that must be met in order to apply the # routing rule. # @return [Types::AwsS3BucketWebsiteConfigurationRoutingRuleCondition] # # @!attribute [rw] redirect # Provides the rules to redirect the request if the condition in # `Condition` is met. # @return [Types::AwsS3BucketWebsiteConfigurationRoutingRuleRedirect] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketWebsiteConfigurationRoutingRule AWS API Documentation # class AwsS3BucketWebsiteConfigurationRoutingRule < Struct.new( :condition, :redirect) SENSITIVE = [] include Aws::Structure end # The condition that must be met in order to apply the routing rule. # # @note When making an API call, you may pass AwsS3BucketWebsiteConfigurationRoutingRuleCondition # data as a hash: # # { # http_error_code_returned_equals: "NonEmptyString", # key_prefix_equals: "NonEmptyString", # } # # @!attribute [rw] http_error_code_returned_equals # Indicates to redirect the request if the HTTP error code matches # this value. # @return [String] # # @!attribute [rw] key_prefix_equals # Indicates to redirect the request if the key prefix matches this # value. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketWebsiteConfigurationRoutingRuleCondition AWS API Documentation # class AwsS3BucketWebsiteConfigurationRoutingRuleCondition < Struct.new( :http_error_code_returned_equals, :key_prefix_equals) SENSITIVE = [] include Aws::Structure end # The rules to redirect the request if the condition in `Condition` is # met. # # @note When making an API call, you may pass AwsS3BucketWebsiteConfigurationRoutingRuleRedirect # data as a hash: # # { # hostname: "NonEmptyString", # http_redirect_code: "NonEmptyString", # protocol: "NonEmptyString", # replace_key_prefix_with: "NonEmptyString", # replace_key_with: "NonEmptyString", # } # # @!attribute [rw] hostname # The host name to use in the redirect request. # @return [String] # # @!attribute [rw] http_redirect_code # The HTTP redirect code to use in the response. # @return [String] # # @!attribute [rw] protocol # The protocol to use to redirect the request. By default, uses the # protocol from the original request. # @return [String] # # @!attribute [rw] replace_key_prefix_with # The object key prefix to use in the redirect request. # # Cannot be provided if `ReplaceKeyWith` is present. # @return [String] # # @!attribute [rw] replace_key_with # The specific object key to use in the redirect request. # # Cannot be provided if `ReplaceKeyPrefixWith` is present. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3BucketWebsiteConfigurationRoutingRuleRedirect AWS API Documentation # class AwsS3BucketWebsiteConfigurationRoutingRuleRedirect < Struct.new( :hostname, :http_redirect_code, :protocol, :replace_key_prefix_with, :replace_key_with) SENSITIVE = [] include Aws::Structure end # Details about an Amazon S3 object. # # @note When making an API call, you may pass AwsS3ObjectDetails # data as a hash: # # { # last_modified: "NonEmptyString", # etag: "NonEmptyString", # version_id: "NonEmptyString", # content_type: "NonEmptyString", # server_side_encryption: "NonEmptyString", # ssekms_key_id: "NonEmptyString", # } # # @!attribute [rw] last_modified # Indicates when the object was last modified. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] etag # The opaque identifier assigned by a web server to a specific version # of a resource found at a URL. # @return [String] # # @!attribute [rw] version_id # The version of the object. # @return [String] # # @!attribute [rw] content_type # A standard MIME type describing the format of the object data. # @return [String] # # @!attribute [rw] server_side_encryption # If the object is stored using server-side encryption, the value of # the server-side encryption algorithm used when storing this object # in Amazon S3. # @return [String] # # @!attribute [rw] ssekms_key_id # The identifier of the KMS symmetric customer managed key that was # used for the object. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsS3ObjectDetails AWS API Documentation # class AwsS3ObjectDetails < Struct.new( :last_modified, :etag, :version_id, :content_type, :server_side_encryption, :ssekms_key_id) SENSITIVE = [] include Aws::Structure end # Details about an Secrets Manager secret. # # @note When making an API call, you may pass AwsSecretsManagerSecretDetails # data as a hash: # # { # rotation_rules: { # automatically_after_days: 1, # }, # rotation_occurred_within_frequency: false, # kms_key_id: "NonEmptyString", # rotation_enabled: false, # rotation_lambda_arn: "NonEmptyString", # deleted: false, # name: "NonEmptyString", # description: "NonEmptyString", # } # # @!attribute [rw] rotation_rules # Defines the rotation schedule for the secret. # @return [Types::AwsSecretsManagerSecretRotationRules] # # @!attribute [rw] rotation_occurred_within_frequency # Whether the rotation occurred within the specified rotation # frequency. # @return [Boolean] # # @!attribute [rw] kms_key_id # The ARN, Key ID, or alias of the KMS key used to encrypt the # `SecretString` or `SecretBinary` values for versions of this secret. # @return [String] # # @!attribute [rw] rotation_enabled # Whether rotation is enabled. # @return [Boolean] # # @!attribute [rw] rotation_lambda_arn # The ARN of the Lambda function that rotates the secret. # @return [String] # # @!attribute [rw] deleted # Whether the secret is deleted. # @return [Boolean] # # @!attribute [rw] name # The name of the secret. # @return [String] # # @!attribute [rw] description # The user-provided description of the secret. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecretsManagerSecretDetails AWS API Documentation # class AwsSecretsManagerSecretDetails < Struct.new( :rotation_rules, :rotation_occurred_within_frequency, :kms_key_id, :rotation_enabled, :rotation_lambda_arn, :deleted, :name, :description) SENSITIVE = [] include Aws::Structure end # Defines the rotation schedule for the secret. # # @note When making an API call, you may pass AwsSecretsManagerSecretRotationRules # data as a hash: # # { # automatically_after_days: 1, # } # # @!attribute [rw] automatically_after_days # The number of days after the previous rotation to rotate the secret. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecretsManagerSecretRotationRules AWS API Documentation # class AwsSecretsManagerSecretRotationRules < Struct.new( :automatically_after_days) SENSITIVE = [] include Aws::Structure end # Provides consistent format for the contents of the Security # Hub-aggregated findings. `AwsSecurityFinding` format enables you to # share findings between Amazon Web Services security services and # third-party solutions, and security standards checks. # # A finding is a potential security issue generated either by Amazon Web # Services services or by the integrated third-party solutions and # standards checks. # # # # @note When making an API call, you may pass AwsSecurityFinding # data as a hash: # # { # schema_version: "NonEmptyString", # required # id: "NonEmptyString", # required # product_arn: "NonEmptyString", # required # product_name: "NonEmptyString", # company_name: "NonEmptyString", # region: "NonEmptyString", # generator_id: "NonEmptyString", # required # aws_account_id: "NonEmptyString", # required # types: ["NonEmptyString"], # first_observed_at: "NonEmptyString", # last_observed_at: "NonEmptyString", # created_at: "NonEmptyString", # required # updated_at: "NonEmptyString", # required # severity: { # product: 1.0, # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL # normalized: 1, # original: "NonEmptyString", # }, # confidence: 1, # criticality: 1, # title: "NonEmptyString", # required # description: "NonEmptyString", # required # remediation: { # recommendation: { # text: "NonEmptyString", # url: "NonEmptyString", # }, # }, # source_url: "NonEmptyString", # product_fields: { # "NonEmptyString" => "NonEmptyString", # }, # user_defined_fields: { # "NonEmptyString" => "NonEmptyString", # }, # malware: [ # { # name: "NonEmptyString", # required # type: "ADWARE", # accepts ADWARE, BLENDED_THREAT, BOTNET_AGENT, COIN_MINER, EXPLOIT_KIT, KEYLOGGER, MACRO, POTENTIALLY_UNWANTED, SPYWARE, RANSOMWARE, REMOTE_ACCESS, ROOTKIT, TROJAN, VIRUS, WORM # path: "NonEmptyString", # state: "OBSERVED", # accepts OBSERVED, REMOVAL_FAILED, REMOVED # }, # ], # network: { # direction: "IN", # accepts IN, OUT # protocol: "NonEmptyString", # open_port_range: { # begin: 1, # end: 1, # }, # source_ip_v4: "NonEmptyString", # source_ip_v6: "NonEmptyString", # source_port: 1, # source_domain: "NonEmptyString", # source_mac: "NonEmptyString", # destination_ip_v4: "NonEmptyString", # destination_ip_v6: "NonEmptyString", # destination_port: 1, # destination_domain: "NonEmptyString", # }, # network_path: [ # { # component_id: "NonEmptyString", # component_type: "NonEmptyString", # egress: { # protocol: "NonEmptyString", # destination: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # source: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # }, # ingress: { # protocol: "NonEmptyString", # destination: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # source: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # }, # }, # ], # process: { # name: "NonEmptyString", # path: "NonEmptyString", # pid: 1, # parent_pid: 1, # launched_at: "NonEmptyString", # terminated_at: "NonEmptyString", # }, # threat_intel_indicators: [ # { # type: "DOMAIN", # accepts DOMAIN, EMAIL_ADDRESS, HASH_MD5, HASH_SHA1, HASH_SHA256, HASH_SHA512, IPV4_ADDRESS, IPV6_ADDRESS, MUTEX, PROCESS, URL # value: "NonEmptyString", # category: "BACKDOOR", # accepts BACKDOOR, CARD_STEALER, COMMAND_AND_CONTROL, DROP_SITE, EXPLOIT_SITE, KEYLOGGER # last_observed_at: "NonEmptyString", # source: "NonEmptyString", # source_url: "NonEmptyString", # }, # ], # resources: [ # required # { # type: "NonEmptyString", # required # id: "NonEmptyString", # required # partition: "aws", # accepts aws, aws-cn, aws-us-gov # region: "NonEmptyString", # resource_role: "NonEmptyString", # tags: { # "NonEmptyString" => "NonEmptyString", # }, # data_classification: { # detailed_results_location: "NonEmptyString", # result: { # mime_type: "NonEmptyString", # size_classified: 1, # additional_occurrences: false, # status: { # code: "NonEmptyString", # reason: "NonEmptyString", # }, # sensitive_data: [ # { # category: "NonEmptyString", # detections: [ # { # count: 1, # type: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # }, # ], # custom_data_identifiers: { # detections: [ # { # count: 1, # arn: "NonEmptyString", # name: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # }, # }, # }, # details: { # aws_auto_scaling_auto_scaling_group: { # launch_configuration_name: "NonEmptyString", # load_balancer_names: ["NonEmptyString"], # health_check_type: "NonEmptyString", # health_check_grace_period: 1, # created_time: "NonEmptyString", # mixed_instances_policy: { # instances_distribution: { # on_demand_allocation_strategy: "NonEmptyString", # on_demand_base_capacity: 1, # on_demand_percentage_above_base_capacity: 1, # spot_allocation_strategy: "NonEmptyString", # spot_instance_pools: 1, # spot_max_price: "NonEmptyString", # }, # launch_template: { # launch_template_specification: { # launch_template_id: "NonEmptyString", # launch_template_name: "NonEmptyString", # version: "NonEmptyString", # }, # overrides: [ # { # instance_type: "NonEmptyString", # weighted_capacity: "NonEmptyString", # }, # ], # }, # }, # availability_zones: [ # { # value: "NonEmptyString", # }, # ], # }, # aws_code_build_project: { # encryption_key: "NonEmptyString", # artifacts: [ # { # artifact_identifier: "NonEmptyString", # encryption_disabled: false, # location: "NonEmptyString", # name: "NonEmptyString", # namespace_type: "NonEmptyString", # override_artifact_name: false, # packaging: "NonEmptyString", # path: "NonEmptyString", # type: "NonEmptyString", # }, # ], # environment: { # certificate: "NonEmptyString", # environment_variables: [ # { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # privileged_mode: false, # image_pull_credentials_type: "NonEmptyString", # registry_credential: { # credential: "NonEmptyString", # credential_provider: "NonEmptyString", # }, # type: "NonEmptyString", # }, # name: "NonEmptyString", # source: { # type: "NonEmptyString", # location: "NonEmptyString", # git_clone_depth: 1, # insecure_ssl: false, # }, # service_role: "NonEmptyString", # logs_config: { # cloud_watch_logs: { # group_name: "NonEmptyString", # status: "NonEmptyString", # stream_name: "NonEmptyString", # }, # s3_logs: { # encryption_disabled: false, # location: "NonEmptyString", # status: "NonEmptyString", # }, # }, # vpc_config: { # vpc_id: "NonEmptyString", # subnets: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # }, # }, # aws_cloud_front_distribution: { # cache_behaviors: { # items: [ # { # viewer_protocol_policy: "NonEmptyString", # }, # ], # }, # default_cache_behavior: { # viewer_protocol_policy: "NonEmptyString", # }, # default_root_object: "NonEmptyString", # domain_name: "NonEmptyString", # etag: "NonEmptyString", # last_modified_time: "NonEmptyString", # logging: { # bucket: "NonEmptyString", # enabled: false, # include_cookies: false, # prefix: "NonEmptyString", # }, # origins: { # items: [ # { # domain_name: "NonEmptyString", # id: "NonEmptyString", # origin_path: "NonEmptyString", # s3_origin_config: { # origin_access_identity: "NonEmptyString", # }, # }, # ], # }, # origin_groups: { # items: [ # { # failover_criteria: { # status_codes: { # items: [1], # quantity: 1, # }, # }, # }, # ], # }, # viewer_certificate: { # acm_certificate_arn: "NonEmptyString", # certificate: "NonEmptyString", # certificate_source: "NonEmptyString", # cloud_front_default_certificate: false, # iam_certificate_id: "NonEmptyString", # minimum_protocol_version: "NonEmptyString", # ssl_support_method: "NonEmptyString", # }, # status: "NonEmptyString", # web_acl_id: "NonEmptyString", # }, # aws_ec2_instance: { # type: "NonEmptyString", # image_id: "NonEmptyString", # ip_v4_addresses: ["NonEmptyString"], # ip_v6_addresses: ["NonEmptyString"], # key_name: "NonEmptyString", # iam_instance_profile_arn: "NonEmptyString", # vpc_id: "NonEmptyString", # subnet_id: "NonEmptyString", # launched_at: "NonEmptyString", # network_interfaces: [ # { # network_interface_id: "NonEmptyString", # }, # ], # }, # aws_ec2_network_interface: { # attachment: { # attach_time: "NonEmptyString", # attachment_id: "NonEmptyString", # delete_on_termination: false, # device_index: 1, # instance_id: "NonEmptyString", # instance_owner_id: "NonEmptyString", # status: "NonEmptyString", # }, # network_interface_id: "NonEmptyString", # security_groups: [ # { # group_name: "NonEmptyString", # group_id: "NonEmptyString", # }, # ], # source_dest_check: false, # ip_v6_addresses: [ # { # ip_v6_address: "NonEmptyString", # }, # ], # private_ip_addresses: [ # { # private_ip_address: "NonEmptyString", # private_dns_name: "NonEmptyString", # }, # ], # public_dns_name: "NonEmptyString", # public_ip: "NonEmptyString", # }, # aws_ec2_security_group: { # group_name: "NonEmptyString", # group_id: "NonEmptyString", # owner_id: "NonEmptyString", # vpc_id: "NonEmptyString", # ip_permissions: [ # { # ip_protocol: "NonEmptyString", # from_port: 1, # to_port: 1, # user_id_group_pairs: [ # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # }, # ], # ip_ranges: [ # { # cidr_ip: "NonEmptyString", # }, # ], # ipv_6_ranges: [ # { # cidr_ipv_6: "NonEmptyString", # }, # ], # prefix_list_ids: [ # { # prefix_list_id: "NonEmptyString", # }, # ], # }, # ], # ip_permissions_egress: [ # { # ip_protocol: "NonEmptyString", # from_port: 1, # to_port: 1, # user_id_group_pairs: [ # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # }, # ], # ip_ranges: [ # { # cidr_ip: "NonEmptyString", # }, # ], # ipv_6_ranges: [ # { # cidr_ipv_6: "NonEmptyString", # }, # ], # prefix_list_ids: [ # { # prefix_list_id: "NonEmptyString", # }, # ], # }, # ], # }, # aws_ec2_volume: { # create_time: "NonEmptyString", # encrypted: false, # size: 1, # snapshot_id: "NonEmptyString", # status: "NonEmptyString", # kms_key_id: "NonEmptyString", # attachments: [ # { # attach_time: "NonEmptyString", # delete_on_termination: false, # instance_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # }, # aws_ec2_vpc: { # cidr_block_association_set: [ # { # association_id: "NonEmptyString", # cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # ipv_6_cidr_block_association_set: [ # { # association_id: "NonEmptyString", # ipv_6_cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # dhcp_options_id: "NonEmptyString", # state: "NonEmptyString", # }, # aws_ec2_eip: { # instance_id: "NonEmptyString", # public_ip: "NonEmptyString", # allocation_id: "NonEmptyString", # association_id: "NonEmptyString", # domain: "NonEmptyString", # public_ipv_4_pool: "NonEmptyString", # network_border_group: "NonEmptyString", # network_interface_id: "NonEmptyString", # network_interface_owner_id: "NonEmptyString", # private_ip_address: "NonEmptyString", # }, # aws_ec2_subnet: { # assign_ipv_6_address_on_creation: false, # availability_zone: "NonEmptyString", # availability_zone_id: "NonEmptyString", # available_ip_address_count: 1, # cidr_block: "NonEmptyString", # default_for_az: false, # map_public_ip_on_launch: false, # owner_id: "NonEmptyString", # state: "NonEmptyString", # subnet_arn: "NonEmptyString", # subnet_id: "NonEmptyString", # vpc_id: "NonEmptyString", # ipv_6_cidr_block_association_set: [ # { # association_id: "NonEmptyString", # ipv_6_cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # }, # aws_ec2_network_acl: { # is_default: false, # network_acl_id: "NonEmptyString", # owner_id: "NonEmptyString", # vpc_id: "NonEmptyString", # associations: [ # { # network_acl_association_id: "NonEmptyString", # network_acl_id: "NonEmptyString", # subnet_id: "NonEmptyString", # }, # ], # entries: [ # { # cidr_block: "NonEmptyString", # egress: false, # icmp_type_code: { # code: 1, # type: 1, # }, # ipv_6_cidr_block: "NonEmptyString", # port_range: { # from: 1, # to: 1, # }, # protocol: "NonEmptyString", # rule_action: "NonEmptyString", # rule_number: 1, # }, # ], # }, # aws_elbv_2_load_balancer: { # availability_zones: [ # { # zone_name: "NonEmptyString", # subnet_id: "NonEmptyString", # }, # ], # canonical_hosted_zone_id: "NonEmptyString", # created_time: "NonEmptyString", # dns_name: "NonEmptyString", # ip_address_type: "NonEmptyString", # scheme: "NonEmptyString", # security_groups: ["NonEmptyString"], # state: { # code: "NonEmptyString", # reason: "NonEmptyString", # }, # type: "NonEmptyString", # vpc_id: "NonEmptyString", # load_balancer_attributes: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # }, # ], # }, # aws_elastic_beanstalk_environment: { # application_name: "NonEmptyString", # cname: "NonEmptyString", # date_created: "NonEmptyString", # date_updated: "NonEmptyString", # description: "NonEmptyString", # endpoint_url: "NonEmptyString", # environment_arn: "NonEmptyString", # environment_id: "NonEmptyString", # environment_links: [ # { # environment_name: "NonEmptyString", # link_name: "NonEmptyString", # }, # ], # environment_name: "NonEmptyString", # option_settings: [ # { # namespace: "NonEmptyString", # option_name: "NonEmptyString", # resource_name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # platform_arn: "NonEmptyString", # solution_stack_name: "NonEmptyString", # status: "NonEmptyString", # tier: { # name: "NonEmptyString", # type: "NonEmptyString", # version: "NonEmptyString", # }, # version_label: "NonEmptyString", # }, # aws_elasticsearch_domain: { # access_policies: "NonEmptyString", # domain_endpoint_options: { # enforce_https: false, # tls_security_policy: "NonEmptyString", # }, # domain_id: "NonEmptyString", # domain_name: "NonEmptyString", # endpoint: "NonEmptyString", # endpoints: { # "NonEmptyString" => "NonEmptyString", # }, # elasticsearch_version: "NonEmptyString", # elasticsearch_cluster_config: { # dedicated_master_count: 1, # dedicated_master_enabled: false, # dedicated_master_type: "NonEmptyString", # instance_count: 1, # instance_type: "NonEmptyString", # zone_awareness_config: { # availability_zone_count: 1, # }, # zone_awareness_enabled: false, # }, # encryption_at_rest_options: { # enabled: false, # kms_key_id: "NonEmptyString", # }, # log_publishing_options: { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # }, # node_to_node_encryption_options: { # enabled: false, # }, # service_software_options: { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # }, # vpc_options: { # availability_zones: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # }, # aws_s3_bucket: { # owner_id: "NonEmptyString", # owner_name: "NonEmptyString", # owner_account_id: "NonEmptyString", # created_at: "NonEmptyString", # server_side_encryption_configuration: { # rules: [ # { # apply_server_side_encryption_by_default: { # sse_algorithm: "NonEmptyString", # kms_master_key_id: "NonEmptyString", # }, # }, # ], # }, # bucket_lifecycle_configuration: { # rules: [ # { # abort_incomplete_multipart_upload: { # days_after_initiation: 1, # }, # expiration_date: "NonEmptyString", # expiration_in_days: 1, # expired_object_delete_marker: false, # filter: { # predicate: { # operands: [ # { # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # }, # id: "NonEmptyString", # noncurrent_version_expiration_in_days: 1, # noncurrent_version_transitions: [ # { # days: 1, # storage_class: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # status: "NonEmptyString", # transitions: [ # { # date: "NonEmptyString", # days: 1, # storage_class: "NonEmptyString", # }, # ], # }, # ], # }, # public_access_block_configuration: { # block_public_acls: false, # block_public_policy: false, # ignore_public_acls: false, # restrict_public_buckets: false, # }, # access_control_list: "NonEmptyString", # bucket_logging_configuration: { # destination_bucket_name: "NonEmptyString", # log_file_prefix: "NonEmptyString", # }, # bucket_website_configuration: { # error_document: "NonEmptyString", # index_document_suffix: "NonEmptyString", # redirect_all_requests_to: { # hostname: "NonEmptyString", # protocol: "NonEmptyString", # }, # routing_rules: [ # { # condition: { # http_error_code_returned_equals: "NonEmptyString", # key_prefix_equals: "NonEmptyString", # }, # redirect: { # hostname: "NonEmptyString", # http_redirect_code: "NonEmptyString", # protocol: "NonEmptyString", # replace_key_prefix_with: "NonEmptyString", # replace_key_with: "NonEmptyString", # }, # }, # ], # }, # bucket_notification_configuration: { # configurations: [ # { # events: ["NonEmptyString"], # filter: { # s3_key_filter: { # filter_rules: [ # { # name: "Prefix", # accepts Prefix, Suffix # value: "NonEmptyString", # }, # ], # }, # }, # destination: "NonEmptyString", # type: "NonEmptyString", # }, # ], # }, # bucket_versioning_configuration: { # is_mfa_delete_enabled: false, # status: "NonEmptyString", # }, # }, # aws_s3_account_public_access_block: { # block_public_acls: false, # block_public_policy: false, # ignore_public_acls: false, # restrict_public_buckets: false, # }, # aws_s3_object: { # last_modified: "NonEmptyString", # etag: "NonEmptyString", # version_id: "NonEmptyString", # content_type: "NonEmptyString", # server_side_encryption: "NonEmptyString", # ssekms_key_id: "NonEmptyString", # }, # aws_secrets_manager_secret: { # rotation_rules: { # automatically_after_days: 1, # }, # rotation_occurred_within_frequency: false, # kms_key_id: "NonEmptyString", # rotation_enabled: false, # rotation_lambda_arn: "NonEmptyString", # deleted: false, # name: "NonEmptyString", # description: "NonEmptyString", # }, # aws_iam_access_key: { # user_name: "NonEmptyString", # status: "Active", # accepts Active, Inactive # created_at: "NonEmptyString", # principal_id: "NonEmptyString", # principal_type: "NonEmptyString", # principal_name: "NonEmptyString", # account_id: "NonEmptyString", # access_key_id: "NonEmptyString", # session_context: { # attributes: { # mfa_authenticated: false, # creation_date: "NonEmptyString", # }, # session_issuer: { # type: "NonEmptyString", # principal_id: "NonEmptyString", # arn: "NonEmptyString", # account_id: "NonEmptyString", # user_name: "NonEmptyString", # }, # }, # }, # aws_iam_user: { # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # group_list: ["NonEmptyString"], # path: "NonEmptyString", # permissions_boundary: { # permissions_boundary_arn: "NonEmptyString", # permissions_boundary_type: "NonEmptyString", # }, # user_id: "NonEmptyString", # user_name: "NonEmptyString", # user_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # }, # aws_iam_policy: { # attachment_count: 1, # create_date: "NonEmptyString", # default_version_id: "NonEmptyString", # description: "NonEmptyString", # is_attachable: false, # path: "NonEmptyString", # permissions_boundary_usage_count: 1, # policy_id: "NonEmptyString", # policy_name: "NonEmptyString", # policy_version_list: [ # { # version_id: "NonEmptyString", # is_default_version: false, # create_date: "NonEmptyString", # }, # ], # update_date: "NonEmptyString", # }, # aws_api_gateway_v2_stage: { # client_certificate_id: "NonEmptyString", # created_date: "NonEmptyString", # description: "NonEmptyString", # default_route_settings: { # detailed_metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # }, # deployment_id: "NonEmptyString", # last_updated_date: "NonEmptyString", # route_settings: { # detailed_metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # }, # stage_name: "NonEmptyString", # stage_variables: { # "NonEmptyString" => "NonEmptyString", # }, # access_log_settings: { # format: "NonEmptyString", # destination_arn: "NonEmptyString", # }, # auto_deploy: false, # last_deployment_status_message: "NonEmptyString", # api_gateway_managed: false, # }, # aws_api_gateway_v2_api: { # api_endpoint: "NonEmptyString", # api_id: "NonEmptyString", # api_key_selection_expression: "NonEmptyString", # created_date: "NonEmptyString", # description: "NonEmptyString", # version: "NonEmptyString", # name: "NonEmptyString", # protocol_type: "NonEmptyString", # route_selection_expression: "NonEmptyString", # cors_configuration: { # allow_origins: ["NonEmptyString"], # allow_credentials: false, # expose_headers: ["NonEmptyString"], # max_age: 1, # allow_methods: ["NonEmptyString"], # allow_headers: ["NonEmptyString"], # }, # }, # aws_dynamo_db_table: { # attribute_definitions: [ # { # attribute_name: "NonEmptyString", # attribute_type: "NonEmptyString", # }, # ], # billing_mode_summary: { # billing_mode: "NonEmptyString", # last_update_to_pay_per_request_date_time: "NonEmptyString", # }, # creation_date_time: "NonEmptyString", # global_secondary_indexes: [ # { # backfilling: false, # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # index_size_bytes: 1, # index_status: "NonEmptyString", # item_count: 1, # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # provisioned_throughput: { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # }, # }, # ], # global_table_version: "NonEmptyString", # item_count: 1, # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # latest_stream_arn: "NonEmptyString", # latest_stream_label: "NonEmptyString", # local_secondary_indexes: [ # { # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # }, # ], # provisioned_throughput: { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # }, # replicas: [ # { # global_secondary_indexes: [ # { # index_name: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # }, # ], # kms_master_key_id: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # region_name: "NonEmptyString", # replica_status: "NonEmptyString", # replica_status_description: "NonEmptyString", # }, # ], # restore_summary: { # source_backup_arn: "NonEmptyString", # source_table_arn: "NonEmptyString", # restore_date_time: "NonEmptyString", # restore_in_progress: false, # }, # sse_description: { # inaccessible_encryption_date_time: "NonEmptyString", # status: "NonEmptyString", # sse_type: "NonEmptyString", # kms_master_key_arn: "NonEmptyString", # }, # stream_specification: { # stream_enabled: false, # stream_view_type: "NonEmptyString", # }, # table_id: "NonEmptyString", # table_name: "NonEmptyString", # table_size_bytes: 1, # table_status: "NonEmptyString", # }, # aws_api_gateway_stage: { # deployment_id: "NonEmptyString", # client_certificate_id: "NonEmptyString", # stage_name: "NonEmptyString", # description: "NonEmptyString", # cache_cluster_enabled: false, # cache_cluster_size: "NonEmptyString", # cache_cluster_status: "NonEmptyString", # method_settings: [ # { # metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # caching_enabled: false, # cache_ttl_in_seconds: 1, # cache_data_encrypted: false, # require_authorization_for_cache_control: false, # unauthorized_cache_control_header_strategy: "NonEmptyString", # http_method: "NonEmptyString", # resource_path: "NonEmptyString", # }, # ], # variables: { # "NonEmptyString" => "NonEmptyString", # }, # documentation_version: "NonEmptyString", # access_log_settings: { # format: "NonEmptyString", # destination_arn: "NonEmptyString", # }, # canary_settings: { # percent_traffic: 1.0, # deployment_id: "NonEmptyString", # stage_variable_overrides: { # "NonEmptyString" => "NonEmptyString", # }, # use_stage_cache: false, # }, # tracing_enabled: false, # created_date: "NonEmptyString", # last_updated_date: "NonEmptyString", # web_acl_arn: "NonEmptyString", # }, # aws_api_gateway_rest_api: { # id: "NonEmptyString", # name: "NonEmptyString", # description: "NonEmptyString", # created_date: "NonEmptyString", # version: "NonEmptyString", # binary_media_types: ["NonEmptyString"], # minimum_compression_size: 1, # api_key_source: "NonEmptyString", # endpoint_configuration: { # types: ["NonEmptyString"], # }, # }, # aws_cloud_trail_trail: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # cloud_watch_logs_role_arn: "NonEmptyString", # has_custom_event_selectors: false, # home_region: "NonEmptyString", # include_global_service_events: false, # is_multi_region_trail: false, # is_organization_trail: false, # kms_key_id: "NonEmptyString", # log_file_validation_enabled: false, # name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_key_prefix: "NonEmptyString", # sns_topic_arn: "NonEmptyString", # sns_topic_name: "NonEmptyString", # trail_arn: "NonEmptyString", # }, # aws_ssm_patch_compliance: { # patch: { # compliance_summary: { # status: "NonEmptyString", # compliant_critical_count: 1, # compliant_high_count: 1, # compliant_medium_count: 1, # execution_type: "NonEmptyString", # non_compliant_critical_count: 1, # compliant_informational_count: 1, # non_compliant_informational_count: 1, # compliant_unspecified_count: 1, # non_compliant_low_count: 1, # non_compliant_high_count: 1, # compliant_low_count: 1, # compliance_type: "NonEmptyString", # patch_baseline_id: "NonEmptyString", # overall_severity: "NonEmptyString", # non_compliant_medium_count: 1, # non_compliant_unspecified_count: 1, # patch_group: "NonEmptyString", # }, # }, # }, # aws_certificate_manager_certificate: { # certificate_authority_arn: "NonEmptyString", # created_at: "NonEmptyString", # domain_name: "NonEmptyString", # domain_validation_options: [ # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # }, # ], # extended_key_usages: [ # { # name: "NonEmptyString", # o_id: "NonEmptyString", # }, # ], # failure_reason: "NonEmptyString", # imported_at: "NonEmptyString", # in_use_by: ["NonEmptyString"], # issued_at: "NonEmptyString", # issuer: "NonEmptyString", # key_algorithm: "NonEmptyString", # key_usages: [ # { # name: "NonEmptyString", # }, # ], # not_after: "NonEmptyString", # not_before: "NonEmptyString", # options: { # certificate_transparency_logging_preference: "NonEmptyString", # }, # renewal_eligibility: "NonEmptyString", # renewal_summary: { # domain_validation_options: [ # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # }, # ], # renewal_status: "NonEmptyString", # renewal_status_reason: "NonEmptyString", # updated_at: "NonEmptyString", # }, # serial: "NonEmptyString", # signature_algorithm: "NonEmptyString", # status: "NonEmptyString", # subject: "NonEmptyString", # subject_alternative_names: ["NonEmptyString"], # type: "NonEmptyString", # }, # aws_redshift_cluster: { # allow_version_upgrade: false, # automated_snapshot_retention_period: 1, # availability_zone: "NonEmptyString", # cluster_availability_status: "NonEmptyString", # cluster_create_time: "NonEmptyString", # cluster_identifier: "NonEmptyString", # cluster_nodes: [ # { # node_role: "NonEmptyString", # private_ip_address: "NonEmptyString", # public_ip_address: "NonEmptyString", # }, # ], # cluster_parameter_groups: [ # { # cluster_parameter_status_list: [ # { # parameter_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # parameter_apply_error_description: "NonEmptyString", # }, # ], # parameter_apply_status: "NonEmptyString", # parameter_group_name: "NonEmptyString", # }, # ], # cluster_public_key: "NonEmptyString", # cluster_revision_number: "NonEmptyString", # cluster_security_groups: [ # { # cluster_security_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # cluster_snapshot_copy_status: { # destination_region: "NonEmptyString", # manual_snapshot_retention_period: 1, # retention_period: 1, # snapshot_copy_grant_name: "NonEmptyString", # }, # cluster_status: "NonEmptyString", # cluster_subnet_group_name: "NonEmptyString", # cluster_version: "NonEmptyString", # db_name: "NonEmptyString", # deferred_maintenance_windows: [ # { # defer_maintenance_end_time: "NonEmptyString", # defer_maintenance_identifier: "NonEmptyString", # defer_maintenance_start_time: "NonEmptyString", # }, # ], # elastic_ip_status: { # elastic_ip: "NonEmptyString", # status: "NonEmptyString", # }, # elastic_resize_number_of_node_options: "NonEmptyString", # encrypted: false, # endpoint: { # address: "NonEmptyString", # port: 1, # }, # enhanced_vpc_routing: false, # expected_next_snapshot_schedule_time: "NonEmptyString", # expected_next_snapshot_schedule_time_status: "NonEmptyString", # hsm_status: { # hsm_client_certificate_identifier: "NonEmptyString", # hsm_configuration_identifier: "NonEmptyString", # status: "NonEmptyString", # }, # iam_roles: [ # { # apply_status: "NonEmptyString", # iam_role_arn: "NonEmptyString", # }, # ], # kms_key_id: "NonEmptyString", # maintenance_track_name: "NonEmptyString", # manual_snapshot_retention_period: 1, # master_username: "NonEmptyString", # next_maintenance_window_start_time: "NonEmptyString", # node_type: "NonEmptyString", # number_of_nodes: 1, # pending_actions: ["NonEmptyString"], # pending_modified_values: { # automated_snapshot_retention_period: 1, # cluster_identifier: "NonEmptyString", # cluster_type: "NonEmptyString", # cluster_version: "NonEmptyString", # encryption_type: "NonEmptyString", # enhanced_vpc_routing: false, # maintenance_track_name: "NonEmptyString", # master_user_password: "NonEmptyString", # node_type: "NonEmptyString", # number_of_nodes: 1, # publicly_accessible: false, # }, # preferred_maintenance_window: "NonEmptyString", # publicly_accessible: false, # resize_info: { # allow_cancel_resize: false, # resize_type: "NonEmptyString", # }, # restore_status: { # current_restore_rate_in_mega_bytes_per_second: 1.0, # elapsed_time_in_seconds: 1, # estimated_time_to_completion_in_seconds: 1, # progress_in_mega_bytes: 1, # snapshot_size_in_mega_bytes: 1, # status: "NonEmptyString", # }, # snapshot_schedule_identifier: "NonEmptyString", # snapshot_schedule_state: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_security_groups: [ # { # status: "NonEmptyString", # vpc_security_group_id: "NonEmptyString", # }, # ], # }, # aws_elb_load_balancer: { # availability_zones: ["NonEmptyString"], # backend_server_descriptions: [ # { # instance_port: 1, # policy_names: ["NonEmptyString"], # }, # ], # canonical_hosted_zone_name: "NonEmptyString", # canonical_hosted_zone_name_id: "NonEmptyString", # created_time: "NonEmptyString", # dns_name: "NonEmptyString", # health_check: { # healthy_threshold: 1, # interval: 1, # target: "NonEmptyString", # timeout: 1, # unhealthy_threshold: 1, # }, # instances: [ # { # instance_id: "NonEmptyString", # }, # ], # listener_descriptions: [ # { # listener: { # instance_port: 1, # instance_protocol: "NonEmptyString", # load_balancer_port: 1, # protocol: "NonEmptyString", # ssl_certificate_id: "NonEmptyString", # }, # policy_names: ["NonEmptyString"], # }, # ], # load_balancer_attributes: { # access_log: { # emit_interval: 1, # enabled: false, # s3_bucket_name: "NonEmptyString", # s3_bucket_prefix: "NonEmptyString", # }, # connection_draining: { # enabled: false, # timeout: 1, # }, # connection_settings: { # idle_timeout: 1, # }, # cross_zone_load_balancing: { # enabled: false, # }, # }, # load_balancer_name: "NonEmptyString", # policies: { # app_cookie_stickiness_policies: [ # { # cookie_name: "NonEmptyString", # policy_name: "NonEmptyString", # }, # ], # lb_cookie_stickiness_policies: [ # { # cookie_expiration_period: 1, # policy_name: "NonEmptyString", # }, # ], # other_policies: ["NonEmptyString"], # }, # scheme: "NonEmptyString", # security_groups: ["NonEmptyString"], # source_security_group: { # group_name: "NonEmptyString", # owner_alias: "NonEmptyString", # }, # subnets: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # aws_iam_group: { # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # group_id: "NonEmptyString", # group_name: "NonEmptyString", # group_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # path: "NonEmptyString", # }, # aws_iam_role: { # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # instance_profile_list: [ # { # arn: "NonEmptyString", # create_date: "NonEmptyString", # instance_profile_id: "NonEmptyString", # instance_profile_name: "NonEmptyString", # path: "NonEmptyString", # roles: [ # { # arn: "NonEmptyString", # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # create_date: "NonEmptyString", # path: "NonEmptyString", # role_id: "NonEmptyString", # role_name: "NonEmptyString", # }, # ], # }, # ], # permissions_boundary: { # permissions_boundary_arn: "NonEmptyString", # permissions_boundary_type: "NonEmptyString", # }, # role_id: "NonEmptyString", # role_name: "NonEmptyString", # role_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # max_session_duration: 1, # path: "NonEmptyString", # }, # aws_kms_key: { # aws_account_id: "NonEmptyString", # creation_date: 1.0, # key_id: "NonEmptyString", # key_manager: "NonEmptyString", # key_state: "NonEmptyString", # origin: "NonEmptyString", # description: "NonEmptyString", # key_rotation_status: false, # }, # aws_lambda_function: { # code: { # s3_bucket: "NonEmptyString", # s3_key: "NonEmptyString", # s3_object_version: "NonEmptyString", # zip_file: "NonEmptyString", # }, # code_sha_256: "NonEmptyString", # dead_letter_config: { # target_arn: "NonEmptyString", # }, # environment: { # variables: { # "NonEmptyString" => "NonEmptyString", # }, # error: { # error_code: "NonEmptyString", # message: "NonEmptyString", # }, # }, # function_name: "NonEmptyString", # handler: "NonEmptyString", # kms_key_arn: "NonEmptyString", # last_modified: "NonEmptyString", # layers: [ # { # arn: "NonEmptyString", # code_size: 1, # }, # ], # master_arn: "NonEmptyString", # memory_size: 1, # revision_id: "NonEmptyString", # role: "NonEmptyString", # runtime: "NonEmptyString", # timeout: 1, # tracing_config: { # mode: "NonEmptyString", # }, # vpc_config: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # version: "NonEmptyString", # }, # aws_lambda_layer_version: { # version: 1, # compatible_runtimes: ["NonEmptyString"], # created_date: "NonEmptyString", # }, # aws_rds_db_instance: { # associated_roles: [ # { # role_arn: "NonEmptyString", # feature_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # ca_certificate_identifier: "NonEmptyString", # db_cluster_identifier: "NonEmptyString", # db_instance_identifier: "NonEmptyString", # db_instance_class: "NonEmptyString", # db_instance_port: 1, # dbi_resource_id: "NonEmptyString", # db_name: "NonEmptyString", # deletion_protection: false, # endpoint: { # address: "NonEmptyString", # port: 1, # hosted_zone_id: "NonEmptyString", # }, # engine: "NonEmptyString", # engine_version: "NonEmptyString", # iam_database_authentication_enabled: false, # instance_create_time: "NonEmptyString", # kms_key_id: "NonEmptyString", # publicly_accessible: false, # storage_encrypted: false, # tde_credential_arn: "NonEmptyString", # vpc_security_groups: [ # { # vpc_security_group_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # multi_az: false, # enhanced_monitoring_resource_arn: "NonEmptyString", # db_instance_status: "NonEmptyString", # master_username: "NonEmptyString", # allocated_storage: 1, # preferred_backup_window: "NonEmptyString", # backup_retention_period: 1, # db_security_groups: ["NonEmptyString"], # db_parameter_groups: [ # { # db_parameter_group_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # }, # ], # availability_zone: "NonEmptyString", # db_subnet_group: { # db_subnet_group_name: "NonEmptyString", # db_subnet_group_description: "NonEmptyString", # vpc_id: "NonEmptyString", # subnet_group_status: "NonEmptyString", # subnets: [ # { # subnet_identifier: "NonEmptyString", # subnet_availability_zone: { # name: "NonEmptyString", # }, # subnet_status: "NonEmptyString", # }, # ], # db_subnet_group_arn: "NonEmptyString", # }, # preferred_maintenance_window: "NonEmptyString", # pending_modified_values: { # db_instance_class: "NonEmptyString", # allocated_storage: 1, # master_user_password: "NonEmptyString", # port: 1, # backup_retention_period: 1, # multi_az: false, # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # iops: 1, # db_instance_identifier: "NonEmptyString", # storage_type: "NonEmptyString", # ca_certificate_identifier: "NonEmptyString", # db_subnet_group_name: "NonEmptyString", # pending_cloud_watch_logs_exports: { # log_types_to_enable: ["NonEmptyString"], # log_types_to_disable: ["NonEmptyString"], # }, # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # }, # latest_restorable_time: "NonEmptyString", # auto_minor_version_upgrade: false, # read_replica_source_db_instance_identifier: "NonEmptyString", # read_replica_db_instance_identifiers: ["NonEmptyString"], # read_replica_db_cluster_identifiers: ["NonEmptyString"], # license_model: "NonEmptyString", # iops: 1, # option_group_memberships: [ # { # option_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # character_set_name: "NonEmptyString", # secondary_availability_zone: "NonEmptyString", # status_infos: [ # { # status_type: "NonEmptyString", # normal: false, # status: "NonEmptyString", # message: "NonEmptyString", # }, # ], # storage_type: "NonEmptyString", # domain_memberships: [ # { # domain: "NonEmptyString", # status: "NonEmptyString", # fqdn: "NonEmptyString", # iam_role_name: "NonEmptyString", # }, # ], # copy_tags_to_snapshot: false, # monitoring_interval: 1, # monitoring_role_arn: "NonEmptyString", # promotion_tier: 1, # timezone: "NonEmptyString", # performance_insights_enabled: false, # performance_insights_kms_key_id: "NonEmptyString", # performance_insights_retention_period: 1, # enabled_cloud_watch_logs_exports: ["NonEmptyString"], # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # listener_endpoint: { # address: "NonEmptyString", # port: 1, # hosted_zone_id: "NonEmptyString", # }, # max_allocated_storage: 1, # }, # aws_sns_topic: { # kms_master_key_id: "NonEmptyString", # subscription: [ # { # endpoint: "NonEmptyString", # protocol: "NonEmptyString", # }, # ], # topic_name: "NonEmptyString", # owner: "NonEmptyString", # }, # aws_sqs_queue: { # kms_data_key_reuse_period_seconds: 1, # kms_master_key_id: "NonEmptyString", # queue_name: "NonEmptyString", # dead_letter_target_arn: "NonEmptyString", # }, # aws_waf_web_acl: { # name: "NonEmptyString", # default_action: "NonEmptyString", # rules: [ # { # action: { # type: "NonEmptyString", # }, # excluded_rules: [ # { # rule_id: "NonEmptyString", # }, # ], # override_action: { # type: "NonEmptyString", # }, # priority: 1, # rule_id: "NonEmptyString", # type: "NonEmptyString", # }, # ], # web_acl_id: "NonEmptyString", # }, # aws_rds_db_snapshot: { # db_snapshot_identifier: "NonEmptyString", # db_instance_identifier: "NonEmptyString", # snapshot_create_time: "NonEmptyString", # engine: "NonEmptyString", # allocated_storage: 1, # status: "NonEmptyString", # port: 1, # availability_zone: "NonEmptyString", # vpc_id: "NonEmptyString", # instance_create_time: "NonEmptyString", # master_username: "NonEmptyString", # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # snapshot_type: "NonEmptyString", # iops: 1, # option_group_name: "NonEmptyString", # percent_progress: 1, # source_region: "NonEmptyString", # source_db_snapshot_identifier: "NonEmptyString", # storage_type: "NonEmptyString", # tde_credential_arn: "NonEmptyString", # encrypted: false, # kms_key_id: "NonEmptyString", # timezone: "NonEmptyString", # iam_database_authentication_enabled: false, # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # dbi_resource_id: "NonEmptyString", # }, # aws_rds_db_cluster_snapshot: { # availability_zones: ["NonEmptyString"], # snapshot_create_time: "NonEmptyString", # engine: "NonEmptyString", # allocated_storage: 1, # status: "NonEmptyString", # port: 1, # vpc_id: "NonEmptyString", # cluster_create_time: "NonEmptyString", # master_username: "NonEmptyString", # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # snapshot_type: "NonEmptyString", # percent_progress: 1, # storage_encrypted: false, # kms_key_id: "NonEmptyString", # db_cluster_identifier: "NonEmptyString", # db_cluster_snapshot_identifier: "NonEmptyString", # iam_database_authentication_enabled: false, # }, # aws_rds_db_cluster: { # allocated_storage: 1, # availability_zones: ["NonEmptyString"], # backup_retention_period: 1, # database_name: "NonEmptyString", # status: "NonEmptyString", # endpoint: "NonEmptyString", # reader_endpoint: "NonEmptyString", # custom_endpoints: ["NonEmptyString"], # multi_az: false, # engine: "NonEmptyString", # engine_version: "NonEmptyString", # port: 1, # master_username: "NonEmptyString", # preferred_backup_window: "NonEmptyString", # preferred_maintenance_window: "NonEmptyString", # read_replica_identifiers: ["NonEmptyString"], # vpc_security_groups: [ # { # vpc_security_group_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # hosted_zone_id: "NonEmptyString", # storage_encrypted: false, # kms_key_id: "NonEmptyString", # db_cluster_resource_id: "NonEmptyString", # associated_roles: [ # { # role_arn: "NonEmptyString", # status: "NonEmptyString", # }, # ], # cluster_create_time: "NonEmptyString", # enabled_cloud_watch_logs_exports: ["NonEmptyString"], # engine_mode: "NonEmptyString", # deletion_protection: false, # http_endpoint_enabled: false, # activity_stream_status: "NonEmptyString", # copy_tags_to_snapshot: false, # cross_account_clone: false, # domain_memberships: [ # { # domain: "NonEmptyString", # status: "NonEmptyString", # fqdn: "NonEmptyString", # iam_role_name: "NonEmptyString", # }, # ], # db_cluster_parameter_group: "NonEmptyString", # db_subnet_group: "NonEmptyString", # db_cluster_option_group_memberships: [ # { # db_cluster_option_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # db_cluster_identifier: "NonEmptyString", # db_cluster_members: [ # { # is_cluster_writer: false, # promotion_tier: 1, # db_instance_identifier: "NonEmptyString", # db_cluster_parameter_group_status: "NonEmptyString", # }, # ], # iam_database_authentication_enabled: false, # }, # aws_ecs_cluster: { # capacity_providers: ["NonEmptyString"], # cluster_settings: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # configuration: { # execute_command_configuration: { # kms_key_id: "NonEmptyString", # log_configuration: { # cloud_watch_encryption_enabled: false, # cloud_watch_log_group_name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_encryption_enabled: false, # s3_key_prefix: "NonEmptyString", # }, # logging: "NonEmptyString", # }, # }, # default_capacity_provider_strategy: [ # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # }, # ], # }, # aws_ecs_task_definition: { # container_definitions: [ # { # command: ["NonEmptyString"], # cpu: 1, # depends_on: [ # { # condition: "NonEmptyString", # container_name: "NonEmptyString", # }, # ], # disable_networking: false, # dns_search_domains: ["NonEmptyString"], # dns_servers: ["NonEmptyString"], # docker_labels: { # "NonEmptyString" => "NonEmptyString", # }, # docker_security_options: ["NonEmptyString"], # entry_point: ["NonEmptyString"], # environment: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # environment_files: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # essential: false, # extra_hosts: [ # { # hostname: "NonEmptyString", # ip_address: "NonEmptyString", # }, # ], # firelens_configuration: { # options: { # "NonEmptyString" => "NonEmptyString", # }, # type: "NonEmptyString", # }, # health_check: { # command: ["NonEmptyString"], # interval: 1, # retries: 1, # start_period: 1, # timeout: 1, # }, # hostname: "NonEmptyString", # image: "NonEmptyString", # interactive: false, # links: ["NonEmptyString"], # linux_parameters: { # capabilities: { # add: ["NonEmptyString"], # drop: ["NonEmptyString"], # }, # devices: [ # { # container_path: "NonEmptyString", # host_path: "NonEmptyString", # permissions: ["NonEmptyString"], # }, # ], # init_process_enabled: false, # max_swap: 1, # shared_memory_size: 1, # swappiness: 1, # tmpfs: [ # { # container_path: "NonEmptyString", # mount_options: ["NonEmptyString"], # size: 1, # }, # ], # }, # log_configuration: { # log_driver: "NonEmptyString", # options: { # "NonEmptyString" => "NonEmptyString", # }, # secret_options: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # }, # memory: 1, # memory_reservation: 1, # mount_points: [ # { # container_path: "NonEmptyString", # read_only: false, # source_volume: "NonEmptyString", # }, # ], # name: "NonEmptyString", # port_mappings: [ # { # container_port: 1, # host_port: 1, # protocol: "NonEmptyString", # }, # ], # privileged: false, # pseudo_terminal: false, # readonly_root_filesystem: false, # repository_credentials: { # credentials_parameter: "NonEmptyString", # }, # resource_requirements: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # secrets: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # start_timeout: 1, # stop_timeout: 1, # system_controls: [ # { # namespace: "NonEmptyString", # value: "NonEmptyString", # }, # ], # ulimits: [ # { # hard_limit: 1, # name: "NonEmptyString", # soft_limit: 1, # }, # ], # user: "NonEmptyString", # volumes_from: [ # { # read_only: false, # source_container: "NonEmptyString", # }, # ], # working_directory: "NonEmptyString", # }, # ], # cpu: "NonEmptyString", # execution_role_arn: "NonEmptyString", # family: "NonEmptyString", # inference_accelerators: [ # { # device_name: "NonEmptyString", # device_type: "NonEmptyString", # }, # ], # ipc_mode: "NonEmptyString", # memory: "NonEmptyString", # network_mode: "NonEmptyString", # pid_mode: "NonEmptyString", # placement_constraints: [ # { # expression: "NonEmptyString", # type: "NonEmptyString", # }, # ], # proxy_configuration: { # container_name: "NonEmptyString", # proxy_configuration_properties: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # type: "NonEmptyString", # }, # requires_compatibilities: ["NonEmptyString"], # task_role_arn: "NonEmptyString", # volumes: [ # { # docker_volume_configuration: { # autoprovision: false, # driver: "NonEmptyString", # driver_opts: { # "NonEmptyString" => "NonEmptyString", # }, # labels: { # "NonEmptyString" => "NonEmptyString", # }, # scope: "NonEmptyString", # }, # efs_volume_configuration: { # authorization_config: { # access_point_id: "NonEmptyString", # iam: "NonEmptyString", # }, # filesystem_id: "NonEmptyString", # root_directory: "NonEmptyString", # transit_encryption: "NonEmptyString", # transit_encryption_port: 1, # }, # host: { # source_path: "NonEmptyString", # }, # name: "NonEmptyString", # }, # ], # }, # container: { # name: "NonEmptyString", # image_id: "NonEmptyString", # image_name: "NonEmptyString", # launched_at: "NonEmptyString", # }, # other: { # "NonEmptyString" => "NonEmptyString", # }, # aws_rds_event_subscription: { # cust_subscription_id: "NonEmptyString", # customer_aws_id: "NonEmptyString", # enabled: false, # event_categories_list: ["NonEmptyString"], # event_subscription_arn: "NonEmptyString", # sns_topic_arn: "NonEmptyString", # source_ids_list: ["NonEmptyString"], # source_type: "NonEmptyString", # status: "NonEmptyString", # subscription_creation_time: "NonEmptyString", # }, # aws_ecs_service: { # capacity_provider_strategy: [ # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # }, # ], # cluster: "NonEmptyString", # deployment_configuration: { # deployment_circuit_breaker: { # enable: false, # rollback: false, # }, # maximum_percent: 1, # minimum_healthy_percent: 1, # }, # deployment_controller: { # type: "NonEmptyString", # }, # desired_count: 1, # enable_ecs_managed_tags: false, # enable_execute_command: false, # health_check_grace_period_seconds: 1, # launch_type: "NonEmptyString", # load_balancers: [ # { # container_name: "NonEmptyString", # container_port: 1, # load_balancer_name: "NonEmptyString", # target_group_arn: "NonEmptyString", # }, # ], # name: "NonEmptyString", # network_configuration: { # aws_vpc_configuration: { # assign_public_ip: "NonEmptyString", # security_groups: ["NonEmptyString"], # subnets: ["NonEmptyString"], # }, # }, # placement_constraints: [ # { # expression: "NonEmptyString", # type: "NonEmptyString", # }, # ], # placement_strategies: [ # { # field: "NonEmptyString", # type: "NonEmptyString", # }, # ], # platform_version: "NonEmptyString", # propagate_tags: "NonEmptyString", # role: "NonEmptyString", # scheduling_strategy: "NonEmptyString", # service_arn: "NonEmptyString", # service_name: "NonEmptyString", # service_registries: [ # { # container_name: "NonEmptyString", # container_port: 1, # port: 1, # registry_arn: "NonEmptyString", # }, # ], # task_definition: "NonEmptyString", # }, # aws_auto_scaling_launch_configuration: { # associate_public_ip_address: false, # block_device_mappings: [ # { # device_name: "NonEmptyString", # ebs: { # delete_on_termination: false, # encrypted: false, # iops: 1, # snapshot_id: "NonEmptyString", # volume_size: 1, # volume_type: "NonEmptyString", # }, # no_device: false, # virtual_name: "NonEmptyString", # }, # ], # classic_link_vpc_id: "NonEmptyString", # classic_link_vpc_security_groups: ["NonEmptyString"], # created_time: "NonEmptyString", # ebs_optimized: false, # iam_instance_profile: "NonEmptyString", # image_id: "NonEmptyString", # instance_monitoring: { # enabled: false, # }, # instance_type: "NonEmptyString", # kernel_id: "NonEmptyString", # key_name: "NonEmptyString", # launch_configuration_name: "NonEmptyString", # placement_tenancy: "NonEmptyString", # ramdisk_id: "NonEmptyString", # security_groups: ["NonEmptyString"], # spot_price: "NonEmptyString", # user_data: "NonEmptyString", # metadata_options: { # http_endpoint: "NonEmptyString", # http_put_response_hop_limit: 1, # http_tokens: "NonEmptyString", # }, # }, # aws_ec2_vpn_connection: { # vpn_connection_id: "NonEmptyString", # state: "NonEmptyString", # customer_gateway_id: "NonEmptyString", # customer_gateway_configuration: "NonEmptyString", # type: "NonEmptyString", # vpn_gateway_id: "NonEmptyString", # category: "NonEmptyString", # vgw_telemetry: [ # { # accepted_route_count: 1, # certificate_arn: "NonEmptyString", # last_status_change: "NonEmptyString", # outside_ip_address: "NonEmptyString", # status: "NonEmptyString", # status_message: "NonEmptyString", # }, # ], # options: { # static_routes_only: false, # tunnel_options: [ # { # dpd_timeout_seconds: 1, # ike_versions: ["NonEmptyString"], # outside_ip_address: "NonEmptyString", # phase_1_dh_group_numbers: [1], # phase_1_encryption_algorithms: ["NonEmptyString"], # phase_1_integrity_algorithms: ["NonEmptyString"], # phase_1_lifetime_seconds: 1, # phase_2_dh_group_numbers: [1], # phase_2_encryption_algorithms: ["NonEmptyString"], # phase_2_integrity_algorithms: ["NonEmptyString"], # phase_2_lifetime_seconds: 1, # pre_shared_key: "NonEmptyString", # rekey_fuzz_percentage: 1, # rekey_margin_time_seconds: 1, # replay_window_size: 1, # tunnel_inside_cidr: "NonEmptyString", # }, # ], # }, # routes: [ # { # destination_cidr_block: "NonEmptyString", # state: "NonEmptyString", # }, # ], # transit_gateway_id: "NonEmptyString", # }, # aws_ecr_container_image: { # registry_id: "NonEmptyString", # repository_name: "NonEmptyString", # architecture: "NonEmptyString", # image_digest: "NonEmptyString", # image_tags: ["NonEmptyString"], # image_published_at: "NonEmptyString", # }, # aws_open_search_service_domain: { # arn: "NonEmptyString", # access_policies: "NonEmptyString", # domain_name: "NonEmptyString", # id: "NonEmptyString", # domain_endpoint: "NonEmptyString", # engine_version: "NonEmptyString", # encryption_at_rest_options: { # enabled: false, # kms_key_id: "NonEmptyString", # }, # node_to_node_encryption_options: { # enabled: false, # }, # service_software_options: { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # optional_deployment: false, # }, # cluster_config: { # instance_count: 1, # warm_enabled: false, # warm_count: 1, # dedicated_master_enabled: false, # zone_awareness_config: { # availability_zone_count: 1, # }, # dedicated_master_count: 1, # instance_type: "NonEmptyString", # warm_type: "NonEmptyString", # zone_awareness_enabled: false, # dedicated_master_type: "NonEmptyString", # }, # domain_endpoint_options: { # custom_endpoint_certificate_arn: "NonEmptyString", # custom_endpoint_enabled: false, # enforce_https: false, # custom_endpoint: "NonEmptyString", # tls_security_policy: "NonEmptyString", # }, # vpc_options: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # }, # log_publishing_options: { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # }, # domain_endpoints: { # "NonEmptyString" => "NonEmptyString", # }, # }, # aws_ec2_vpc_endpoint_service: { # acceptance_required: false, # availability_zones: ["NonEmptyString"], # base_endpoint_dns_names: ["NonEmptyString"], # manages_vpc_endpoints: false, # gateway_load_balancer_arns: ["NonEmptyString"], # network_load_balancer_arns: ["NonEmptyString"], # private_dns_name: "NonEmptyString", # service_id: "NonEmptyString", # service_name: "NonEmptyString", # service_state: "NonEmptyString", # service_type: [ # { # service_type: "NonEmptyString", # }, # ], # }, # aws_xray_encryption_config: { # key_id: "NonEmptyString", # status: "NonEmptyString", # type: "NonEmptyString", # }, # aws_waf_rate_based_rule: { # metric_name: "NonEmptyString", # name: "NonEmptyString", # rate_key: "NonEmptyString", # rate_limit: 1, # rule_id: "NonEmptyString", # match_predicates: [ # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # }, # ], # }, # aws_waf_regional_rate_based_rule: { # metric_name: "NonEmptyString", # name: "NonEmptyString", # rate_key: "NonEmptyString", # rate_limit: 1, # rule_id: "NonEmptyString", # match_predicates: [ # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # }, # ], # }, # aws_ecr_repository: { # arn: "NonEmptyString", # image_scanning_configuration: { # scan_on_push: false, # }, # image_tag_mutability: "NonEmptyString", # lifecycle_policy: { # lifecycle_policy_text: "NonEmptyString", # registry_id: "NonEmptyString", # }, # repository_name: "NonEmptyString", # repository_policy_text: "NonEmptyString", # }, # aws_eks_cluster: { # arn: "NonEmptyString", # certificate_authority_data: "NonEmptyString", # cluster_status: "NonEmptyString", # endpoint: "NonEmptyString", # name: "NonEmptyString", # resources_vpc_config: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # }, # role_arn: "NonEmptyString", # version: "NonEmptyString", # logging: { # cluster_logging: [ # { # enabled: false, # types: ["NonEmptyString"], # }, # ], # }, # }, # aws_network_firewall_firewall_policy: { # firewall_policy: { # stateful_rule_group_references: [ # { # resource_arn: "NonEmptyString", # }, # ], # stateless_custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_default_actions: ["NonEmptyString"], # stateless_fragment_default_actions: ["NonEmptyString"], # stateless_rule_group_references: [ # { # priority: 1, # resource_arn: "NonEmptyString", # }, # ], # }, # firewall_policy_arn: "NonEmptyString", # firewall_policy_id: "NonEmptyString", # firewall_policy_name: "NonEmptyString", # description: "NonEmptyString", # }, # aws_network_firewall_firewall: { # delete_protection: false, # description: "NonEmptyString", # firewall_arn: "NonEmptyString", # firewall_id: "NonEmptyString", # firewall_name: "NonEmptyString", # firewall_policy_arn: "NonEmptyString", # firewall_policy_change_protection: false, # subnet_change_protection: false, # subnet_mappings: [ # { # subnet_id: "NonEmptyString", # }, # ], # vpc_id: "NonEmptyString", # }, # aws_network_firewall_rule_group: { # capacity: 1, # description: "NonEmptyString", # rule_group: { # rule_variables: { # ip_sets: { # definition: ["NonEmptyString"], # }, # port_sets: { # definition: ["NonEmptyString"], # }, # }, # rules_source: { # rules_source_list: { # generated_rules_type: "NonEmptyString", # target_types: ["NonEmptyString"], # targets: ["NonEmptyString"], # }, # rules_string: "NonEmptyString", # stateful_rules: [ # { # action: "NonEmptyString", # header: { # destination: "NonEmptyString", # destination_port: "NonEmptyString", # direction: "NonEmptyString", # protocol: "NonEmptyString", # source: "NonEmptyString", # source_port: "NonEmptyString", # }, # rule_options: [ # { # keyword: "NonEmptyString", # settings: ["NonEmptyString"], # }, # ], # }, # ], # stateless_rules_and_custom_actions: { # custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_rules: [ # { # priority: 1, # rule_definition: { # actions: ["NonEmptyString"], # match_attributes: { # destination_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # destinations: [ # { # address_definition: "NonEmptyString", # }, # ], # protocols: [1], # source_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # sources: [ # { # address_definition: "NonEmptyString", # }, # ], # tcp_flags: [ # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # }, # ], # }, # }, # }, # ], # }, # }, # }, # rule_group_arn: "NonEmptyString", # rule_group_id: "NonEmptyString", # rule_group_name: "NonEmptyString", # type: "NonEmptyString", # }, # }, # }, # ], # compliance: { # status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE # related_requirements: ["NonEmptyString"], # status_reasons: [ # { # reason_code: "NonEmptyString", # required # description: "NonEmptyString", # }, # ], # }, # verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE # workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED # workflow: { # status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED # }, # record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED # related_findings: [ # { # product_arn: "NonEmptyString", # required # id: "NonEmptyString", # required # }, # ], # note: { # text: "NonEmptyString", # required # updated_by: "NonEmptyString", # required # updated_at: "NonEmptyString", # required # }, # vulnerabilities: [ # { # id: "NonEmptyString", # required # vulnerable_packages: [ # { # name: "NonEmptyString", # version: "NonEmptyString", # epoch: "NonEmptyString", # release: "NonEmptyString", # architecture: "NonEmptyString", # package_manager: "NonEmptyString", # file_path: "NonEmptyString", # }, # ], # cvss: [ # { # version: "NonEmptyString", # base_score: 1.0, # base_vector: "NonEmptyString", # source: "NonEmptyString", # adjustments: [ # { # metric: "NonEmptyString", # reason: "NonEmptyString", # }, # ], # }, # ], # related_vulnerabilities: ["NonEmptyString"], # vendor: { # name: "NonEmptyString", # required # url: "NonEmptyString", # vendor_severity: "NonEmptyString", # vendor_created_at: "NonEmptyString", # vendor_updated_at: "NonEmptyString", # }, # reference_urls: ["NonEmptyString"], # }, # ], # patch_summary: { # id: "NonEmptyString", # required # installed_count: 1, # missing_count: 1, # failed_count: 1, # installed_other_count: 1, # installed_rejected_count: 1, # installed_pending_reboot: 1, # operation_start_time: "NonEmptyString", # operation_end_time: "NonEmptyString", # reboot_option: "NonEmptyString", # operation: "NonEmptyString", # }, # action: { # action_type: "NonEmptyString", # network_connection_action: { # connection_direction: "NonEmptyString", # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # remote_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # local_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # protocol: "NonEmptyString", # blocked: false, # }, # aws_api_call_action: { # api: "NonEmptyString", # service_name: "NonEmptyString", # caller_type: "NonEmptyString", # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # domain_details: { # domain: "NonEmptyString", # }, # affected_resources: { # "NonEmptyString" => "NonEmptyString", # }, # first_seen: "NonEmptyString", # last_seen: "NonEmptyString", # }, # dns_request_action: { # domain: "NonEmptyString", # protocol: "NonEmptyString", # blocked: false, # }, # port_probe_action: { # port_probe_details: [ # { # local_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # local_ip_details: { # ip_address_v4: "NonEmptyString", # }, # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # }, # ], # blocked: false, # }, # }, # finding_provider_fields: { # confidence: 1, # criticality: 1, # related_findings: [ # { # product_arn: "NonEmptyString", # required # id: "NonEmptyString", # required # }, # ], # severity: { # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL # original: "NonEmptyString", # }, # types: ["NonEmptyString"], # }, # sample: false, # } # # @!attribute [rw] schema_version # The schema version that a finding is formatted for. # @return [String] # # @!attribute [rw] id # The security findings provider-specific identifier for a finding. # @return [String] # # @!attribute [rw] product_arn # The ARN generated by Security Hub that uniquely identifies a product # that generates findings. This can be the ARN for a third-party # product that is integrated with Security Hub, or the ARN for a # custom integration. # @return [String] # # @!attribute [rw] product_name # The name of the product that generated the finding. # # Security Hub populates this attribute automatically for each # finding. You cannot update it using `BatchImportFindings` or # `BatchUpdateFindings`. The exception to this is when you use a # custom integration. # # When you use the Security Hub console to filter findings by product # name, you use this attribute. # # When you use the Security Hub API to filter findings by product # name, you use the `aws/securityhub/ProductName` attribute under # `ProductFields`. # # Security Hub does not synchronize those two attributes. # @return [String] # # @!attribute [rw] company_name # The name of the company for the product that generated the finding. # # Security Hub populates this attribute automatically for each # finding. You cannot be updated using `BatchImportFindings` or # `BatchUpdateFindings`. The exception to this is when you use a # custom integration. # # When you use the Security Hub console to filter findings by company # name, you use this attribute. # # When you use the Security Hub API to filter findings by company # name, you use the `aws/securityhub/CompanyName` attribute under # `ProductFields`. # # Security Hub does not synchronize those two attributes. # @return [String] # # @!attribute [rw] region # The Region from which the finding was generated. # # Security Hub populates this attribute automatically for each # finding. You cannot update it using `BatchImportFindings` or # `BatchUpdateFindings`. # @return [String] # # @!attribute [rw] generator_id # The identifier for the solution-specific component (a discrete unit # of logic) that generated a finding. In various security-findings # providers' solutions, this generator can be called a rule, a check, # a detector, a plugin, etc. # @return [String] # # @!attribute [rw] aws_account_id # The Amazon Web Services account ID that a finding is generated in. # @return [String] # # @!attribute [rw] types # One or more finding types in the format of # `namespace/category/classifier` that classify a finding. # # Valid namespace values are: Software and Configuration Checks \| # TTPs \| Effects \| Unusual Behaviors \| Sensitive Data # Identifications # @return [Array] # # @!attribute [rw] first_observed_at # Indicates when the security-findings provider first observed the # potential security issue that a finding captured. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] last_observed_at # Indicates when the security-findings provider most recently observed # the potential security issue that a finding captured. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] created_at # Indicates when the security-findings provider created the potential # security issue that a finding captured. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] updated_at # Indicates when the security-findings provider last updated the # finding record. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] severity # A finding's severity. # @return [Types::Severity] # # @!attribute [rw] confidence # A finding's confidence. Confidence is defined as the likelihood # that a finding accurately identifies the behavior or issue that it # was intended to identify. # # Confidence is scored on a 0-100 basis using a ratio scale, where 0 # means zero percent confidence and 100 means 100 percent confidence. # @return [Integer] # # @!attribute [rw] criticality # The level of importance assigned to the resources associated with # the finding. # # A score of 0 means that the underlying resources have no # criticality, and a score of 100 is reserved for the most critical # resources. # @return [Integer] # # @!attribute [rw] title # A finding's title. # # In this release, `Title` is a required property. # # # @return [String] # # @!attribute [rw] description # A finding's description. # # In this release, `Description` is a required property. # # # @return [String] # # @!attribute [rw] remediation # A data type that describes the remediation options for a finding. # @return [Types::Remediation] # # @!attribute [rw] source_url # A URL that links to a page about the current finding in the # security-findings provider's solution. # @return [String] # # @!attribute [rw] product_fields # A data type where security-findings providers can include additional # solution-specific details that aren't part of the defined # `AwsSecurityFinding` format. # # Can contain up to 50 key-value pairs. For each key-value pair, the # key can contain up to 128 characters, and the value can contain up # to 2048 characters. # @return [Hash] # # @!attribute [rw] user_defined_fields # A list of name/value string pairs associated with the finding. These # are custom, user-defined fields added to a finding. # @return [Hash] # # @!attribute [rw] malware # A list of malware related to a finding. # @return [Array] # # @!attribute [rw] network # The details of network-related information about a finding. # @return [Types::Network] # # @!attribute [rw] network_path # Provides information about a network path that is relevant to a # finding. Each entry under `NetworkPath` represents a component of # that path. # @return [Array] # # @!attribute [rw] process # The details of process-related information about a finding. # @return [Types::ProcessDetails] # # @!attribute [rw] threat_intel_indicators # Threat intelligence details related to a finding. # @return [Array] # # @!attribute [rw] resources # A set of resource data types that describe the resources that the # finding refers to. # @return [Array] # # @!attribute [rw] compliance # This data type is exclusive to findings that are generated as the # result of a check run against a specific rule in a supported # security standard, such as CIS Amazon Web Services Foundations. # Contains security standard-related finding details. # @return [Types::Compliance] # # @!attribute [rw] verification_state # Indicates the veracity of a finding. # @return [String] # # @!attribute [rw] workflow_state # The workflow state of a finding. # @return [String] # # @!attribute [rw] workflow # Provides information about the status of the investigation into a # finding. # @return [Types::Workflow] # # @!attribute [rw] record_state # The record state of a finding. # @return [String] # # @!attribute [rw] related_findings # A list of related findings. # @return [Array] # # @!attribute [rw] note # A user-defined note added to a finding. # @return [Types::Note] # # @!attribute [rw] vulnerabilities # Provides a list of vulnerabilities associated with the findings. # @return [Array] # # @!attribute [rw] patch_summary # Provides an overview of the patch compliance status for an instance # against a selected compliance standard. # @return [Types::PatchSummary] # # @!attribute [rw] action # Provides details about an action that affects or that was taken on a # resource. # @return [Types::Action] # # @!attribute [rw] finding_provider_fields # In a `BatchImportFindings` request, finding providers use # `FindingProviderFields` to provide and update their own values for # confidence, criticality, related findings, severity, and types. # @return [Types::FindingProviderFields] # # @!attribute [rw] sample # Indicates whether the finding is a sample finding. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFinding AWS API Documentation # class AwsSecurityFinding < Struct.new( :schema_version, :id, :product_arn, :product_name, :company_name, :region, :generator_id, :aws_account_id, :types, :first_observed_at, :last_observed_at, :created_at, :updated_at, :severity, :confidence, :criticality, :title, :description, :remediation, :source_url, :product_fields, :user_defined_fields, :malware, :network, :network_path, :process, :threat_intel_indicators, :resources, :compliance, :verification_state, :workflow_state, :workflow, :record_state, :related_findings, :note, :vulnerabilities, :patch_summary, :action, :finding_provider_fields, :sample) SENSITIVE = [] include Aws::Structure end # A collection of attributes that are applied to all active Security # Hub-aggregated findings and that result in a subset of findings that # are included in this insight. # # You can filter by up to 10 finding attributes. For each attribute, you # can provide up to 20 filter values. # # @note When making an API call, you may pass AwsSecurityFindingFilters # data as a hash: # # { # product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # aws_account_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # generator_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # region: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # first_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # last_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # created_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # updated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # severity_product: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # severity_normalized: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # severity_label: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # title: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # description: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # recommendation_text: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # source_url: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # product_fields: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # product_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # company_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # user_defined_fields: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # malware_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_path: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_direction: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_protocol: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_source_ip_v4: [ # { # cidr: "NonEmptyString", # }, # ], # network_source_ip_v6: [ # { # cidr: "NonEmptyString", # }, # ], # network_source_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # network_source_domain: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_source_mac: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_destination_ip_v4: [ # { # cidr: "NonEmptyString", # }, # ], # network_destination_ip_v6: [ # { # cidr: "NonEmptyString", # }, # ], # network_destination_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # network_destination_domain: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_path: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # process_parent_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # process_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # process_terminated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # threat_intel_indicator_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_value: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_category: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_last_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # threat_intel_indicator_source: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_source_url: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_partition: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_region: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_tags: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # resource_aws_ec2_instance_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_image_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_ip_v4_addresses: [ # { # cidr: "NonEmptyString", # }, # ], # resource_aws_ec2_instance_ip_v6_addresses: [ # { # cidr: "NonEmptyString", # }, # ], # resource_aws_ec2_instance_key_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_iam_instance_profile_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_vpc_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_subnet_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_aws_s3_bucket_owner_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_s3_bucket_owner_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_user_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_principal_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_created_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_aws_iam_user_user_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_image_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_image_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_details_other: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # compliance_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # verification_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # workflow_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # workflow_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # record_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # related_findings_product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # related_findings_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # note_text: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # note_updated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # note_updated_by: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # keyword: [ # { # value: "NonEmptyString", # }, # ], # finding_provider_fields_confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # finding_provider_fields_criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # finding_provider_fields_related_findings_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_related_findings_product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_severity_label: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_severity_original: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_types: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # sample: [ # { # value: false, # }, # ], # } # # @!attribute [rw] product_arn # The ARN generated by Security Hub that uniquely identifies a # third-party company (security findings provider) after this # provider's product (solution that generates findings) is registered # with Security Hub. # @return [Array] # # @!attribute [rw] aws_account_id # The Amazon Web Services account ID that a finding is generated in. # @return [Array] # # @!attribute [rw] id # The security findings provider-specific identifier for a finding. # @return [Array] # # @!attribute [rw] generator_id # The identifier for the solution-specific component (a discrete unit # of logic) that generated a finding. In various security-findings # providers' solutions, this generator can be called a rule, a check, # a detector, a plugin, etc. # @return [Array] # # @!attribute [rw] region # The Region from which the finding was generated. # @return [Array] # # @!attribute [rw] type # A finding type in the format of `namespace/category/classifier` that # classifies a finding. # @return [Array] # # @!attribute [rw] first_observed_at # An ISO8601-formatted timestamp that indicates when the # security-findings provider first observed the potential security # issue that a finding captured. # @return [Array] # # @!attribute [rw] last_observed_at # An ISO8601-formatted timestamp that indicates when the # security-findings provider most recently observed the potential # security issue that a finding captured. # @return [Array] # # @!attribute [rw] created_at # An ISO8601-formatted timestamp that indicates when the # security-findings provider captured the potential security issue # that a finding captured. # @return [Array] # # @!attribute [rw] updated_at # An ISO8601-formatted timestamp that indicates when the # security-findings provider last updated the finding record. # @return [Array] # # @!attribute [rw] severity_product # The native severity as defined by the security-findings provider's # solution that generated the finding. # @return [Array] # # @!attribute [rw] severity_normalized # The normalized severity of a finding. # @return [Array] # # @!attribute [rw] severity_label # The label of a finding's severity. # @return [Array] # # @!attribute [rw] confidence # A finding's confidence. Confidence is defined as the likelihood # that a finding accurately identifies the behavior or issue that it # was intended to identify. # # Confidence is scored on a 0-100 basis using a ratio scale, where 0 # means zero percent confidence and 100 means 100 percent confidence. # @return [Array] # # @!attribute [rw] criticality # The level of importance assigned to the resources associated with # the finding. # # A score of 0 means that the underlying resources have no # criticality, and a score of 100 is reserved for the most critical # resources. # @return [Array] # # @!attribute [rw] title # A finding's title. # @return [Array] # # @!attribute [rw] description # A finding's description. # @return [Array] # # @!attribute [rw] recommendation_text # The recommendation of what to do about the issue described in a # finding. # @return [Array] # # @!attribute [rw] source_url # A URL that links to a page about the current finding in the # security-findings provider's solution. # @return [Array] # # @!attribute [rw] product_fields # A data type where security-findings providers can include additional # solution-specific details that aren't part of the defined # `AwsSecurityFinding` format. # @return [Array] # # @!attribute [rw] product_name # The name of the solution (product) that generates findings. # # Note that this is a filter against the `aws/securityhub/ProductName` # field in `ProductFields`. It is not a filter for the top-level # `ProductName` field. # @return [Array] # # @!attribute [rw] company_name # The name of the findings provider (company) that owns the solution # (product) that generates findings. # # Note that this is a filter against the `aws/securityhub/CompanyName` # field in `ProductFields`. It is not a filter for the top-level # `CompanyName` field. # @return [Array] # # @!attribute [rw] user_defined_fields # A list of name/value string pairs associated with the finding. These # are custom, user-defined fields added to a finding. # @return [Array] # # @!attribute [rw] malware_name # The name of the malware that was observed. # @return [Array] # # @!attribute [rw] malware_type # The type of the malware that was observed. # @return [Array] # # @!attribute [rw] malware_path # The filesystem path of the malware that was observed. # @return [Array] # # @!attribute [rw] malware_state # The state of the malware that was observed. # @return [Array] # # @!attribute [rw] network_direction # Indicates the direction of network traffic associated with a # finding. # @return [Array] # # @!attribute [rw] network_protocol # The protocol of network-related information about a finding. # @return [Array] # # @!attribute [rw] network_source_ip_v4 # The source IPv4 address of network-related information about a # finding. # @return [Array] # # @!attribute [rw] network_source_ip_v6 # The source IPv6 address of network-related information about a # finding. # @return [Array] # # @!attribute [rw] network_source_port # The source port of network-related information about a finding. # @return [Array] # # @!attribute [rw] network_source_domain # The source domain of network-related information about a finding. # @return [Array] # # @!attribute [rw] network_source_mac # The source media access control (MAC) address of network-related # information about a finding. # @return [Array] # # @!attribute [rw] network_destination_ip_v4 # The destination IPv4 address of network-related information about a # finding. # @return [Array] # # @!attribute [rw] network_destination_ip_v6 # The destination IPv6 address of network-related information about a # finding. # @return [Array] # # @!attribute [rw] network_destination_port # The destination port of network-related information about a finding. # @return [Array] # # @!attribute [rw] network_destination_domain # The destination domain of network-related information about a # finding. # @return [Array] # # @!attribute [rw] process_name # The name of the process. # @return [Array] # # @!attribute [rw] process_path # The path to the process executable. # @return [Array] # # @!attribute [rw] process_pid # The process ID. # @return [Array] # # @!attribute [rw] process_parent_pid # The parent process ID. # @return [Array] # # @!attribute [rw] process_launched_at # The date/time that the process was launched. # @return [Array] # # @!attribute [rw] process_terminated_at # The date/time that the process was terminated. # @return [Array] # # @!attribute [rw] threat_intel_indicator_type # The type of a threat intelligence indicator. # @return [Array] # # @!attribute [rw] threat_intel_indicator_value # The value of a threat intelligence indicator. # @return [Array] # # @!attribute [rw] threat_intel_indicator_category # The category of a threat intelligence indicator. # @return [Array] # # @!attribute [rw] threat_intel_indicator_last_observed_at # The date/time of the last observation of a threat intelligence # indicator. # @return [Array] # # @!attribute [rw] threat_intel_indicator_source # The source of the threat intelligence. # @return [Array] # # @!attribute [rw] threat_intel_indicator_source_url # The URL for more details from the source of the threat intelligence. # @return [Array] # # @!attribute [rw] resource_type # Specifies the type of the resource that details are provided for. # @return [Array] # # @!attribute [rw] resource_id # The canonical identifier for the given resource type. # @return [Array] # # @!attribute [rw] resource_partition # The canonical Amazon Web Services partition name that the Region is # assigned to. # @return [Array] # # @!attribute [rw] resource_region # The canonical Amazon Web Services external Region name where this # resource is located. # @return [Array] # # @!attribute [rw] resource_tags # A list of Amazon Web Services tags associated with a resource at the # time the finding was processed. # @return [Array] # # @!attribute [rw] resource_aws_ec2_instance_type # The instance type of the instance. # @return [Array] # # @!attribute [rw] resource_aws_ec2_instance_image_id # The Amazon Machine Image (AMI) ID of the instance. # @return [Array] # # @!attribute [rw] resource_aws_ec2_instance_ip_v4_addresses # The IPv4 addresses associated with the instance. # @return [Array] # # @!attribute [rw] resource_aws_ec2_instance_ip_v6_addresses # The IPv6 addresses associated with the instance. # @return [Array] # # @!attribute [rw] resource_aws_ec2_instance_key_name # The key name associated with the instance. # @return [Array] # # @!attribute [rw] resource_aws_ec2_instance_iam_instance_profile_arn # The IAM profile ARN of the instance. # @return [Array] # # @!attribute [rw] resource_aws_ec2_instance_vpc_id # The identifier of the VPC that the instance was launched in. # @return [Array] # # @!attribute [rw] resource_aws_ec2_instance_subnet_id # The identifier of the subnet that the instance was launched in. # @return [Array] # # @!attribute [rw] resource_aws_ec2_instance_launched_at # The date and time the instance was launched. # @return [Array] # # @!attribute [rw] resource_aws_s3_bucket_owner_id # The canonical user ID of the owner of the S3 bucket. # @return [Array] # # @!attribute [rw] resource_aws_s3_bucket_owner_name # The display name of the owner of the S3 bucket. # @return [Array] # # @!attribute [rw] resource_aws_iam_access_key_user_name # The user associated with the IAM access key related to a finding. # @return [Array] # # @!attribute [rw] resource_aws_iam_access_key_principal_name # The name of the principal that is associated with an IAM access key. # @return [Array] # # @!attribute [rw] resource_aws_iam_access_key_status # The status of the IAM access key related to a finding. # @return [Array] # # @!attribute [rw] resource_aws_iam_access_key_created_at # The creation date/time of the IAM access key related to a finding. # @return [Array] # # @!attribute [rw] resource_aws_iam_user_user_name # The name of an IAM user. # @return [Array] # # @!attribute [rw] resource_container_name # The name of the container related to a finding. # @return [Array] # # @!attribute [rw] resource_container_image_id # The identifier of the image related to a finding. # @return [Array] # # @!attribute [rw] resource_container_image_name # The name of the image related to a finding. # @return [Array] # # @!attribute [rw] resource_container_launched_at # The date/time that the container was started. # @return [Array] # # @!attribute [rw] resource_details_other # The details of a resource that doesn't have a specific subfield for # the resource type defined. # @return [Array] # # @!attribute [rw] compliance_status # Exclusive to findings that are generated as the result of a check # run against a specific rule in a supported standard, such as CIS # Amazon Web Services Foundations. Contains security standard-related # finding details. # @return [Array] # # @!attribute [rw] verification_state # The veracity of a finding. # @return [Array] # # @!attribute [rw] workflow_state # The workflow state of a finding. # # Note that this field is deprecated. To search for a finding based on # its workflow status, use `WorkflowStatus`. # @return [Array] # # @!attribute [rw] workflow_status # The status of the investigation into a finding. Allowed values are # the following. # # * `NEW` - The initial state of a finding, before it is reviewed. # # Security Hub also resets the workflow status from `NOTIFIED` or # `RESOLVED` to `NEW` in the following cases: # # * `RecordState` changes from `ARCHIVED` to `ACTIVE`. # # * `Compliance.Status` changes from `PASSED` to either `WARNING`, # `FAILED`, or `NOT_AVAILABLE`. # # * `NOTIFIED` - Indicates that the resource owner has been notified # about the security issue. Used when the initial reviewer is not # the resource owner, and needs intervention from the resource # owner. # # If one of the following occurs, the workflow status is changed # automatically from `NOTIFIED` to `NEW`\: # # * `RecordState` changes from `ARCHIVED` to `ACTIVE`. # # * `Compliance.Status` changes from `PASSED` to `FAILED`, # `WARNING`, or `NOT_AVAILABLE`. # # * `SUPPRESSED` - Indicates that you reviewed the finding and do not # believe that any action is needed. # # The workflow status of a `SUPPRESSED` finding does not change if # `RecordState` changes from `ARCHIVED` to `ACTIVE`. # # * `RESOLVED` - The finding was reviewed and remediated and is now # considered resolved. # # The finding remains `RESOLVED` unless one of the following occurs: # # * `RecordState` changes from `ARCHIVED` to `ACTIVE`. # # * `Compliance.Status` changes from `PASSED` to `FAILED`, # `WARNING`, or `NOT_AVAILABLE`. # # In those cases, the workflow status is automatically reset to # `NEW`. # # For findings from controls, if `Compliance.Status` is `PASSED`, # then Security Hub automatically sets the workflow status to # `RESOLVED`. # @return [Array] # # @!attribute [rw] record_state # The updated record state for the finding. # @return [Array] # # @!attribute [rw] related_findings_product_arn # The ARN of the solution that generated a related finding. # @return [Array] # # @!attribute [rw] related_findings_id # The solution-generated identifier for a related finding. # @return [Array] # # @!attribute [rw] note_text # The text of a note. # @return [Array] # # @!attribute [rw] note_updated_at # The timestamp of when the note was updated. # @return [Array] # # @!attribute [rw] note_updated_by # The principal that created a note. # @return [Array] # # @!attribute [rw] keyword # A keyword for a finding. # @return [Array] # # @!attribute [rw] finding_provider_fields_confidence # The finding provider value for the finding confidence. Confidence is # defined as the likelihood that a finding accurately identifies the # behavior or issue that it was intended to identify. # # Confidence is scored on a 0-100 basis using a ratio scale, where 0 # means zero percent confidence and 100 means 100 percent confidence. # @return [Array] # # @!attribute [rw] finding_provider_fields_criticality # The finding provider value for the level of importance assigned to # the resources associated with the findings. # # A score of 0 means that the underlying resources have no # criticality, and a score of 100 is reserved for the most critical # resources. # @return [Array] # # @!attribute [rw] finding_provider_fields_related_findings_id # The finding identifier of a related finding that is identified by # the finding provider. # @return [Array] # # @!attribute [rw] finding_provider_fields_related_findings_product_arn # The ARN of the solution that generated a related finding that is # identified by the finding provider. # @return [Array] # # @!attribute [rw] finding_provider_fields_severity_label # The finding provider value for the severity label. # @return [Array] # # @!attribute [rw] finding_provider_fields_severity_original # The finding provider's original value for the severity. # @return [Array] # # @!attribute [rw] finding_provider_fields_types # One or more finding types that the finding provider assigned to the # finding. Uses the format of `namespace/category/classifier` that # classify a finding. # # Valid namespace values are: Software and Configuration Checks \| # TTPs \| Effects \| Unusual Behaviors \| Sensitive Data # Identifications # @return [Array] # # @!attribute [rw] sample # Indicates whether or not sample findings are included in the filter # results. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingFilters AWS API Documentation # class AwsSecurityFindingFilters < Struct.new( :product_arn, :aws_account_id, :id, :generator_id, :region, :type, :first_observed_at, :last_observed_at, :created_at, :updated_at, :severity_product, :severity_normalized, :severity_label, :confidence, :criticality, :title, :description, :recommendation_text, :source_url, :product_fields, :product_name, :company_name, :user_defined_fields, :malware_name, :malware_type, :malware_path, :malware_state, :network_direction, :network_protocol, :network_source_ip_v4, :network_source_ip_v6, :network_source_port, :network_source_domain, :network_source_mac, :network_destination_ip_v4, :network_destination_ip_v6, :network_destination_port, :network_destination_domain, :process_name, :process_path, :process_pid, :process_parent_pid, :process_launched_at, :process_terminated_at, :threat_intel_indicator_type, :threat_intel_indicator_value, :threat_intel_indicator_category, :threat_intel_indicator_last_observed_at, :threat_intel_indicator_source, :threat_intel_indicator_source_url, :resource_type, :resource_id, :resource_partition, :resource_region, :resource_tags, :resource_aws_ec2_instance_type, :resource_aws_ec2_instance_image_id, :resource_aws_ec2_instance_ip_v4_addresses, :resource_aws_ec2_instance_ip_v6_addresses, :resource_aws_ec2_instance_key_name, :resource_aws_ec2_instance_iam_instance_profile_arn, :resource_aws_ec2_instance_vpc_id, :resource_aws_ec2_instance_subnet_id, :resource_aws_ec2_instance_launched_at, :resource_aws_s3_bucket_owner_id, :resource_aws_s3_bucket_owner_name, :resource_aws_iam_access_key_user_name, :resource_aws_iam_access_key_principal_name, :resource_aws_iam_access_key_status, :resource_aws_iam_access_key_created_at, :resource_aws_iam_user_user_name, :resource_container_name, :resource_container_image_id, :resource_container_image_name, :resource_container_launched_at, :resource_details_other, :compliance_status, :verification_state, :workflow_state, :workflow_status, :record_state, :related_findings_product_arn, :related_findings_id, :note_text, :note_updated_at, :note_updated_by, :keyword, :finding_provider_fields_confidence, :finding_provider_fields_criticality, :finding_provider_fields_related_findings_id, :finding_provider_fields_related_findings_product_arn, :finding_provider_fields_severity_label, :finding_provider_fields_severity_original, :finding_provider_fields_types, :sample) SENSITIVE = [] include Aws::Structure end # Identifies a finding to update using `BatchUpdateFindings`. # # @note When making an API call, you may pass AwsSecurityFindingIdentifier # data as a hash: # # { # id: "NonEmptyString", # required # product_arn: "NonEmptyString", # required # } # # @!attribute [rw] id # The identifier of the finding that was specified by the finding # provider. # @return [String] # # @!attribute [rw] product_arn # The ARN generated by Security Hub that uniquely identifies a product # that generates findings. This can be the ARN for a third-party # product that is integrated with Security Hub, or the ARN for a # custom integration. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSecurityFindingIdentifier AWS API Documentation # class AwsSecurityFindingIdentifier < Struct.new( :id, :product_arn) SENSITIVE = [] include Aws::Structure end # A wrapper type for the topic's ARN. # # @note When making an API call, you may pass AwsSnsTopicDetails # data as a hash: # # { # kms_master_key_id: "NonEmptyString", # subscription: [ # { # endpoint: "NonEmptyString", # protocol: "NonEmptyString", # }, # ], # topic_name: "NonEmptyString", # owner: "NonEmptyString", # } # # @!attribute [rw] kms_master_key_id # The ID of an Amazon Web Services managed key for Amazon SNS or a # customer managed key. # @return [String] # # @!attribute [rw] subscription # Subscription is an embedded property that describes the subscription # endpoints of an SNS topic. # @return [Array] # # @!attribute [rw] topic_name # The name of the topic. # @return [String] # # @!attribute [rw] owner # The subscription's owner. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSnsTopicDetails AWS API Documentation # class AwsSnsTopicDetails < Struct.new( :kms_master_key_id, :subscription, :topic_name, :owner) SENSITIVE = [] include Aws::Structure end # A wrapper type for the attributes of an Amazon SNS subscription. # # @note When making an API call, you may pass AwsSnsTopicSubscription # data as a hash: # # { # endpoint: "NonEmptyString", # protocol: "NonEmptyString", # } # # @!attribute [rw] endpoint # The subscription's endpoint (format depends on the protocol). # @return [String] # # @!attribute [rw] protocol # The subscription's protocol. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSnsTopicSubscription AWS API Documentation # class AwsSnsTopicSubscription < Struct.new( :endpoint, :protocol) SENSITIVE = [] include Aws::Structure end # Data about a queue. # # @note When making an API call, you may pass AwsSqsQueueDetails # data as a hash: # # { # kms_data_key_reuse_period_seconds: 1, # kms_master_key_id: "NonEmptyString", # queue_name: "NonEmptyString", # dead_letter_target_arn: "NonEmptyString", # } # # @!attribute [rw] kms_data_key_reuse_period_seconds # The length of time, in seconds, for which Amazon SQS can reuse a # data key to encrypt or decrypt messages before calling KMS again. # @return [Integer] # # @!attribute [rw] kms_master_key_id # The ID of an Amazon Web Services managed key for Amazon SQS or a # custom KMS key. # @return [String] # # @!attribute [rw] queue_name # The name of the new queue. # @return [String] # # @!attribute [rw] dead_letter_target_arn # The ARN of the dead-letter queue to which Amazon SQS moves messages # after the value of `maxReceiveCount` is exceeded. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSqsQueueDetails AWS API Documentation # class AwsSqsQueueDetails < Struct.new( :kms_data_key_reuse_period_seconds, :kms_master_key_id, :queue_name, :dead_letter_target_arn) SENSITIVE = [] include Aws::Structure end # Provides the details about the compliance status for a patch. # # @note When making an API call, you may pass AwsSsmComplianceSummary # data as a hash: # # { # status: "NonEmptyString", # compliant_critical_count: 1, # compliant_high_count: 1, # compliant_medium_count: 1, # execution_type: "NonEmptyString", # non_compliant_critical_count: 1, # compliant_informational_count: 1, # non_compliant_informational_count: 1, # compliant_unspecified_count: 1, # non_compliant_low_count: 1, # non_compliant_high_count: 1, # compliant_low_count: 1, # compliance_type: "NonEmptyString", # patch_baseline_id: "NonEmptyString", # overall_severity: "NonEmptyString", # non_compliant_medium_count: 1, # non_compliant_unspecified_count: 1, # patch_group: "NonEmptyString", # } # # @!attribute [rw] status # The current patch compliance status. # # The possible status values are: # # * `COMPLIANT` # # * `NON_COMPLIANT` # # * `UNSPECIFIED_DATA` # @return [String] # # @!attribute [rw] compliant_critical_count # For the patches that are compliant, the number that have a severity # of `CRITICAL`. # @return [Integer] # # @!attribute [rw] compliant_high_count # For the patches that are compliant, the number that have a severity # of `HIGH`. # @return [Integer] # # @!attribute [rw] compliant_medium_count # For the patches that are compliant, the number that have a severity # of `MEDIUM`. # @return [Integer] # # @!attribute [rw] execution_type # The type of execution that was used determine compliance. # @return [String] # # @!attribute [rw] non_compliant_critical_count # For the patch items that are noncompliant, the number of items that # have a severity of `CRITICAL`. # @return [Integer] # # @!attribute [rw] compliant_informational_count # For the patches that are compliant, the number that have a severity # of `INFORMATIONAL`. # @return [Integer] # # @!attribute [rw] non_compliant_informational_count # For the patches that are noncompliant, the number that have a # severity of `INFORMATIONAL`. # @return [Integer] # # @!attribute [rw] compliant_unspecified_count # For the patches that are compliant, the number that have a severity # of `UNSPECIFIED`. # @return [Integer] # # @!attribute [rw] non_compliant_low_count # For the patches that are noncompliant, the number that have a # severity of `LOW`. # @return [Integer] # # @!attribute [rw] non_compliant_high_count # For the patches that are noncompliant, the number that have a # severity of `HIGH`. # @return [Integer] # # @!attribute [rw] compliant_low_count # For the patches that are compliant, the number that have a severity # of `LOW`. # @return [Integer] # # @!attribute [rw] compliance_type # The type of resource for which the compliance was determined. For # `AwsSsmPatchCompliance`, `ComplianceType` is `Patch`. # @return [String] # # @!attribute [rw] patch_baseline_id # The identifier of the patch baseline. The patch baseline lists the # patches that are approved for installation. # @return [String] # # @!attribute [rw] overall_severity # The highest severity for the patches. # @return [String] # # @!attribute [rw] non_compliant_medium_count # For the patches that are noncompliant, the number that have a # severity of `MEDIUM`. # @return [Integer] # # @!attribute [rw] non_compliant_unspecified_count # For the patches that are noncompliant, the number that have a # severity of `UNSPECIFIED`. # @return [Integer] # # @!attribute [rw] patch_group # The identifier of the patch group for which compliance was # determined. A patch group uses tags to group EC2 instances that # should have the same patch compliance. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmComplianceSummary AWS API Documentation # class AwsSsmComplianceSummary < Struct.new( :status, :compliant_critical_count, :compliant_high_count, :compliant_medium_count, :execution_type, :non_compliant_critical_count, :compliant_informational_count, :non_compliant_informational_count, :compliant_unspecified_count, :non_compliant_low_count, :non_compliant_high_count, :compliant_low_count, :compliance_type, :patch_baseline_id, :overall_severity, :non_compliant_medium_count, :non_compliant_unspecified_count, :patch_group) SENSITIVE = [] include Aws::Structure end # Provides details about the compliance for a patch. # # @note When making an API call, you may pass AwsSsmPatch # data as a hash: # # { # compliance_summary: { # status: "NonEmptyString", # compliant_critical_count: 1, # compliant_high_count: 1, # compliant_medium_count: 1, # execution_type: "NonEmptyString", # non_compliant_critical_count: 1, # compliant_informational_count: 1, # non_compliant_informational_count: 1, # compliant_unspecified_count: 1, # non_compliant_low_count: 1, # non_compliant_high_count: 1, # compliant_low_count: 1, # compliance_type: "NonEmptyString", # patch_baseline_id: "NonEmptyString", # overall_severity: "NonEmptyString", # non_compliant_medium_count: 1, # non_compliant_unspecified_count: 1, # patch_group: "NonEmptyString", # }, # } # # @!attribute [rw] compliance_summary # The compliance status details for the patch. # @return [Types::AwsSsmComplianceSummary] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmPatch AWS API Documentation # class AwsSsmPatch < Struct.new( :compliance_summary) SENSITIVE = [] include Aws::Structure end # Provides information about the state of a patch on an instance based # on the patch baseline that was used to patch the instance. # # @note When making an API call, you may pass AwsSsmPatchComplianceDetails # data as a hash: # # { # patch: { # compliance_summary: { # status: "NonEmptyString", # compliant_critical_count: 1, # compliant_high_count: 1, # compliant_medium_count: 1, # execution_type: "NonEmptyString", # non_compliant_critical_count: 1, # compliant_informational_count: 1, # non_compliant_informational_count: 1, # compliant_unspecified_count: 1, # non_compliant_low_count: 1, # non_compliant_high_count: 1, # compliant_low_count: 1, # compliance_type: "NonEmptyString", # patch_baseline_id: "NonEmptyString", # overall_severity: "NonEmptyString", # non_compliant_medium_count: 1, # non_compliant_unspecified_count: 1, # patch_group: "NonEmptyString", # }, # }, # } # # @!attribute [rw] patch # Information about the status of a patch. # @return [Types::AwsSsmPatch] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsSsmPatchComplianceDetails AWS API Documentation # class AwsSsmPatchComplianceDetails < Struct.new( :patch) SENSITIVE = [] include Aws::Structure end # Details about a rate-based rule for global resources. A rate-based # rule provides settings to indicate when to allow, block, or count a # request. Rate-based rules include the number of requests that arrive # over a specified period of time. # # @note When making an API call, you may pass AwsWafRateBasedRuleDetails # data as a hash: # # { # metric_name: "NonEmptyString", # name: "NonEmptyString", # rate_key: "NonEmptyString", # rate_limit: 1, # rule_id: "NonEmptyString", # match_predicates: [ # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # }, # ], # } # # @!attribute [rw] metric_name # The name of the metrics for the rate-based rule. # @return [String] # # @!attribute [rw] name # The name of the rate-based rule. # @return [String] # # @!attribute [rw] rate_key # The field that WAF uses to determine whether requests are likely # arriving from single source and are subject to rate monitoring. # @return [String] # # @!attribute [rw] rate_limit # The maximum number of requests that have an identical value for the # field specified in `RateKey` that are allowed within a five-minute # period. If the number of requests exceeds `RateLimit` and the other # predicates specified in the rule are met, WAF triggers the action # for the rule. # @return [Integer] # # @!attribute [rw] rule_id # The unique identifier for the rate-based rule. # @return [String] # # @!attribute [rw] match_predicates # The predicates to include in the rate-based rule. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRateBasedRuleDetails AWS API Documentation # class AwsWafRateBasedRuleDetails < Struct.new( :metric_name, :name, :rate_key, :rate_limit, :rule_id, :match_predicates) SENSITIVE = [] include Aws::Structure end # A match predicate. A predicate might look for characteristics such as # specific IP addresses, geographic locations, or sizes. # # @note When making an API call, you may pass AwsWafRateBasedRuleMatchPredicate # data as a hash: # # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # } # # @!attribute [rw] data_id # The unique identifier for the predicate. # @return [String] # # @!attribute [rw] negated # If set to `true`, then the rule actions are performed on requests # that match the predicate settings. # # If set to `false`, then the rule actions are performed on all # requests except those that match the predicate settings. # @return [Boolean] # # @!attribute [rw] type # The type of predicate. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRateBasedRuleMatchPredicate AWS API Documentation # class AwsWafRateBasedRuleMatchPredicate < Struct.new( :data_id, :negated, :type) SENSITIVE = [] include Aws::Structure end # contains details about a rate-based rule for Regional resources. A # rate-based rule provides settings to indicate when to allow, block, or # count a request. Rate-based rules include the number of requests that # arrive over a specified period of time. # # @note When making an API call, you may pass AwsWafRegionalRateBasedRuleDetails # data as a hash: # # { # metric_name: "NonEmptyString", # name: "NonEmptyString", # rate_key: "NonEmptyString", # rate_limit: 1, # rule_id: "NonEmptyString", # match_predicates: [ # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # }, # ], # } # # @!attribute [rw] metric_name # The name of the metrics for the rate-based rule. # @return [String] # # @!attribute [rw] name # The name of the rate-based rule. # @return [String] # # @!attribute [rw] rate_key # The field that WAF uses to determine whether requests are likely # arriving from single source and are subject to rate monitoring. # @return [String] # # @!attribute [rw] rate_limit # The maximum number of requests that have an identical value for the # field specified in `RateKey` that are allowed within a five-minute # period. If the number of requests exceeds `RateLimit` and the other # predicates specified in the rule are met, WAF triggers the action # for the rule. # @return [Integer] # # @!attribute [rw] rule_id # The unique identifier for the rate-based rule. # @return [String] # # @!attribute [rw] match_predicates # The predicates to include in the rate-based rule. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalRateBasedRuleDetails AWS API Documentation # class AwsWafRegionalRateBasedRuleDetails < Struct.new( :metric_name, :name, :rate_key, :rate_limit, :rule_id, :match_predicates) SENSITIVE = [] include Aws::Structure end # Details for a match predicate. A predicate might look for # characteristics such as specific IP addresses, geographic locations, # or sizes. # # @note When making an API call, you may pass AwsWafRegionalRateBasedRuleMatchPredicate # data as a hash: # # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # } # # @!attribute [rw] data_id # The unique identifier for the predicate. # @return [String] # # @!attribute [rw] negated # If set to `true`, then the rule actions are performed on requests # that match the predicate settings. # # If set to `false`, then the rule actions are performed on all # requests except those that match the predicate settings. # @return [Boolean] # # @!attribute [rw] type # The type of predicate. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafRegionalRateBasedRuleMatchPredicate AWS API Documentation # class AwsWafRegionalRateBasedRuleMatchPredicate < Struct.new( :data_id, :negated, :type) SENSITIVE = [] include Aws::Structure end # Details about an WAF WebACL. # # @note When making an API call, you may pass AwsWafWebAclDetails # data as a hash: # # { # name: "NonEmptyString", # default_action: "NonEmptyString", # rules: [ # { # action: { # type: "NonEmptyString", # }, # excluded_rules: [ # { # rule_id: "NonEmptyString", # }, # ], # override_action: { # type: "NonEmptyString", # }, # priority: 1, # rule_id: "NonEmptyString", # type: "NonEmptyString", # }, # ], # web_acl_id: "NonEmptyString", # } # # @!attribute [rw] name # A friendly name or description of the WebACL. You can't change the # name of a WebACL after you create it. # @return [String] # # @!attribute [rw] default_action # The action to perform if none of the rules contained in the WebACL # match. # @return [String] # # @!attribute [rw] rules # An array that contains the action for each rule in a WebACL, the # priority of the rule, and the ID of the rule. # @return [Array] # # @!attribute [rw] web_acl_id # A unique identifier for a WebACL. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafWebAclDetails AWS API Documentation # class AwsWafWebAclDetails < Struct.new( :name, :default_action, :rules, :web_acl_id) SENSITIVE = [] include Aws::Structure end # Details for a rule in an WAF WebACL. # # @note When making an API call, you may pass AwsWafWebAclRule # data as a hash: # # { # action: { # type: "NonEmptyString", # }, # excluded_rules: [ # { # rule_id: "NonEmptyString", # }, # ], # override_action: { # type: "NonEmptyString", # }, # priority: 1, # rule_id: "NonEmptyString", # type: "NonEmptyString", # } # # @!attribute [rw] action # Specifies the action that CloudFront or WAF takes when a web request # matches the conditions in the rule. # @return [Types::WafAction] # # @!attribute [rw] excluded_rules # Rules to exclude from a rule group. # @return [Array] # # @!attribute [rw] override_action # Use the `OverrideAction` to test your RuleGroup. # # Any rule in a RuleGroup can potentially block a request. If you set # the `OverrideAction` to `None`, the RuleGroup blocks a request if # any individual rule in the RuleGroup matches the request and is # configured to block that request. # # However, if you first want to test the RuleGroup, set the # `OverrideAction` to `Count`. The RuleGroup then overrides any block # action specified by individual rules contained within the group. # Instead of blocking matching requests, those requests are counted. # # `ActivatedRule`\|`OverrideAction` applies only when updating or # adding a RuleGroup to a WebACL. In this case you do not use # `ActivatedRule`\|`Action`. For all other update requests, # `ActivatedRule`\|`Action` is used instead of # `ActivatedRule`\|`OverrideAction`. # @return [Types::WafOverrideAction] # # @!attribute [rw] priority # Specifies the order in which the rules in a WebACL are evaluated. # Rules with a lower value for `Priority` are evaluated before rules # with a higher value. The value must be a unique integer. If you add # multiple rules to a WebACL, the values do not need to be # consecutive. # @return [Integer] # # @!attribute [rw] rule_id # The identifier for a rule. # @return [String] # # @!attribute [rw] type # The rule type. # # Valid values: `REGULAR` \| `RATE_BASED` \| `GROUP` # # The default is `REGULAR`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsWafWebAclRule AWS API Documentation # class AwsWafWebAclRule < Struct.new( :action, :excluded_rules, :override_action, :priority, :rule_id, :type) SENSITIVE = [] include Aws::Structure end # Information about the encryption configuration for X-Ray. # # @note When making an API call, you may pass AwsXrayEncryptionConfigDetails # data as a hash: # # { # key_id: "NonEmptyString", # status: "NonEmptyString", # type: "NonEmptyString", # } # # @!attribute [rw] key_id # The identifier of the KMS key that is used for encryption. Provided # if `Type` is `KMS`. # @return [String] # # @!attribute [rw] status # The current status of the encryption configuration. When `Status` is # `UPDATING`, X-Ray might use both the old and new encryption. # @return [String] # # @!attribute [rw] type # The type of encryption. `KMS` indicates that the encryption uses KMS # keys. `NONE` indicates to use the default encryption. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AwsXrayEncryptionConfigDetails AWS API Documentation # class AwsXrayEncryptionConfigDetails < Struct.new( :key_id, :status, :type) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass BatchDisableStandardsRequest # data as a hash: # # { # standards_subscription_arns: ["NonEmptyString"], # required # } # # @!attribute [rw] standards_subscription_arns # The ARNs of the standards subscriptions to disable. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchDisableStandardsRequest AWS API Documentation # class BatchDisableStandardsRequest < Struct.new( :standards_subscription_arns) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] standards_subscriptions # The details of the standards subscriptions that were disabled. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchDisableStandardsResponse AWS API Documentation # class BatchDisableStandardsResponse < Struct.new( :standards_subscriptions) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass BatchEnableStandardsRequest # data as a hash: # # { # standards_subscription_requests: [ # required # { # standards_arn: "NonEmptyString", # required # standards_input: { # "NonEmptyString" => "NonEmptyString", # }, # }, # ], # } # # @!attribute [rw] standards_subscription_requests # The list of standards checks to enable. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchEnableStandardsRequest AWS API Documentation # class BatchEnableStandardsRequest < Struct.new( :standards_subscription_requests) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] standards_subscriptions # The details of the standards subscriptions that were enabled. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchEnableStandardsResponse AWS API Documentation # class BatchEnableStandardsResponse < Struct.new( :standards_subscriptions) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass BatchImportFindingsRequest # data as a hash: # # { # findings: [ # required # { # schema_version: "NonEmptyString", # required # id: "NonEmptyString", # required # product_arn: "NonEmptyString", # required # product_name: "NonEmptyString", # company_name: "NonEmptyString", # region: "NonEmptyString", # generator_id: "NonEmptyString", # required # aws_account_id: "NonEmptyString", # required # types: ["NonEmptyString"], # first_observed_at: "NonEmptyString", # last_observed_at: "NonEmptyString", # created_at: "NonEmptyString", # required # updated_at: "NonEmptyString", # required # severity: { # product: 1.0, # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL # normalized: 1, # original: "NonEmptyString", # }, # confidence: 1, # criticality: 1, # title: "NonEmptyString", # required # description: "NonEmptyString", # required # remediation: { # recommendation: { # text: "NonEmptyString", # url: "NonEmptyString", # }, # }, # source_url: "NonEmptyString", # product_fields: { # "NonEmptyString" => "NonEmptyString", # }, # user_defined_fields: { # "NonEmptyString" => "NonEmptyString", # }, # malware: [ # { # name: "NonEmptyString", # required # type: "ADWARE", # accepts ADWARE, BLENDED_THREAT, BOTNET_AGENT, COIN_MINER, EXPLOIT_KIT, KEYLOGGER, MACRO, POTENTIALLY_UNWANTED, SPYWARE, RANSOMWARE, REMOTE_ACCESS, ROOTKIT, TROJAN, VIRUS, WORM # path: "NonEmptyString", # state: "OBSERVED", # accepts OBSERVED, REMOVAL_FAILED, REMOVED # }, # ], # network: { # direction: "IN", # accepts IN, OUT # protocol: "NonEmptyString", # open_port_range: { # begin: 1, # end: 1, # }, # source_ip_v4: "NonEmptyString", # source_ip_v6: "NonEmptyString", # source_port: 1, # source_domain: "NonEmptyString", # source_mac: "NonEmptyString", # destination_ip_v4: "NonEmptyString", # destination_ip_v6: "NonEmptyString", # destination_port: 1, # destination_domain: "NonEmptyString", # }, # network_path: [ # { # component_id: "NonEmptyString", # component_type: "NonEmptyString", # egress: { # protocol: "NonEmptyString", # destination: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # source: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # }, # ingress: { # protocol: "NonEmptyString", # destination: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # source: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # }, # }, # ], # process: { # name: "NonEmptyString", # path: "NonEmptyString", # pid: 1, # parent_pid: 1, # launched_at: "NonEmptyString", # terminated_at: "NonEmptyString", # }, # threat_intel_indicators: [ # { # type: "DOMAIN", # accepts DOMAIN, EMAIL_ADDRESS, HASH_MD5, HASH_SHA1, HASH_SHA256, HASH_SHA512, IPV4_ADDRESS, IPV6_ADDRESS, MUTEX, PROCESS, URL # value: "NonEmptyString", # category: "BACKDOOR", # accepts BACKDOOR, CARD_STEALER, COMMAND_AND_CONTROL, DROP_SITE, EXPLOIT_SITE, KEYLOGGER # last_observed_at: "NonEmptyString", # source: "NonEmptyString", # source_url: "NonEmptyString", # }, # ], # resources: [ # required # { # type: "NonEmptyString", # required # id: "NonEmptyString", # required # partition: "aws", # accepts aws, aws-cn, aws-us-gov # region: "NonEmptyString", # resource_role: "NonEmptyString", # tags: { # "NonEmptyString" => "NonEmptyString", # }, # data_classification: { # detailed_results_location: "NonEmptyString", # result: { # mime_type: "NonEmptyString", # size_classified: 1, # additional_occurrences: false, # status: { # code: "NonEmptyString", # reason: "NonEmptyString", # }, # sensitive_data: [ # { # category: "NonEmptyString", # detections: [ # { # count: 1, # type: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # }, # ], # custom_data_identifiers: { # detections: [ # { # count: 1, # arn: "NonEmptyString", # name: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # }, # }, # }, # details: { # aws_auto_scaling_auto_scaling_group: { # launch_configuration_name: "NonEmptyString", # load_balancer_names: ["NonEmptyString"], # health_check_type: "NonEmptyString", # health_check_grace_period: 1, # created_time: "NonEmptyString", # mixed_instances_policy: { # instances_distribution: { # on_demand_allocation_strategy: "NonEmptyString", # on_demand_base_capacity: 1, # on_demand_percentage_above_base_capacity: 1, # spot_allocation_strategy: "NonEmptyString", # spot_instance_pools: 1, # spot_max_price: "NonEmptyString", # }, # launch_template: { # launch_template_specification: { # launch_template_id: "NonEmptyString", # launch_template_name: "NonEmptyString", # version: "NonEmptyString", # }, # overrides: [ # { # instance_type: "NonEmptyString", # weighted_capacity: "NonEmptyString", # }, # ], # }, # }, # availability_zones: [ # { # value: "NonEmptyString", # }, # ], # }, # aws_code_build_project: { # encryption_key: "NonEmptyString", # artifacts: [ # { # artifact_identifier: "NonEmptyString", # encryption_disabled: false, # location: "NonEmptyString", # name: "NonEmptyString", # namespace_type: "NonEmptyString", # override_artifact_name: false, # packaging: "NonEmptyString", # path: "NonEmptyString", # type: "NonEmptyString", # }, # ], # environment: { # certificate: "NonEmptyString", # environment_variables: [ # { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # privileged_mode: false, # image_pull_credentials_type: "NonEmptyString", # registry_credential: { # credential: "NonEmptyString", # credential_provider: "NonEmptyString", # }, # type: "NonEmptyString", # }, # name: "NonEmptyString", # source: { # type: "NonEmptyString", # location: "NonEmptyString", # git_clone_depth: 1, # insecure_ssl: false, # }, # service_role: "NonEmptyString", # logs_config: { # cloud_watch_logs: { # group_name: "NonEmptyString", # status: "NonEmptyString", # stream_name: "NonEmptyString", # }, # s3_logs: { # encryption_disabled: false, # location: "NonEmptyString", # status: "NonEmptyString", # }, # }, # vpc_config: { # vpc_id: "NonEmptyString", # subnets: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # }, # }, # aws_cloud_front_distribution: { # cache_behaviors: { # items: [ # { # viewer_protocol_policy: "NonEmptyString", # }, # ], # }, # default_cache_behavior: { # viewer_protocol_policy: "NonEmptyString", # }, # default_root_object: "NonEmptyString", # domain_name: "NonEmptyString", # etag: "NonEmptyString", # last_modified_time: "NonEmptyString", # logging: { # bucket: "NonEmptyString", # enabled: false, # include_cookies: false, # prefix: "NonEmptyString", # }, # origins: { # items: [ # { # domain_name: "NonEmptyString", # id: "NonEmptyString", # origin_path: "NonEmptyString", # s3_origin_config: { # origin_access_identity: "NonEmptyString", # }, # }, # ], # }, # origin_groups: { # items: [ # { # failover_criteria: { # status_codes: { # items: [1], # quantity: 1, # }, # }, # }, # ], # }, # viewer_certificate: { # acm_certificate_arn: "NonEmptyString", # certificate: "NonEmptyString", # certificate_source: "NonEmptyString", # cloud_front_default_certificate: false, # iam_certificate_id: "NonEmptyString", # minimum_protocol_version: "NonEmptyString", # ssl_support_method: "NonEmptyString", # }, # status: "NonEmptyString", # web_acl_id: "NonEmptyString", # }, # aws_ec2_instance: { # type: "NonEmptyString", # image_id: "NonEmptyString", # ip_v4_addresses: ["NonEmptyString"], # ip_v6_addresses: ["NonEmptyString"], # key_name: "NonEmptyString", # iam_instance_profile_arn: "NonEmptyString", # vpc_id: "NonEmptyString", # subnet_id: "NonEmptyString", # launched_at: "NonEmptyString", # network_interfaces: [ # { # network_interface_id: "NonEmptyString", # }, # ], # }, # aws_ec2_network_interface: { # attachment: { # attach_time: "NonEmptyString", # attachment_id: "NonEmptyString", # delete_on_termination: false, # device_index: 1, # instance_id: "NonEmptyString", # instance_owner_id: "NonEmptyString", # status: "NonEmptyString", # }, # network_interface_id: "NonEmptyString", # security_groups: [ # { # group_name: "NonEmptyString", # group_id: "NonEmptyString", # }, # ], # source_dest_check: false, # ip_v6_addresses: [ # { # ip_v6_address: "NonEmptyString", # }, # ], # private_ip_addresses: [ # { # private_ip_address: "NonEmptyString", # private_dns_name: "NonEmptyString", # }, # ], # public_dns_name: "NonEmptyString", # public_ip: "NonEmptyString", # }, # aws_ec2_security_group: { # group_name: "NonEmptyString", # group_id: "NonEmptyString", # owner_id: "NonEmptyString", # vpc_id: "NonEmptyString", # ip_permissions: [ # { # ip_protocol: "NonEmptyString", # from_port: 1, # to_port: 1, # user_id_group_pairs: [ # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # }, # ], # ip_ranges: [ # { # cidr_ip: "NonEmptyString", # }, # ], # ipv_6_ranges: [ # { # cidr_ipv_6: "NonEmptyString", # }, # ], # prefix_list_ids: [ # { # prefix_list_id: "NonEmptyString", # }, # ], # }, # ], # ip_permissions_egress: [ # { # ip_protocol: "NonEmptyString", # from_port: 1, # to_port: 1, # user_id_group_pairs: [ # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # }, # ], # ip_ranges: [ # { # cidr_ip: "NonEmptyString", # }, # ], # ipv_6_ranges: [ # { # cidr_ipv_6: "NonEmptyString", # }, # ], # prefix_list_ids: [ # { # prefix_list_id: "NonEmptyString", # }, # ], # }, # ], # }, # aws_ec2_volume: { # create_time: "NonEmptyString", # encrypted: false, # size: 1, # snapshot_id: "NonEmptyString", # status: "NonEmptyString", # kms_key_id: "NonEmptyString", # attachments: [ # { # attach_time: "NonEmptyString", # delete_on_termination: false, # instance_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # }, # aws_ec2_vpc: { # cidr_block_association_set: [ # { # association_id: "NonEmptyString", # cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # ipv_6_cidr_block_association_set: [ # { # association_id: "NonEmptyString", # ipv_6_cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # dhcp_options_id: "NonEmptyString", # state: "NonEmptyString", # }, # aws_ec2_eip: { # instance_id: "NonEmptyString", # public_ip: "NonEmptyString", # allocation_id: "NonEmptyString", # association_id: "NonEmptyString", # domain: "NonEmptyString", # public_ipv_4_pool: "NonEmptyString", # network_border_group: "NonEmptyString", # network_interface_id: "NonEmptyString", # network_interface_owner_id: "NonEmptyString", # private_ip_address: "NonEmptyString", # }, # aws_ec2_subnet: { # assign_ipv_6_address_on_creation: false, # availability_zone: "NonEmptyString", # availability_zone_id: "NonEmptyString", # available_ip_address_count: 1, # cidr_block: "NonEmptyString", # default_for_az: false, # map_public_ip_on_launch: false, # owner_id: "NonEmptyString", # state: "NonEmptyString", # subnet_arn: "NonEmptyString", # subnet_id: "NonEmptyString", # vpc_id: "NonEmptyString", # ipv_6_cidr_block_association_set: [ # { # association_id: "NonEmptyString", # ipv_6_cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # }, # aws_ec2_network_acl: { # is_default: false, # network_acl_id: "NonEmptyString", # owner_id: "NonEmptyString", # vpc_id: "NonEmptyString", # associations: [ # { # network_acl_association_id: "NonEmptyString", # network_acl_id: "NonEmptyString", # subnet_id: "NonEmptyString", # }, # ], # entries: [ # { # cidr_block: "NonEmptyString", # egress: false, # icmp_type_code: { # code: 1, # type: 1, # }, # ipv_6_cidr_block: "NonEmptyString", # port_range: { # from: 1, # to: 1, # }, # protocol: "NonEmptyString", # rule_action: "NonEmptyString", # rule_number: 1, # }, # ], # }, # aws_elbv_2_load_balancer: { # availability_zones: [ # { # zone_name: "NonEmptyString", # subnet_id: "NonEmptyString", # }, # ], # canonical_hosted_zone_id: "NonEmptyString", # created_time: "NonEmptyString", # dns_name: "NonEmptyString", # ip_address_type: "NonEmptyString", # scheme: "NonEmptyString", # security_groups: ["NonEmptyString"], # state: { # code: "NonEmptyString", # reason: "NonEmptyString", # }, # type: "NonEmptyString", # vpc_id: "NonEmptyString", # load_balancer_attributes: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # }, # ], # }, # aws_elastic_beanstalk_environment: { # application_name: "NonEmptyString", # cname: "NonEmptyString", # date_created: "NonEmptyString", # date_updated: "NonEmptyString", # description: "NonEmptyString", # endpoint_url: "NonEmptyString", # environment_arn: "NonEmptyString", # environment_id: "NonEmptyString", # environment_links: [ # { # environment_name: "NonEmptyString", # link_name: "NonEmptyString", # }, # ], # environment_name: "NonEmptyString", # option_settings: [ # { # namespace: "NonEmptyString", # option_name: "NonEmptyString", # resource_name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # platform_arn: "NonEmptyString", # solution_stack_name: "NonEmptyString", # status: "NonEmptyString", # tier: { # name: "NonEmptyString", # type: "NonEmptyString", # version: "NonEmptyString", # }, # version_label: "NonEmptyString", # }, # aws_elasticsearch_domain: { # access_policies: "NonEmptyString", # domain_endpoint_options: { # enforce_https: false, # tls_security_policy: "NonEmptyString", # }, # domain_id: "NonEmptyString", # domain_name: "NonEmptyString", # endpoint: "NonEmptyString", # endpoints: { # "NonEmptyString" => "NonEmptyString", # }, # elasticsearch_version: "NonEmptyString", # elasticsearch_cluster_config: { # dedicated_master_count: 1, # dedicated_master_enabled: false, # dedicated_master_type: "NonEmptyString", # instance_count: 1, # instance_type: "NonEmptyString", # zone_awareness_config: { # availability_zone_count: 1, # }, # zone_awareness_enabled: false, # }, # encryption_at_rest_options: { # enabled: false, # kms_key_id: "NonEmptyString", # }, # log_publishing_options: { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # }, # node_to_node_encryption_options: { # enabled: false, # }, # service_software_options: { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # }, # vpc_options: { # availability_zones: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # }, # aws_s3_bucket: { # owner_id: "NonEmptyString", # owner_name: "NonEmptyString", # owner_account_id: "NonEmptyString", # created_at: "NonEmptyString", # server_side_encryption_configuration: { # rules: [ # { # apply_server_side_encryption_by_default: { # sse_algorithm: "NonEmptyString", # kms_master_key_id: "NonEmptyString", # }, # }, # ], # }, # bucket_lifecycle_configuration: { # rules: [ # { # abort_incomplete_multipart_upload: { # days_after_initiation: 1, # }, # expiration_date: "NonEmptyString", # expiration_in_days: 1, # expired_object_delete_marker: false, # filter: { # predicate: { # operands: [ # { # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # }, # id: "NonEmptyString", # noncurrent_version_expiration_in_days: 1, # noncurrent_version_transitions: [ # { # days: 1, # storage_class: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # status: "NonEmptyString", # transitions: [ # { # date: "NonEmptyString", # days: 1, # storage_class: "NonEmptyString", # }, # ], # }, # ], # }, # public_access_block_configuration: { # block_public_acls: false, # block_public_policy: false, # ignore_public_acls: false, # restrict_public_buckets: false, # }, # access_control_list: "NonEmptyString", # bucket_logging_configuration: { # destination_bucket_name: "NonEmptyString", # log_file_prefix: "NonEmptyString", # }, # bucket_website_configuration: { # error_document: "NonEmptyString", # index_document_suffix: "NonEmptyString", # redirect_all_requests_to: { # hostname: "NonEmptyString", # protocol: "NonEmptyString", # }, # routing_rules: [ # { # condition: { # http_error_code_returned_equals: "NonEmptyString", # key_prefix_equals: "NonEmptyString", # }, # redirect: { # hostname: "NonEmptyString", # http_redirect_code: "NonEmptyString", # protocol: "NonEmptyString", # replace_key_prefix_with: "NonEmptyString", # replace_key_with: "NonEmptyString", # }, # }, # ], # }, # bucket_notification_configuration: { # configurations: [ # { # events: ["NonEmptyString"], # filter: { # s3_key_filter: { # filter_rules: [ # { # name: "Prefix", # accepts Prefix, Suffix # value: "NonEmptyString", # }, # ], # }, # }, # destination: "NonEmptyString", # type: "NonEmptyString", # }, # ], # }, # bucket_versioning_configuration: { # is_mfa_delete_enabled: false, # status: "NonEmptyString", # }, # }, # aws_s3_account_public_access_block: { # block_public_acls: false, # block_public_policy: false, # ignore_public_acls: false, # restrict_public_buckets: false, # }, # aws_s3_object: { # last_modified: "NonEmptyString", # etag: "NonEmptyString", # version_id: "NonEmptyString", # content_type: "NonEmptyString", # server_side_encryption: "NonEmptyString", # ssekms_key_id: "NonEmptyString", # }, # aws_secrets_manager_secret: { # rotation_rules: { # automatically_after_days: 1, # }, # rotation_occurred_within_frequency: false, # kms_key_id: "NonEmptyString", # rotation_enabled: false, # rotation_lambda_arn: "NonEmptyString", # deleted: false, # name: "NonEmptyString", # description: "NonEmptyString", # }, # aws_iam_access_key: { # user_name: "NonEmptyString", # status: "Active", # accepts Active, Inactive # created_at: "NonEmptyString", # principal_id: "NonEmptyString", # principal_type: "NonEmptyString", # principal_name: "NonEmptyString", # account_id: "NonEmptyString", # access_key_id: "NonEmptyString", # session_context: { # attributes: { # mfa_authenticated: false, # creation_date: "NonEmptyString", # }, # session_issuer: { # type: "NonEmptyString", # principal_id: "NonEmptyString", # arn: "NonEmptyString", # account_id: "NonEmptyString", # user_name: "NonEmptyString", # }, # }, # }, # aws_iam_user: { # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # group_list: ["NonEmptyString"], # path: "NonEmptyString", # permissions_boundary: { # permissions_boundary_arn: "NonEmptyString", # permissions_boundary_type: "NonEmptyString", # }, # user_id: "NonEmptyString", # user_name: "NonEmptyString", # user_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # }, # aws_iam_policy: { # attachment_count: 1, # create_date: "NonEmptyString", # default_version_id: "NonEmptyString", # description: "NonEmptyString", # is_attachable: false, # path: "NonEmptyString", # permissions_boundary_usage_count: 1, # policy_id: "NonEmptyString", # policy_name: "NonEmptyString", # policy_version_list: [ # { # version_id: "NonEmptyString", # is_default_version: false, # create_date: "NonEmptyString", # }, # ], # update_date: "NonEmptyString", # }, # aws_api_gateway_v2_stage: { # client_certificate_id: "NonEmptyString", # created_date: "NonEmptyString", # description: "NonEmptyString", # default_route_settings: { # detailed_metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # }, # deployment_id: "NonEmptyString", # last_updated_date: "NonEmptyString", # route_settings: { # detailed_metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # }, # stage_name: "NonEmptyString", # stage_variables: { # "NonEmptyString" => "NonEmptyString", # }, # access_log_settings: { # format: "NonEmptyString", # destination_arn: "NonEmptyString", # }, # auto_deploy: false, # last_deployment_status_message: "NonEmptyString", # api_gateway_managed: false, # }, # aws_api_gateway_v2_api: { # api_endpoint: "NonEmptyString", # api_id: "NonEmptyString", # api_key_selection_expression: "NonEmptyString", # created_date: "NonEmptyString", # description: "NonEmptyString", # version: "NonEmptyString", # name: "NonEmptyString", # protocol_type: "NonEmptyString", # route_selection_expression: "NonEmptyString", # cors_configuration: { # allow_origins: ["NonEmptyString"], # allow_credentials: false, # expose_headers: ["NonEmptyString"], # max_age: 1, # allow_methods: ["NonEmptyString"], # allow_headers: ["NonEmptyString"], # }, # }, # aws_dynamo_db_table: { # attribute_definitions: [ # { # attribute_name: "NonEmptyString", # attribute_type: "NonEmptyString", # }, # ], # billing_mode_summary: { # billing_mode: "NonEmptyString", # last_update_to_pay_per_request_date_time: "NonEmptyString", # }, # creation_date_time: "NonEmptyString", # global_secondary_indexes: [ # { # backfilling: false, # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # index_size_bytes: 1, # index_status: "NonEmptyString", # item_count: 1, # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # provisioned_throughput: { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # }, # }, # ], # global_table_version: "NonEmptyString", # item_count: 1, # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # latest_stream_arn: "NonEmptyString", # latest_stream_label: "NonEmptyString", # local_secondary_indexes: [ # { # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # }, # ], # provisioned_throughput: { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # }, # replicas: [ # { # global_secondary_indexes: [ # { # index_name: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # }, # ], # kms_master_key_id: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # region_name: "NonEmptyString", # replica_status: "NonEmptyString", # replica_status_description: "NonEmptyString", # }, # ], # restore_summary: { # source_backup_arn: "NonEmptyString", # source_table_arn: "NonEmptyString", # restore_date_time: "NonEmptyString", # restore_in_progress: false, # }, # sse_description: { # inaccessible_encryption_date_time: "NonEmptyString", # status: "NonEmptyString", # sse_type: "NonEmptyString", # kms_master_key_arn: "NonEmptyString", # }, # stream_specification: { # stream_enabled: false, # stream_view_type: "NonEmptyString", # }, # table_id: "NonEmptyString", # table_name: "NonEmptyString", # table_size_bytes: 1, # table_status: "NonEmptyString", # }, # aws_api_gateway_stage: { # deployment_id: "NonEmptyString", # client_certificate_id: "NonEmptyString", # stage_name: "NonEmptyString", # description: "NonEmptyString", # cache_cluster_enabled: false, # cache_cluster_size: "NonEmptyString", # cache_cluster_status: "NonEmptyString", # method_settings: [ # { # metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # caching_enabled: false, # cache_ttl_in_seconds: 1, # cache_data_encrypted: false, # require_authorization_for_cache_control: false, # unauthorized_cache_control_header_strategy: "NonEmptyString", # http_method: "NonEmptyString", # resource_path: "NonEmptyString", # }, # ], # variables: { # "NonEmptyString" => "NonEmptyString", # }, # documentation_version: "NonEmptyString", # access_log_settings: { # format: "NonEmptyString", # destination_arn: "NonEmptyString", # }, # canary_settings: { # percent_traffic: 1.0, # deployment_id: "NonEmptyString", # stage_variable_overrides: { # "NonEmptyString" => "NonEmptyString", # }, # use_stage_cache: false, # }, # tracing_enabled: false, # created_date: "NonEmptyString", # last_updated_date: "NonEmptyString", # web_acl_arn: "NonEmptyString", # }, # aws_api_gateway_rest_api: { # id: "NonEmptyString", # name: "NonEmptyString", # description: "NonEmptyString", # created_date: "NonEmptyString", # version: "NonEmptyString", # binary_media_types: ["NonEmptyString"], # minimum_compression_size: 1, # api_key_source: "NonEmptyString", # endpoint_configuration: { # types: ["NonEmptyString"], # }, # }, # aws_cloud_trail_trail: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # cloud_watch_logs_role_arn: "NonEmptyString", # has_custom_event_selectors: false, # home_region: "NonEmptyString", # include_global_service_events: false, # is_multi_region_trail: false, # is_organization_trail: false, # kms_key_id: "NonEmptyString", # log_file_validation_enabled: false, # name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_key_prefix: "NonEmptyString", # sns_topic_arn: "NonEmptyString", # sns_topic_name: "NonEmptyString", # trail_arn: "NonEmptyString", # }, # aws_ssm_patch_compliance: { # patch: { # compliance_summary: { # status: "NonEmptyString", # compliant_critical_count: 1, # compliant_high_count: 1, # compliant_medium_count: 1, # execution_type: "NonEmptyString", # non_compliant_critical_count: 1, # compliant_informational_count: 1, # non_compliant_informational_count: 1, # compliant_unspecified_count: 1, # non_compliant_low_count: 1, # non_compliant_high_count: 1, # compliant_low_count: 1, # compliance_type: "NonEmptyString", # patch_baseline_id: "NonEmptyString", # overall_severity: "NonEmptyString", # non_compliant_medium_count: 1, # non_compliant_unspecified_count: 1, # patch_group: "NonEmptyString", # }, # }, # }, # aws_certificate_manager_certificate: { # certificate_authority_arn: "NonEmptyString", # created_at: "NonEmptyString", # domain_name: "NonEmptyString", # domain_validation_options: [ # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # }, # ], # extended_key_usages: [ # { # name: "NonEmptyString", # o_id: "NonEmptyString", # }, # ], # failure_reason: "NonEmptyString", # imported_at: "NonEmptyString", # in_use_by: ["NonEmptyString"], # issued_at: "NonEmptyString", # issuer: "NonEmptyString", # key_algorithm: "NonEmptyString", # key_usages: [ # { # name: "NonEmptyString", # }, # ], # not_after: "NonEmptyString", # not_before: "NonEmptyString", # options: { # certificate_transparency_logging_preference: "NonEmptyString", # }, # renewal_eligibility: "NonEmptyString", # renewal_summary: { # domain_validation_options: [ # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # }, # ], # renewal_status: "NonEmptyString", # renewal_status_reason: "NonEmptyString", # updated_at: "NonEmptyString", # }, # serial: "NonEmptyString", # signature_algorithm: "NonEmptyString", # status: "NonEmptyString", # subject: "NonEmptyString", # subject_alternative_names: ["NonEmptyString"], # type: "NonEmptyString", # }, # aws_redshift_cluster: { # allow_version_upgrade: false, # automated_snapshot_retention_period: 1, # availability_zone: "NonEmptyString", # cluster_availability_status: "NonEmptyString", # cluster_create_time: "NonEmptyString", # cluster_identifier: "NonEmptyString", # cluster_nodes: [ # { # node_role: "NonEmptyString", # private_ip_address: "NonEmptyString", # public_ip_address: "NonEmptyString", # }, # ], # cluster_parameter_groups: [ # { # cluster_parameter_status_list: [ # { # parameter_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # parameter_apply_error_description: "NonEmptyString", # }, # ], # parameter_apply_status: "NonEmptyString", # parameter_group_name: "NonEmptyString", # }, # ], # cluster_public_key: "NonEmptyString", # cluster_revision_number: "NonEmptyString", # cluster_security_groups: [ # { # cluster_security_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # cluster_snapshot_copy_status: { # destination_region: "NonEmptyString", # manual_snapshot_retention_period: 1, # retention_period: 1, # snapshot_copy_grant_name: "NonEmptyString", # }, # cluster_status: "NonEmptyString", # cluster_subnet_group_name: "NonEmptyString", # cluster_version: "NonEmptyString", # db_name: "NonEmptyString", # deferred_maintenance_windows: [ # { # defer_maintenance_end_time: "NonEmptyString", # defer_maintenance_identifier: "NonEmptyString", # defer_maintenance_start_time: "NonEmptyString", # }, # ], # elastic_ip_status: { # elastic_ip: "NonEmptyString", # status: "NonEmptyString", # }, # elastic_resize_number_of_node_options: "NonEmptyString", # encrypted: false, # endpoint: { # address: "NonEmptyString", # port: 1, # }, # enhanced_vpc_routing: false, # expected_next_snapshot_schedule_time: "NonEmptyString", # expected_next_snapshot_schedule_time_status: "NonEmptyString", # hsm_status: { # hsm_client_certificate_identifier: "NonEmptyString", # hsm_configuration_identifier: "NonEmptyString", # status: "NonEmptyString", # }, # iam_roles: [ # { # apply_status: "NonEmptyString", # iam_role_arn: "NonEmptyString", # }, # ], # kms_key_id: "NonEmptyString", # maintenance_track_name: "NonEmptyString", # manual_snapshot_retention_period: 1, # master_username: "NonEmptyString", # next_maintenance_window_start_time: "NonEmptyString", # node_type: "NonEmptyString", # number_of_nodes: 1, # pending_actions: ["NonEmptyString"], # pending_modified_values: { # automated_snapshot_retention_period: 1, # cluster_identifier: "NonEmptyString", # cluster_type: "NonEmptyString", # cluster_version: "NonEmptyString", # encryption_type: "NonEmptyString", # enhanced_vpc_routing: false, # maintenance_track_name: "NonEmptyString", # master_user_password: "NonEmptyString", # node_type: "NonEmptyString", # number_of_nodes: 1, # publicly_accessible: false, # }, # preferred_maintenance_window: "NonEmptyString", # publicly_accessible: false, # resize_info: { # allow_cancel_resize: false, # resize_type: "NonEmptyString", # }, # restore_status: { # current_restore_rate_in_mega_bytes_per_second: 1.0, # elapsed_time_in_seconds: 1, # estimated_time_to_completion_in_seconds: 1, # progress_in_mega_bytes: 1, # snapshot_size_in_mega_bytes: 1, # status: "NonEmptyString", # }, # snapshot_schedule_identifier: "NonEmptyString", # snapshot_schedule_state: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_security_groups: [ # { # status: "NonEmptyString", # vpc_security_group_id: "NonEmptyString", # }, # ], # }, # aws_elb_load_balancer: { # availability_zones: ["NonEmptyString"], # backend_server_descriptions: [ # { # instance_port: 1, # policy_names: ["NonEmptyString"], # }, # ], # canonical_hosted_zone_name: "NonEmptyString", # canonical_hosted_zone_name_id: "NonEmptyString", # created_time: "NonEmptyString", # dns_name: "NonEmptyString", # health_check: { # healthy_threshold: 1, # interval: 1, # target: "NonEmptyString", # timeout: 1, # unhealthy_threshold: 1, # }, # instances: [ # { # instance_id: "NonEmptyString", # }, # ], # listener_descriptions: [ # { # listener: { # instance_port: 1, # instance_protocol: "NonEmptyString", # load_balancer_port: 1, # protocol: "NonEmptyString", # ssl_certificate_id: "NonEmptyString", # }, # policy_names: ["NonEmptyString"], # }, # ], # load_balancer_attributes: { # access_log: { # emit_interval: 1, # enabled: false, # s3_bucket_name: "NonEmptyString", # s3_bucket_prefix: "NonEmptyString", # }, # connection_draining: { # enabled: false, # timeout: 1, # }, # connection_settings: { # idle_timeout: 1, # }, # cross_zone_load_balancing: { # enabled: false, # }, # }, # load_balancer_name: "NonEmptyString", # policies: { # app_cookie_stickiness_policies: [ # { # cookie_name: "NonEmptyString", # policy_name: "NonEmptyString", # }, # ], # lb_cookie_stickiness_policies: [ # { # cookie_expiration_period: 1, # policy_name: "NonEmptyString", # }, # ], # other_policies: ["NonEmptyString"], # }, # scheme: "NonEmptyString", # security_groups: ["NonEmptyString"], # source_security_group: { # group_name: "NonEmptyString", # owner_alias: "NonEmptyString", # }, # subnets: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # aws_iam_group: { # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # group_id: "NonEmptyString", # group_name: "NonEmptyString", # group_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # path: "NonEmptyString", # }, # aws_iam_role: { # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # instance_profile_list: [ # { # arn: "NonEmptyString", # create_date: "NonEmptyString", # instance_profile_id: "NonEmptyString", # instance_profile_name: "NonEmptyString", # path: "NonEmptyString", # roles: [ # { # arn: "NonEmptyString", # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # create_date: "NonEmptyString", # path: "NonEmptyString", # role_id: "NonEmptyString", # role_name: "NonEmptyString", # }, # ], # }, # ], # permissions_boundary: { # permissions_boundary_arn: "NonEmptyString", # permissions_boundary_type: "NonEmptyString", # }, # role_id: "NonEmptyString", # role_name: "NonEmptyString", # role_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # max_session_duration: 1, # path: "NonEmptyString", # }, # aws_kms_key: { # aws_account_id: "NonEmptyString", # creation_date: 1.0, # key_id: "NonEmptyString", # key_manager: "NonEmptyString", # key_state: "NonEmptyString", # origin: "NonEmptyString", # description: "NonEmptyString", # key_rotation_status: false, # }, # aws_lambda_function: { # code: { # s3_bucket: "NonEmptyString", # s3_key: "NonEmptyString", # s3_object_version: "NonEmptyString", # zip_file: "NonEmptyString", # }, # code_sha_256: "NonEmptyString", # dead_letter_config: { # target_arn: "NonEmptyString", # }, # environment: { # variables: { # "NonEmptyString" => "NonEmptyString", # }, # error: { # error_code: "NonEmptyString", # message: "NonEmptyString", # }, # }, # function_name: "NonEmptyString", # handler: "NonEmptyString", # kms_key_arn: "NonEmptyString", # last_modified: "NonEmptyString", # layers: [ # { # arn: "NonEmptyString", # code_size: 1, # }, # ], # master_arn: "NonEmptyString", # memory_size: 1, # revision_id: "NonEmptyString", # role: "NonEmptyString", # runtime: "NonEmptyString", # timeout: 1, # tracing_config: { # mode: "NonEmptyString", # }, # vpc_config: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # version: "NonEmptyString", # }, # aws_lambda_layer_version: { # version: 1, # compatible_runtimes: ["NonEmptyString"], # created_date: "NonEmptyString", # }, # aws_rds_db_instance: { # associated_roles: [ # { # role_arn: "NonEmptyString", # feature_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # ca_certificate_identifier: "NonEmptyString", # db_cluster_identifier: "NonEmptyString", # db_instance_identifier: "NonEmptyString", # db_instance_class: "NonEmptyString", # db_instance_port: 1, # dbi_resource_id: "NonEmptyString", # db_name: "NonEmptyString", # deletion_protection: false, # endpoint: { # address: "NonEmptyString", # port: 1, # hosted_zone_id: "NonEmptyString", # }, # engine: "NonEmptyString", # engine_version: "NonEmptyString", # iam_database_authentication_enabled: false, # instance_create_time: "NonEmptyString", # kms_key_id: "NonEmptyString", # publicly_accessible: false, # storage_encrypted: false, # tde_credential_arn: "NonEmptyString", # vpc_security_groups: [ # { # vpc_security_group_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # multi_az: false, # enhanced_monitoring_resource_arn: "NonEmptyString", # db_instance_status: "NonEmptyString", # master_username: "NonEmptyString", # allocated_storage: 1, # preferred_backup_window: "NonEmptyString", # backup_retention_period: 1, # db_security_groups: ["NonEmptyString"], # db_parameter_groups: [ # { # db_parameter_group_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # }, # ], # availability_zone: "NonEmptyString", # db_subnet_group: { # db_subnet_group_name: "NonEmptyString", # db_subnet_group_description: "NonEmptyString", # vpc_id: "NonEmptyString", # subnet_group_status: "NonEmptyString", # subnets: [ # { # subnet_identifier: "NonEmptyString", # subnet_availability_zone: { # name: "NonEmptyString", # }, # subnet_status: "NonEmptyString", # }, # ], # db_subnet_group_arn: "NonEmptyString", # }, # preferred_maintenance_window: "NonEmptyString", # pending_modified_values: { # db_instance_class: "NonEmptyString", # allocated_storage: 1, # master_user_password: "NonEmptyString", # port: 1, # backup_retention_period: 1, # multi_az: false, # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # iops: 1, # db_instance_identifier: "NonEmptyString", # storage_type: "NonEmptyString", # ca_certificate_identifier: "NonEmptyString", # db_subnet_group_name: "NonEmptyString", # pending_cloud_watch_logs_exports: { # log_types_to_enable: ["NonEmptyString"], # log_types_to_disable: ["NonEmptyString"], # }, # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # }, # latest_restorable_time: "NonEmptyString", # auto_minor_version_upgrade: false, # read_replica_source_db_instance_identifier: "NonEmptyString", # read_replica_db_instance_identifiers: ["NonEmptyString"], # read_replica_db_cluster_identifiers: ["NonEmptyString"], # license_model: "NonEmptyString", # iops: 1, # option_group_memberships: [ # { # option_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # character_set_name: "NonEmptyString", # secondary_availability_zone: "NonEmptyString", # status_infos: [ # { # status_type: "NonEmptyString", # normal: false, # status: "NonEmptyString", # message: "NonEmptyString", # }, # ], # storage_type: "NonEmptyString", # domain_memberships: [ # { # domain: "NonEmptyString", # status: "NonEmptyString", # fqdn: "NonEmptyString", # iam_role_name: "NonEmptyString", # }, # ], # copy_tags_to_snapshot: false, # monitoring_interval: 1, # monitoring_role_arn: "NonEmptyString", # promotion_tier: 1, # timezone: "NonEmptyString", # performance_insights_enabled: false, # performance_insights_kms_key_id: "NonEmptyString", # performance_insights_retention_period: 1, # enabled_cloud_watch_logs_exports: ["NonEmptyString"], # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # listener_endpoint: { # address: "NonEmptyString", # port: 1, # hosted_zone_id: "NonEmptyString", # }, # max_allocated_storage: 1, # }, # aws_sns_topic: { # kms_master_key_id: "NonEmptyString", # subscription: [ # { # endpoint: "NonEmptyString", # protocol: "NonEmptyString", # }, # ], # topic_name: "NonEmptyString", # owner: "NonEmptyString", # }, # aws_sqs_queue: { # kms_data_key_reuse_period_seconds: 1, # kms_master_key_id: "NonEmptyString", # queue_name: "NonEmptyString", # dead_letter_target_arn: "NonEmptyString", # }, # aws_waf_web_acl: { # name: "NonEmptyString", # default_action: "NonEmptyString", # rules: [ # { # action: { # type: "NonEmptyString", # }, # excluded_rules: [ # { # rule_id: "NonEmptyString", # }, # ], # override_action: { # type: "NonEmptyString", # }, # priority: 1, # rule_id: "NonEmptyString", # type: "NonEmptyString", # }, # ], # web_acl_id: "NonEmptyString", # }, # aws_rds_db_snapshot: { # db_snapshot_identifier: "NonEmptyString", # db_instance_identifier: "NonEmptyString", # snapshot_create_time: "NonEmptyString", # engine: "NonEmptyString", # allocated_storage: 1, # status: "NonEmptyString", # port: 1, # availability_zone: "NonEmptyString", # vpc_id: "NonEmptyString", # instance_create_time: "NonEmptyString", # master_username: "NonEmptyString", # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # snapshot_type: "NonEmptyString", # iops: 1, # option_group_name: "NonEmptyString", # percent_progress: 1, # source_region: "NonEmptyString", # source_db_snapshot_identifier: "NonEmptyString", # storage_type: "NonEmptyString", # tde_credential_arn: "NonEmptyString", # encrypted: false, # kms_key_id: "NonEmptyString", # timezone: "NonEmptyString", # iam_database_authentication_enabled: false, # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # dbi_resource_id: "NonEmptyString", # }, # aws_rds_db_cluster_snapshot: { # availability_zones: ["NonEmptyString"], # snapshot_create_time: "NonEmptyString", # engine: "NonEmptyString", # allocated_storage: 1, # status: "NonEmptyString", # port: 1, # vpc_id: "NonEmptyString", # cluster_create_time: "NonEmptyString", # master_username: "NonEmptyString", # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # snapshot_type: "NonEmptyString", # percent_progress: 1, # storage_encrypted: false, # kms_key_id: "NonEmptyString", # db_cluster_identifier: "NonEmptyString", # db_cluster_snapshot_identifier: "NonEmptyString", # iam_database_authentication_enabled: false, # }, # aws_rds_db_cluster: { # allocated_storage: 1, # availability_zones: ["NonEmptyString"], # backup_retention_period: 1, # database_name: "NonEmptyString", # status: "NonEmptyString", # endpoint: "NonEmptyString", # reader_endpoint: "NonEmptyString", # custom_endpoints: ["NonEmptyString"], # multi_az: false, # engine: "NonEmptyString", # engine_version: "NonEmptyString", # port: 1, # master_username: "NonEmptyString", # preferred_backup_window: "NonEmptyString", # preferred_maintenance_window: "NonEmptyString", # read_replica_identifiers: ["NonEmptyString"], # vpc_security_groups: [ # { # vpc_security_group_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # hosted_zone_id: "NonEmptyString", # storage_encrypted: false, # kms_key_id: "NonEmptyString", # db_cluster_resource_id: "NonEmptyString", # associated_roles: [ # { # role_arn: "NonEmptyString", # status: "NonEmptyString", # }, # ], # cluster_create_time: "NonEmptyString", # enabled_cloud_watch_logs_exports: ["NonEmptyString"], # engine_mode: "NonEmptyString", # deletion_protection: false, # http_endpoint_enabled: false, # activity_stream_status: "NonEmptyString", # copy_tags_to_snapshot: false, # cross_account_clone: false, # domain_memberships: [ # { # domain: "NonEmptyString", # status: "NonEmptyString", # fqdn: "NonEmptyString", # iam_role_name: "NonEmptyString", # }, # ], # db_cluster_parameter_group: "NonEmptyString", # db_subnet_group: "NonEmptyString", # db_cluster_option_group_memberships: [ # { # db_cluster_option_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # db_cluster_identifier: "NonEmptyString", # db_cluster_members: [ # { # is_cluster_writer: false, # promotion_tier: 1, # db_instance_identifier: "NonEmptyString", # db_cluster_parameter_group_status: "NonEmptyString", # }, # ], # iam_database_authentication_enabled: false, # }, # aws_ecs_cluster: { # capacity_providers: ["NonEmptyString"], # cluster_settings: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # configuration: { # execute_command_configuration: { # kms_key_id: "NonEmptyString", # log_configuration: { # cloud_watch_encryption_enabled: false, # cloud_watch_log_group_name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_encryption_enabled: false, # s3_key_prefix: "NonEmptyString", # }, # logging: "NonEmptyString", # }, # }, # default_capacity_provider_strategy: [ # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # }, # ], # }, # aws_ecs_task_definition: { # container_definitions: [ # { # command: ["NonEmptyString"], # cpu: 1, # depends_on: [ # { # condition: "NonEmptyString", # container_name: "NonEmptyString", # }, # ], # disable_networking: false, # dns_search_domains: ["NonEmptyString"], # dns_servers: ["NonEmptyString"], # docker_labels: { # "NonEmptyString" => "NonEmptyString", # }, # docker_security_options: ["NonEmptyString"], # entry_point: ["NonEmptyString"], # environment: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # environment_files: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # essential: false, # extra_hosts: [ # { # hostname: "NonEmptyString", # ip_address: "NonEmptyString", # }, # ], # firelens_configuration: { # options: { # "NonEmptyString" => "NonEmptyString", # }, # type: "NonEmptyString", # }, # health_check: { # command: ["NonEmptyString"], # interval: 1, # retries: 1, # start_period: 1, # timeout: 1, # }, # hostname: "NonEmptyString", # image: "NonEmptyString", # interactive: false, # links: ["NonEmptyString"], # linux_parameters: { # capabilities: { # add: ["NonEmptyString"], # drop: ["NonEmptyString"], # }, # devices: [ # { # container_path: "NonEmptyString", # host_path: "NonEmptyString", # permissions: ["NonEmptyString"], # }, # ], # init_process_enabled: false, # max_swap: 1, # shared_memory_size: 1, # swappiness: 1, # tmpfs: [ # { # container_path: "NonEmptyString", # mount_options: ["NonEmptyString"], # size: 1, # }, # ], # }, # log_configuration: { # log_driver: "NonEmptyString", # options: { # "NonEmptyString" => "NonEmptyString", # }, # secret_options: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # }, # memory: 1, # memory_reservation: 1, # mount_points: [ # { # container_path: "NonEmptyString", # read_only: false, # source_volume: "NonEmptyString", # }, # ], # name: "NonEmptyString", # port_mappings: [ # { # container_port: 1, # host_port: 1, # protocol: "NonEmptyString", # }, # ], # privileged: false, # pseudo_terminal: false, # readonly_root_filesystem: false, # repository_credentials: { # credentials_parameter: "NonEmptyString", # }, # resource_requirements: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # secrets: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # start_timeout: 1, # stop_timeout: 1, # system_controls: [ # { # namespace: "NonEmptyString", # value: "NonEmptyString", # }, # ], # ulimits: [ # { # hard_limit: 1, # name: "NonEmptyString", # soft_limit: 1, # }, # ], # user: "NonEmptyString", # volumes_from: [ # { # read_only: false, # source_container: "NonEmptyString", # }, # ], # working_directory: "NonEmptyString", # }, # ], # cpu: "NonEmptyString", # execution_role_arn: "NonEmptyString", # family: "NonEmptyString", # inference_accelerators: [ # { # device_name: "NonEmptyString", # device_type: "NonEmptyString", # }, # ], # ipc_mode: "NonEmptyString", # memory: "NonEmptyString", # network_mode: "NonEmptyString", # pid_mode: "NonEmptyString", # placement_constraints: [ # { # expression: "NonEmptyString", # type: "NonEmptyString", # }, # ], # proxy_configuration: { # container_name: "NonEmptyString", # proxy_configuration_properties: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # type: "NonEmptyString", # }, # requires_compatibilities: ["NonEmptyString"], # task_role_arn: "NonEmptyString", # volumes: [ # { # docker_volume_configuration: { # autoprovision: false, # driver: "NonEmptyString", # driver_opts: { # "NonEmptyString" => "NonEmptyString", # }, # labels: { # "NonEmptyString" => "NonEmptyString", # }, # scope: "NonEmptyString", # }, # efs_volume_configuration: { # authorization_config: { # access_point_id: "NonEmptyString", # iam: "NonEmptyString", # }, # filesystem_id: "NonEmptyString", # root_directory: "NonEmptyString", # transit_encryption: "NonEmptyString", # transit_encryption_port: 1, # }, # host: { # source_path: "NonEmptyString", # }, # name: "NonEmptyString", # }, # ], # }, # container: { # name: "NonEmptyString", # image_id: "NonEmptyString", # image_name: "NonEmptyString", # launched_at: "NonEmptyString", # }, # other: { # "NonEmptyString" => "NonEmptyString", # }, # aws_rds_event_subscription: { # cust_subscription_id: "NonEmptyString", # customer_aws_id: "NonEmptyString", # enabled: false, # event_categories_list: ["NonEmptyString"], # event_subscription_arn: "NonEmptyString", # sns_topic_arn: "NonEmptyString", # source_ids_list: ["NonEmptyString"], # source_type: "NonEmptyString", # status: "NonEmptyString", # subscription_creation_time: "NonEmptyString", # }, # aws_ecs_service: { # capacity_provider_strategy: [ # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # }, # ], # cluster: "NonEmptyString", # deployment_configuration: { # deployment_circuit_breaker: { # enable: false, # rollback: false, # }, # maximum_percent: 1, # minimum_healthy_percent: 1, # }, # deployment_controller: { # type: "NonEmptyString", # }, # desired_count: 1, # enable_ecs_managed_tags: false, # enable_execute_command: false, # health_check_grace_period_seconds: 1, # launch_type: "NonEmptyString", # load_balancers: [ # { # container_name: "NonEmptyString", # container_port: 1, # load_balancer_name: "NonEmptyString", # target_group_arn: "NonEmptyString", # }, # ], # name: "NonEmptyString", # network_configuration: { # aws_vpc_configuration: { # assign_public_ip: "NonEmptyString", # security_groups: ["NonEmptyString"], # subnets: ["NonEmptyString"], # }, # }, # placement_constraints: [ # { # expression: "NonEmptyString", # type: "NonEmptyString", # }, # ], # placement_strategies: [ # { # field: "NonEmptyString", # type: "NonEmptyString", # }, # ], # platform_version: "NonEmptyString", # propagate_tags: "NonEmptyString", # role: "NonEmptyString", # scheduling_strategy: "NonEmptyString", # service_arn: "NonEmptyString", # service_name: "NonEmptyString", # service_registries: [ # { # container_name: "NonEmptyString", # container_port: 1, # port: 1, # registry_arn: "NonEmptyString", # }, # ], # task_definition: "NonEmptyString", # }, # aws_auto_scaling_launch_configuration: { # associate_public_ip_address: false, # block_device_mappings: [ # { # device_name: "NonEmptyString", # ebs: { # delete_on_termination: false, # encrypted: false, # iops: 1, # snapshot_id: "NonEmptyString", # volume_size: 1, # volume_type: "NonEmptyString", # }, # no_device: false, # virtual_name: "NonEmptyString", # }, # ], # classic_link_vpc_id: "NonEmptyString", # classic_link_vpc_security_groups: ["NonEmptyString"], # created_time: "NonEmptyString", # ebs_optimized: false, # iam_instance_profile: "NonEmptyString", # image_id: "NonEmptyString", # instance_monitoring: { # enabled: false, # }, # instance_type: "NonEmptyString", # kernel_id: "NonEmptyString", # key_name: "NonEmptyString", # launch_configuration_name: "NonEmptyString", # placement_tenancy: "NonEmptyString", # ramdisk_id: "NonEmptyString", # security_groups: ["NonEmptyString"], # spot_price: "NonEmptyString", # user_data: "NonEmptyString", # metadata_options: { # http_endpoint: "NonEmptyString", # http_put_response_hop_limit: 1, # http_tokens: "NonEmptyString", # }, # }, # aws_ec2_vpn_connection: { # vpn_connection_id: "NonEmptyString", # state: "NonEmptyString", # customer_gateway_id: "NonEmptyString", # customer_gateway_configuration: "NonEmptyString", # type: "NonEmptyString", # vpn_gateway_id: "NonEmptyString", # category: "NonEmptyString", # vgw_telemetry: [ # { # accepted_route_count: 1, # certificate_arn: "NonEmptyString", # last_status_change: "NonEmptyString", # outside_ip_address: "NonEmptyString", # status: "NonEmptyString", # status_message: "NonEmptyString", # }, # ], # options: { # static_routes_only: false, # tunnel_options: [ # { # dpd_timeout_seconds: 1, # ike_versions: ["NonEmptyString"], # outside_ip_address: "NonEmptyString", # phase_1_dh_group_numbers: [1], # phase_1_encryption_algorithms: ["NonEmptyString"], # phase_1_integrity_algorithms: ["NonEmptyString"], # phase_1_lifetime_seconds: 1, # phase_2_dh_group_numbers: [1], # phase_2_encryption_algorithms: ["NonEmptyString"], # phase_2_integrity_algorithms: ["NonEmptyString"], # phase_2_lifetime_seconds: 1, # pre_shared_key: "NonEmptyString", # rekey_fuzz_percentage: 1, # rekey_margin_time_seconds: 1, # replay_window_size: 1, # tunnel_inside_cidr: "NonEmptyString", # }, # ], # }, # routes: [ # { # destination_cidr_block: "NonEmptyString", # state: "NonEmptyString", # }, # ], # transit_gateway_id: "NonEmptyString", # }, # aws_ecr_container_image: { # registry_id: "NonEmptyString", # repository_name: "NonEmptyString", # architecture: "NonEmptyString", # image_digest: "NonEmptyString", # image_tags: ["NonEmptyString"], # image_published_at: "NonEmptyString", # }, # aws_open_search_service_domain: { # arn: "NonEmptyString", # access_policies: "NonEmptyString", # domain_name: "NonEmptyString", # id: "NonEmptyString", # domain_endpoint: "NonEmptyString", # engine_version: "NonEmptyString", # encryption_at_rest_options: { # enabled: false, # kms_key_id: "NonEmptyString", # }, # node_to_node_encryption_options: { # enabled: false, # }, # service_software_options: { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # optional_deployment: false, # }, # cluster_config: { # instance_count: 1, # warm_enabled: false, # warm_count: 1, # dedicated_master_enabled: false, # zone_awareness_config: { # availability_zone_count: 1, # }, # dedicated_master_count: 1, # instance_type: "NonEmptyString", # warm_type: "NonEmptyString", # zone_awareness_enabled: false, # dedicated_master_type: "NonEmptyString", # }, # domain_endpoint_options: { # custom_endpoint_certificate_arn: "NonEmptyString", # custom_endpoint_enabled: false, # enforce_https: false, # custom_endpoint: "NonEmptyString", # tls_security_policy: "NonEmptyString", # }, # vpc_options: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # }, # log_publishing_options: { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # }, # domain_endpoints: { # "NonEmptyString" => "NonEmptyString", # }, # }, # aws_ec2_vpc_endpoint_service: { # acceptance_required: false, # availability_zones: ["NonEmptyString"], # base_endpoint_dns_names: ["NonEmptyString"], # manages_vpc_endpoints: false, # gateway_load_balancer_arns: ["NonEmptyString"], # network_load_balancer_arns: ["NonEmptyString"], # private_dns_name: "NonEmptyString", # service_id: "NonEmptyString", # service_name: "NonEmptyString", # service_state: "NonEmptyString", # service_type: [ # { # service_type: "NonEmptyString", # }, # ], # }, # aws_xray_encryption_config: { # key_id: "NonEmptyString", # status: "NonEmptyString", # type: "NonEmptyString", # }, # aws_waf_rate_based_rule: { # metric_name: "NonEmptyString", # name: "NonEmptyString", # rate_key: "NonEmptyString", # rate_limit: 1, # rule_id: "NonEmptyString", # match_predicates: [ # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # }, # ], # }, # aws_waf_regional_rate_based_rule: { # metric_name: "NonEmptyString", # name: "NonEmptyString", # rate_key: "NonEmptyString", # rate_limit: 1, # rule_id: "NonEmptyString", # match_predicates: [ # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # }, # ], # }, # aws_ecr_repository: { # arn: "NonEmptyString", # image_scanning_configuration: { # scan_on_push: false, # }, # image_tag_mutability: "NonEmptyString", # lifecycle_policy: { # lifecycle_policy_text: "NonEmptyString", # registry_id: "NonEmptyString", # }, # repository_name: "NonEmptyString", # repository_policy_text: "NonEmptyString", # }, # aws_eks_cluster: { # arn: "NonEmptyString", # certificate_authority_data: "NonEmptyString", # cluster_status: "NonEmptyString", # endpoint: "NonEmptyString", # name: "NonEmptyString", # resources_vpc_config: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # }, # role_arn: "NonEmptyString", # version: "NonEmptyString", # logging: { # cluster_logging: [ # { # enabled: false, # types: ["NonEmptyString"], # }, # ], # }, # }, # aws_network_firewall_firewall_policy: { # firewall_policy: { # stateful_rule_group_references: [ # { # resource_arn: "NonEmptyString", # }, # ], # stateless_custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_default_actions: ["NonEmptyString"], # stateless_fragment_default_actions: ["NonEmptyString"], # stateless_rule_group_references: [ # { # priority: 1, # resource_arn: "NonEmptyString", # }, # ], # }, # firewall_policy_arn: "NonEmptyString", # firewall_policy_id: "NonEmptyString", # firewall_policy_name: "NonEmptyString", # description: "NonEmptyString", # }, # aws_network_firewall_firewall: { # delete_protection: false, # description: "NonEmptyString", # firewall_arn: "NonEmptyString", # firewall_id: "NonEmptyString", # firewall_name: "NonEmptyString", # firewall_policy_arn: "NonEmptyString", # firewall_policy_change_protection: false, # subnet_change_protection: false, # subnet_mappings: [ # { # subnet_id: "NonEmptyString", # }, # ], # vpc_id: "NonEmptyString", # }, # aws_network_firewall_rule_group: { # capacity: 1, # description: "NonEmptyString", # rule_group: { # rule_variables: { # ip_sets: { # definition: ["NonEmptyString"], # }, # port_sets: { # definition: ["NonEmptyString"], # }, # }, # rules_source: { # rules_source_list: { # generated_rules_type: "NonEmptyString", # target_types: ["NonEmptyString"], # targets: ["NonEmptyString"], # }, # rules_string: "NonEmptyString", # stateful_rules: [ # { # action: "NonEmptyString", # header: { # destination: "NonEmptyString", # destination_port: "NonEmptyString", # direction: "NonEmptyString", # protocol: "NonEmptyString", # source: "NonEmptyString", # source_port: "NonEmptyString", # }, # rule_options: [ # { # keyword: "NonEmptyString", # settings: ["NonEmptyString"], # }, # ], # }, # ], # stateless_rules_and_custom_actions: { # custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_rules: [ # { # priority: 1, # rule_definition: { # actions: ["NonEmptyString"], # match_attributes: { # destination_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # destinations: [ # { # address_definition: "NonEmptyString", # }, # ], # protocols: [1], # source_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # sources: [ # { # address_definition: "NonEmptyString", # }, # ], # tcp_flags: [ # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # }, # ], # }, # }, # }, # ], # }, # }, # }, # rule_group_arn: "NonEmptyString", # rule_group_id: "NonEmptyString", # rule_group_name: "NonEmptyString", # type: "NonEmptyString", # }, # }, # }, # ], # compliance: { # status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE # related_requirements: ["NonEmptyString"], # status_reasons: [ # { # reason_code: "NonEmptyString", # required # description: "NonEmptyString", # }, # ], # }, # verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE # workflow_state: "NEW", # accepts NEW, ASSIGNED, IN_PROGRESS, DEFERRED, RESOLVED # workflow: { # status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED # }, # record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED # related_findings: [ # { # product_arn: "NonEmptyString", # required # id: "NonEmptyString", # required # }, # ], # note: { # text: "NonEmptyString", # required # updated_by: "NonEmptyString", # required # updated_at: "NonEmptyString", # required # }, # vulnerabilities: [ # { # id: "NonEmptyString", # required # vulnerable_packages: [ # { # name: "NonEmptyString", # version: "NonEmptyString", # epoch: "NonEmptyString", # release: "NonEmptyString", # architecture: "NonEmptyString", # package_manager: "NonEmptyString", # file_path: "NonEmptyString", # }, # ], # cvss: [ # { # version: "NonEmptyString", # base_score: 1.0, # base_vector: "NonEmptyString", # source: "NonEmptyString", # adjustments: [ # { # metric: "NonEmptyString", # reason: "NonEmptyString", # }, # ], # }, # ], # related_vulnerabilities: ["NonEmptyString"], # vendor: { # name: "NonEmptyString", # required # url: "NonEmptyString", # vendor_severity: "NonEmptyString", # vendor_created_at: "NonEmptyString", # vendor_updated_at: "NonEmptyString", # }, # reference_urls: ["NonEmptyString"], # }, # ], # patch_summary: { # id: "NonEmptyString", # required # installed_count: 1, # missing_count: 1, # failed_count: 1, # installed_other_count: 1, # installed_rejected_count: 1, # installed_pending_reboot: 1, # operation_start_time: "NonEmptyString", # operation_end_time: "NonEmptyString", # reboot_option: "NonEmptyString", # operation: "NonEmptyString", # }, # action: { # action_type: "NonEmptyString", # network_connection_action: { # connection_direction: "NonEmptyString", # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # remote_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # local_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # protocol: "NonEmptyString", # blocked: false, # }, # aws_api_call_action: { # api: "NonEmptyString", # service_name: "NonEmptyString", # caller_type: "NonEmptyString", # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # domain_details: { # domain: "NonEmptyString", # }, # affected_resources: { # "NonEmptyString" => "NonEmptyString", # }, # first_seen: "NonEmptyString", # last_seen: "NonEmptyString", # }, # dns_request_action: { # domain: "NonEmptyString", # protocol: "NonEmptyString", # blocked: false, # }, # port_probe_action: { # port_probe_details: [ # { # local_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # local_ip_details: { # ip_address_v4: "NonEmptyString", # }, # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # }, # ], # blocked: false, # }, # }, # finding_provider_fields: { # confidence: 1, # criticality: 1, # related_findings: [ # { # product_arn: "NonEmptyString", # required # id: "NonEmptyString", # required # }, # ], # severity: { # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL # original: "NonEmptyString", # }, # types: ["NonEmptyString"], # }, # sample: false, # }, # ], # } # # @!attribute [rw] findings # A list of findings to import. To successfully import a finding, it # must follow the [Amazon Web Services Security Finding Format][1]. # Maximum of 100 findings per request. # # # # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchImportFindingsRequest AWS API Documentation # class BatchImportFindingsRequest < Struct.new( :findings) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] failed_count # The number of findings that failed to import. # @return [Integer] # # @!attribute [rw] success_count # The number of findings that were successfully imported. # @return [Integer] # # @!attribute [rw] failed_findings # The list of findings that failed to import. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchImportFindingsResponse AWS API Documentation # class BatchImportFindingsResponse < Struct.new( :failed_count, :success_count, :failed_findings) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass BatchUpdateFindingsRequest # data as a hash: # # { # finding_identifiers: [ # required # { # id: "NonEmptyString", # required # product_arn: "NonEmptyString", # required # }, # ], # note: { # text: "NonEmptyString", # required # updated_by: "NonEmptyString", # required # }, # severity: { # normalized: 1, # product: 1.0, # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL # }, # verification_state: "UNKNOWN", # accepts UNKNOWN, TRUE_POSITIVE, FALSE_POSITIVE, BENIGN_POSITIVE # confidence: 1, # criticality: 1, # types: ["NonEmptyString"], # user_defined_fields: { # "NonEmptyString" => "NonEmptyString", # }, # workflow: { # status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED # }, # related_findings: [ # { # product_arn: "NonEmptyString", # required # id: "NonEmptyString", # required # }, # ], # } # # @!attribute [rw] finding_identifiers # The list of findings to update. `BatchUpdateFindings` can be used to # update up to 100 findings at a time. # # For each finding, the list provides the finding identifier and the # ARN of the finding provider. # @return [Array] # # @!attribute [rw] note # The updated note. # @return [Types::NoteUpdate] # # @!attribute [rw] severity # Used to update the finding severity. # @return [Types::SeverityUpdate] # # @!attribute [rw] verification_state # Indicates the veracity of a finding. # # The available values for `VerificationState` are as follows. # # * `UNKNOWN` – The default disposition of a security finding # # * `TRUE_POSITIVE` – The security finding is confirmed # # * `FALSE_POSITIVE` – The security finding was determined to be a # false alarm # # * `BENIGN_POSITIVE` – A special case of `TRUE_POSITIVE` where the # finding doesn't pose any threat, is expected, or both # @return [String] # # @!attribute [rw] confidence # The updated value for the finding confidence. Confidence is defined # as the likelihood that a finding accurately identifies the behavior # or issue that it was intended to identify. # # Confidence is scored on a 0-100 basis using a ratio scale, where 0 # means zero percent confidence and 100 means 100 percent confidence. # @return [Integer] # # @!attribute [rw] criticality # The updated value for the level of importance assigned to the # resources associated with the findings. # # A score of 0 means that the underlying resources have no # criticality, and a score of 100 is reserved for the most critical # resources. # @return [Integer] # # @!attribute [rw] types # One or more finding types in the format of # namespace/category/classifier that classify a finding. # # Valid namespace values are as follows. # # * Software and Configuration Checks # # * TTPs # # * Effects # # * Unusual Behaviors # # * Sensitive Data Identifications # @return [Array] # # @!attribute [rw] user_defined_fields # A list of name/value string pairs associated with the finding. These # are custom, user-defined fields added to a finding. # @return [Hash] # # @!attribute [rw] workflow # Used to update the workflow status of a finding. # # The workflow status indicates the progress of the investigation into # the finding. # @return [Types::WorkflowUpdate] # # @!attribute [rw] related_findings # A list of findings that are related to the updated findings. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsRequest AWS API Documentation # class BatchUpdateFindingsRequest < Struct.new( :finding_identifiers, :note, :severity, :verification_state, :confidence, :criticality, :types, :user_defined_fields, :workflow, :related_findings) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] processed_findings # The list of findings that were updated successfully. # @return [Array] # # @!attribute [rw] unprocessed_findings # The list of findings that were not updated. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsResponse AWS API Documentation # class BatchUpdateFindingsResponse < Struct.new( :processed_findings, :unprocessed_findings) SENSITIVE = [] include Aws::Structure end # A finding from a `BatchUpdateFindings` request that Security Hub was # unable to update. # # @!attribute [rw] finding_identifier # The identifier of the finding that was not updated. # @return [Types::AwsSecurityFindingIdentifier] # # @!attribute [rw] error_code # The code associated with the error. # @return [String] # # @!attribute [rw] error_message # The message associated with the error. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateFindingsUnprocessedFinding AWS API Documentation # class BatchUpdateFindingsUnprocessedFinding < Struct.new( :finding_identifier, :error_code, :error_message) SENSITIVE = [] include Aws::Structure end # Boolean filter for querying findings. # # @note When making an API call, you may pass BooleanFilter # data as a hash: # # { # value: false, # } # # @!attribute [rw] value # The value of the boolean. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BooleanFilter AWS API Documentation # class BooleanFilter < Struct.new( :value) SENSITIVE = [] include Aws::Structure end # An occurrence of sensitive data detected in a Microsoft Excel # workbook, comma-separated value (CSV) file, or tab-separated value # (TSV) file. # # @note When making an API call, you may pass Cell # data as a hash: # # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # } # # @!attribute [rw] column # The column number of the column that contains the data. For a # Microsoft Excel workbook, the column number corresponds to the # alphabetical column identifiers. For example, a value of 1 for # Column corresponds to the A column in the workbook. # @return [Integer] # # @!attribute [rw] row # The row number of the row that contains the data. # @return [Integer] # # @!attribute [rw] column_name # The name of the column that contains the data. # @return [String] # # @!attribute [rw] cell_reference # For a Microsoft Excel workbook, provides the location of the cell, # as an absolute cell reference, that contains the data. For example, # Sheet2!C5 for cell C5 on Sheet2. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Cell AWS API Documentation # class Cell < Struct.new( :column, :row, :column_name, :cell_reference) SENSITIVE = [] include Aws::Structure end # An IPv4 CIDR block association. # # @note When making an API call, you may pass CidrBlockAssociation # data as a hash: # # { # association_id: "NonEmptyString", # cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # } # # @!attribute [rw] association_id # The association ID for the IPv4 CIDR block. # @return [String] # # @!attribute [rw] cidr_block # The IPv4 CIDR block. # @return [String] # # @!attribute [rw] cidr_block_state # Information about the state of the IPv4 CIDR block. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CidrBlockAssociation AWS API Documentation # class CidrBlockAssociation < Struct.new( :association_id, :cidr_block, :cidr_block_state) SENSITIVE = [] include Aws::Structure end # Information about a city. # # @note When making an API call, you may pass City # data as a hash: # # { # city_name: "NonEmptyString", # } # # @!attribute [rw] city_name # The name of the city. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/City AWS API Documentation # class City < Struct.new( :city_name) SENSITIVE = [] include Aws::Structure end # Details about the sensitive data that was detected on the resource. # # @note When making an API call, you may pass ClassificationResult # data as a hash: # # { # mime_type: "NonEmptyString", # size_classified: 1, # additional_occurrences: false, # status: { # code: "NonEmptyString", # reason: "NonEmptyString", # }, # sensitive_data: [ # { # category: "NonEmptyString", # detections: [ # { # count: 1, # type: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # }, # ], # custom_data_identifiers: { # detections: [ # { # count: 1, # arn: "NonEmptyString", # name: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # }, # } # # @!attribute [rw] mime_type # The type of content that the finding applies to. # @return [String] # # @!attribute [rw] size_classified # The total size in bytes of the affected data. # @return [Integer] # # @!attribute [rw] additional_occurrences # Indicates whether there are additional occurrences of sensitive data # that are not included in the finding. This occurs when the number of # occurrences exceeds the maximum that can be included. # @return [Boolean] # # @!attribute [rw] status # The current status of the sensitive data detection. # @return [Types::ClassificationStatus] # # @!attribute [rw] sensitive_data # Provides details about sensitive data that was identified based on # built-in configuration. # @return [Array] # # @!attribute [rw] custom_data_identifiers # Provides details about sensitive data that was identified based on # customer-defined configuration. # @return [Types::CustomDataIdentifiersResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ClassificationResult AWS API Documentation # class ClassificationResult < Struct.new( :mime_type, :size_classified, :additional_occurrences, :status, :sensitive_data, :custom_data_identifiers) SENSITIVE = [] include Aws::Structure end # Provides details about the current status of the sensitive data # detection. # # @note When making an API call, you may pass ClassificationStatus # data as a hash: # # { # code: "NonEmptyString", # reason: "NonEmptyString", # } # # @!attribute [rw] code # The code that represents the status of the sensitive data detection. # @return [String] # # @!attribute [rw] reason # A longer description of the current status of the sensitive data # detection. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ClassificationStatus AWS API Documentation # class ClassificationStatus < Struct.new( :code, :reason) SENSITIVE = [] include Aws::Structure end # Contains finding details that are specific to control-based findings. # Only returned for findings generated from controls. # # @note When making an API call, you may pass Compliance # data as a hash: # # { # status: "PASSED", # accepts PASSED, WARNING, FAILED, NOT_AVAILABLE # related_requirements: ["NonEmptyString"], # status_reasons: [ # { # reason_code: "NonEmptyString", # required # description: "NonEmptyString", # }, # ], # } # # @!attribute [rw] status # The result of a standards check. # # The valid values for `Status` are as follows. # # * * `PASSED` - Standards check passed for all evaluated resources. # # * `WARNING` - Some information is missing or this check is not # supported for your configuration. # # * `FAILED` - Standards check failed for at least one evaluated # resource. # # * `NOT_AVAILABLE` - Check could not be performed due to a service # outage, API error, or because the result of the Config # evaluation was `NOT_APPLICABLE`. If the Config evaluation result # was `NOT_APPLICABLE`, then after 3 days, Security Hub # automatically archives the finding. # @return [String] # # @!attribute [rw] related_requirements # For a control, the industry or regulatory framework requirements # that are related to the control. The check for that control is # aligned with these requirements. # @return [Array] # # @!attribute [rw] status_reasons # For findings generated from controls, a list of reasons behind the # value of `Status`. For the list of status reason codes and their # meanings, see [Standards-related information in the ASFF][1] in the # *Security Hub User Guide*. # # # # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Compliance AWS API Documentation # class Compliance < Struct.new( :status, :related_requirements, :status_reasons) SENSITIVE = [] include Aws::Structure end # Container details related to a finding. # # @note When making an API call, you may pass ContainerDetails # data as a hash: # # { # name: "NonEmptyString", # image_id: "NonEmptyString", # image_name: "NonEmptyString", # launched_at: "NonEmptyString", # } # # @!attribute [rw] name # The name of the container related to a finding. # @return [String] # # @!attribute [rw] image_id # The identifier of the image related to a finding. # @return [String] # # @!attribute [rw] image_name # The name of the image related to a finding. # @return [String] # # @!attribute [rw] launched_at # Indicates when the container started. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ContainerDetails AWS API Documentation # class ContainerDetails < Struct.new( :name, :image_id, :image_name, :launched_at) SENSITIVE = [] include Aws::Structure end # Information about a country. # # @note When making an API call, you may pass Country # data as a hash: # # { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # } # # @!attribute [rw] country_code # The 2-letter ISO 3166 country code for the country. # @return [String] # # @!attribute [rw] country_name # The name of the country. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Country AWS API Documentation # class Country < Struct.new( :country_code, :country_name) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass CreateActionTargetRequest # data as a hash: # # { # name: "NonEmptyString", # required # description: "NonEmptyString", # required # id: "NonEmptyString", # required # } # # @!attribute [rw] name # The name of the custom action target. Can contain up to 20 # characters. # @return [String] # # @!attribute [rw] description # The description for the custom action target. # @return [String] # # @!attribute [rw] id # The ID for the custom action target. Can contain up to 20 # alphanumeric characters. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateActionTargetRequest AWS API Documentation # class CreateActionTargetRequest < Struct.new( :name, :description, :id) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] action_target_arn # The ARN for the custom action target. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateActionTargetResponse AWS API Documentation # class CreateActionTargetResponse < Struct.new( :action_target_arn) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass CreateFindingAggregatorRequest # data as a hash: # # { # region_linking_mode: "NonEmptyString", # required # regions: ["NonEmptyString"], # } # # @!attribute [rw] region_linking_mode # Indicates whether to aggregate findings from all of the available # Regions in the current partition. Also determines whether to # automatically aggregate findings from new Regions as Security Hub # supports them and you opt into them. # # The selected option also determines how to use the Regions provided # in the Regions list. # # The options are as follows: # # * `ALL_REGIONS` - Indicates to aggregate findings from all of the # Regions where Security Hub is enabled. When you choose this # option, Security Hub also automatically aggregates findings from # new Regions as Security Hub supports them and you opt into them. # # * `ALL_REGIONS_EXCEPT_SPECIFIED` - Indicates to aggregate findings # from all of the Regions where Security Hub is enabled, except for # the Regions listed in the `Regions` parameter. When you choose # this option, Security Hub also automatically aggregates findings # from new Regions as Security Hub supports them and you opt into # them. # # * `SPECIFIED_REGIONS` - Indicates to aggregate findings only from # the Regions listed in the `Regions` parameter. Security Hub does # not automatically aggregate findings from new Regions. # @return [String] # # @!attribute [rw] regions # If `RegionLinkingMode` is `ALL_REGIONS_EXCEPT_SPECIFIED`, then this # is a comma-separated list of Regions that do not aggregate findings # to the aggregation Region. # # If `RegionLinkingMode` is `SPECIFIED_REGIONS`, then this is a # comma-separated list of Regions that do aggregate findings to the # aggregation Region. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateFindingAggregatorRequest AWS API Documentation # class CreateFindingAggregatorRequest < Struct.new( :region_linking_mode, :regions) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] finding_aggregator_arn # The ARN of the finding aggregator. You use the finding aggregator # ARN to retrieve details for, update, and stop finding aggregation. # @return [String] # # @!attribute [rw] finding_aggregation_region # The aggregation Region. # @return [String] # # @!attribute [rw] region_linking_mode # Indicates whether to link all Regions, all Regions except for a list # of excluded Regions, or a list of included Regions. # @return [String] # # @!attribute [rw] regions # The list of excluded Regions or included Regions. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateFindingAggregatorResponse AWS API Documentation # class CreateFindingAggregatorResponse < Struct.new( :finding_aggregator_arn, :finding_aggregation_region, :region_linking_mode, :regions) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass CreateInsightRequest # data as a hash: # # { # name: "NonEmptyString", # required # filters: { # required # product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # aws_account_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # generator_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # region: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # first_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # last_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # created_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # updated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # severity_product: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # severity_normalized: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # severity_label: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # title: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # description: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # recommendation_text: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # source_url: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # product_fields: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # product_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # company_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # user_defined_fields: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # malware_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_path: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_direction: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_protocol: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_source_ip_v4: [ # { # cidr: "NonEmptyString", # }, # ], # network_source_ip_v6: [ # { # cidr: "NonEmptyString", # }, # ], # network_source_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # network_source_domain: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_source_mac: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_destination_ip_v4: [ # { # cidr: "NonEmptyString", # }, # ], # network_destination_ip_v6: [ # { # cidr: "NonEmptyString", # }, # ], # network_destination_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # network_destination_domain: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_path: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # process_parent_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # process_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # process_terminated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # threat_intel_indicator_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_value: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_category: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_last_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # threat_intel_indicator_source: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_source_url: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_partition: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_region: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_tags: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # resource_aws_ec2_instance_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_image_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_ip_v4_addresses: [ # { # cidr: "NonEmptyString", # }, # ], # resource_aws_ec2_instance_ip_v6_addresses: [ # { # cidr: "NonEmptyString", # }, # ], # resource_aws_ec2_instance_key_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_iam_instance_profile_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_vpc_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_subnet_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_aws_s3_bucket_owner_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_s3_bucket_owner_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_user_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_principal_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_created_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_aws_iam_user_user_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_image_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_image_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_details_other: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # compliance_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # verification_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # workflow_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # workflow_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # record_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # related_findings_product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # related_findings_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # note_text: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # note_updated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # note_updated_by: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # keyword: [ # { # value: "NonEmptyString", # }, # ], # finding_provider_fields_confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # finding_provider_fields_criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # finding_provider_fields_related_findings_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_related_findings_product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_severity_label: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_severity_original: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_types: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # sample: [ # { # value: false, # }, # ], # }, # group_by_attribute: "NonEmptyString", # required # } # # @!attribute [rw] name # The name of the custom insight to create. # @return [String] # # @!attribute [rw] filters # One or more attributes used to filter the findings included in the # insight. The insight only includes findings that match the criteria # defined in the filters. # @return [Types::AwsSecurityFindingFilters] # # @!attribute [rw] group_by_attribute # The attribute used to group the findings for the insight. The # grouping attribute identifies the type of item that the insight # applies to. For example, if an insight is grouped by resource # identifier, then the insight produces a list of resource # identifiers. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateInsightRequest AWS API Documentation # class CreateInsightRequest < Struct.new( :name, :filters, :group_by_attribute) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] insight_arn # The ARN of the insight created. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateInsightResponse AWS API Documentation # class CreateInsightResponse < Struct.new( :insight_arn) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass CreateMembersRequest # data as a hash: # # { # account_details: [ # required # { # account_id: "AccountId", # required # email: "NonEmptyString", # }, # ], # } # # @!attribute [rw] account_details # The list of accounts to associate with the Security Hub # administrator account. For each account, the list includes the # account ID and optionally the email address. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateMembersRequest AWS API Documentation # class CreateMembersRequest < Struct.new( :account_details) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # The list of Amazon Web Services accounts that were not processed. # For each account, the list includes the account ID and the email # address. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CreateMembersResponse AWS API Documentation # class CreateMembersResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # The list of detected instances of sensitive data. # # @note When making an API call, you may pass CustomDataIdentifiersDetections # data as a hash: # # { # count: 1, # arn: "NonEmptyString", # name: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # } # # @!attribute [rw] count # The total number of occurrences of sensitive data that were # detected. # @return [Integer] # # @!attribute [rw] arn # The ARN of the custom identifier that was used to detect the # sensitive data. # @return [String] # # @!attribute [rw] name # he name of the custom identifier that detected the sensitive data. # @return [String] # # @!attribute [rw] occurrences # Details about the sensitive data that was detected. # @return [Types::Occurrences] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CustomDataIdentifiersDetections AWS API Documentation # class CustomDataIdentifiersDetections < Struct.new( :count, :arn, :name, :occurrences) SENSITIVE = [] include Aws::Structure end # Contains an instance of sensitive data that was detected by a # customer-defined identifier. # # @note When making an API call, you may pass CustomDataIdentifiersResult # data as a hash: # # { # detections: [ # { # count: 1, # arn: "NonEmptyString", # name: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # } # # @!attribute [rw] detections # The list of detected instances of sensitive data. # @return [Array] # # @!attribute [rw] total_count # The total number of occurrences of sensitive data. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/CustomDataIdentifiersResult AWS API Documentation # class CustomDataIdentifiersResult < Struct.new( :detections, :total_count) SENSITIVE = [] include Aws::Structure end # CVSS scores from the advisory related to the vulnerability. # # @note When making an API call, you may pass Cvss # data as a hash: # # { # version: "NonEmptyString", # base_score: 1.0, # base_vector: "NonEmptyString", # source: "NonEmptyString", # adjustments: [ # { # metric: "NonEmptyString", # reason: "NonEmptyString", # }, # ], # } # # @!attribute [rw] version # The version of CVSS for the CVSS score. # @return [String] # # @!attribute [rw] base_score # The base CVSS score. # @return [Float] # # @!attribute [rw] base_vector # The base scoring vector for the CVSS score. # @return [String] # # @!attribute [rw] source # The origin of the original CVSS score and vector. # @return [String] # # @!attribute [rw] adjustments # Adjustments to the CVSS metrics. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Cvss AWS API Documentation # class Cvss < Struct.new( :version, :base_score, :base_vector, :source, :adjustments) SENSITIVE = [] include Aws::Structure end # Provides details about sensitive data that was detected on a resource. # # @note When making an API call, you may pass DataClassificationDetails # data as a hash: # # { # detailed_results_location: "NonEmptyString", # result: { # mime_type: "NonEmptyString", # size_classified: 1, # additional_occurrences: false, # status: { # code: "NonEmptyString", # reason: "NonEmptyString", # }, # sensitive_data: [ # { # category: "NonEmptyString", # detections: [ # { # count: 1, # type: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # }, # ], # custom_data_identifiers: { # detections: [ # { # count: 1, # arn: "NonEmptyString", # name: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # }, # }, # } # # @!attribute [rw] detailed_results_location # The path to the folder or file that contains the sensitive data. # @return [String] # # @!attribute [rw] result # The details about the sensitive data that was detected on the # resource. # @return [Types::ClassificationResult] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DataClassificationDetails AWS API Documentation # class DataClassificationDetails < Struct.new( :detailed_results_location, :result) SENSITIVE = [] include Aws::Structure end # A date filter for querying findings. # # @note When making an API call, you may pass DateFilter # data as a hash: # # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # } # # @!attribute [rw] start # A start date for the date filter. # @return [String] # # @!attribute [rw] end # An end date for the date filter. # @return [String] # # @!attribute [rw] date_range # A date range for the date filter. # @return [Types::DateRange] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DateFilter AWS API Documentation # class DateFilter < Struct.new( :start, :end, :date_range) SENSITIVE = [] include Aws::Structure end # A date range for the date filter. # # @note When making an API call, you may pass DateRange # data as a hash: # # { # value: 1, # unit: "DAYS", # accepts DAYS # } # # @!attribute [rw] value # A date range value for the date filter. # @return [Integer] # # @!attribute [rw] unit # A date range unit for the date filter. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DateRange AWS API Documentation # class DateRange < Struct.new( :value, :unit) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass DeclineInvitationsRequest # data as a hash: # # { # account_ids: ["NonEmptyString"], # required # } # # @!attribute [rw] account_ids # The list of account IDs for the accounts from which to decline the # invitations to Security Hub. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeclineInvitationsRequest AWS API Documentation # class DeclineInvitationsRequest < Struct.new( :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # The list of Amazon Web Services accounts that were not processed. # For each account, the list includes the account ID and the email # address. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeclineInvitationsResponse AWS API Documentation # class DeclineInvitationsResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass DeleteActionTargetRequest # data as a hash: # # { # action_target_arn: "NonEmptyString", # required # } # # @!attribute [rw] action_target_arn # The ARN of the custom action target to delete. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteActionTargetRequest AWS API Documentation # class DeleteActionTargetRequest < Struct.new( :action_target_arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] action_target_arn # The ARN of the custom action target that was deleted. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteActionTargetResponse AWS API Documentation # class DeleteActionTargetResponse < Struct.new( :action_target_arn) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass DeleteFindingAggregatorRequest # data as a hash: # # { # finding_aggregator_arn: "NonEmptyString", # required # } # # @!attribute [rw] finding_aggregator_arn # The ARN of the finding aggregator to delete. To obtain the ARN, use # `ListFindingAggregators`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteFindingAggregatorRequest AWS API Documentation # class DeleteFindingAggregatorRequest < Struct.new( :finding_aggregator_arn) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteFindingAggregatorResponse AWS API Documentation # class DeleteFindingAggregatorResponse < Aws::EmptyStructure; end # @note When making an API call, you may pass DeleteInsightRequest # data as a hash: # # { # insight_arn: "NonEmptyString", # required # } # # @!attribute [rw] insight_arn # The ARN of the insight to delete. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteInsightRequest AWS API Documentation # class DeleteInsightRequest < Struct.new( :insight_arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] insight_arn # The ARN of the insight that was deleted. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteInsightResponse AWS API Documentation # class DeleteInsightResponse < Struct.new( :insight_arn) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass DeleteInvitationsRequest # data as a hash: # # { # account_ids: ["NonEmptyString"], # required # } # # @!attribute [rw] account_ids # The list of the account IDs that sent the invitations to delete. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteInvitationsRequest AWS API Documentation # class DeleteInvitationsRequest < Struct.new( :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # The list of Amazon Web Services accounts for which the invitations # were not deleted. For each account, the list includes the account ID # and the email address. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteInvitationsResponse AWS API Documentation # class DeleteInvitationsResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass DeleteMembersRequest # data as a hash: # # { # account_ids: ["NonEmptyString"], # required # } # # @!attribute [rw] account_ids # The list of account IDs for the member accounts to delete. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteMembersRequest AWS API Documentation # class DeleteMembersRequest < Struct.new( :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # The list of Amazon Web Services accounts that were not deleted. For # each account, the list includes the account ID and the email # address. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DeleteMembersResponse AWS API Documentation # class DeleteMembersResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass DescribeActionTargetsRequest # data as a hash: # # { # action_target_arns: ["NonEmptyString"], # next_token: "NextToken", # max_results: 1, # } # # @!attribute [rw] action_target_arns # A list of custom action target ARNs for the custom action targets to # retrieve. # @return [Array] # # @!attribute [rw] next_token # The token that is required for pagination. On your first call to the # `DescribeActionTargets` operation, set the value of this parameter # to `NULL`. # # For subsequent calls to the operation, to continue listing data, set # the value of this parameter to the value returned from the previous # response. # @return [String] # # @!attribute [rw] max_results # The maximum number of results to return. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeActionTargetsRequest AWS API Documentation # class DescribeActionTargetsRequest < Struct.new( :action_target_arns, :next_token, :max_results) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] action_targets # A list of `ActionTarget` objects. Each object includes the # `ActionTargetArn`, `Description`, and `Name` of a custom action # target available in Security Hub. # @return [Array] # # @!attribute [rw] next_token # The pagination token to use to request the next page of results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeActionTargetsResponse AWS API Documentation # class DescribeActionTargetsResponse < Struct.new( :action_targets, :next_token) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass DescribeHubRequest # data as a hash: # # { # hub_arn: "NonEmptyString", # } # # @!attribute [rw] hub_arn # The ARN of the Hub resource to retrieve. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeHubRequest AWS API Documentation # class DescribeHubRequest < Struct.new( :hub_arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] hub_arn # The ARN of the Hub resource that was retrieved. # @return [String] # # @!attribute [rw] subscribed_at # The date and time when Security Hub was enabled in the account. # @return [String] # # @!attribute [rw] auto_enable_controls # Whether to automatically enable new controls when they are added to # standards that are enabled. # # If set to `true`, then new controls for enabled standards are # enabled automatically. If set to `false`, then new controls are not # enabled. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeHubResponse AWS API Documentation # class DescribeHubResponse < Struct.new( :hub_arn, :subscribed_at, :auto_enable_controls) SENSITIVE = [] include Aws::Structure end # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationRequest AWS API Documentation # class DescribeOrganizationConfigurationRequest < Aws::EmptyStructure; end # @!attribute [rw] auto_enable # Whether to automatically enable Security Hub for new accounts in the # organization. # # If set to `true`, then Security Hub is enabled for new accounts. If # set to false, then new accounts are not added automatically. # @return [Boolean] # # @!attribute [rw] member_account_limit_reached # Whether the maximum number of allowed member accounts are already # associated with the Security Hub administrator account. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeOrganizationConfigurationResponse AWS API Documentation # class DescribeOrganizationConfigurationResponse < Struct.new( :auto_enable, :member_account_limit_reached) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass DescribeProductsRequest # data as a hash: # # { # next_token: "NextToken", # max_results: 1, # product_arn: "NonEmptyString", # } # # @!attribute [rw] next_token # The token that is required for pagination. On your first call to the # `DescribeProducts` operation, set the value of this parameter to # `NULL`. # # For subsequent calls to the operation, to continue listing data, set # the value of this parameter to the value returned from the previous # response. # @return [String] # # @!attribute [rw] max_results # The maximum number of results to return. # @return [Integer] # # @!attribute [rw] product_arn # The ARN of the integration to return. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeProductsRequest AWS API Documentation # class DescribeProductsRequest < Struct.new( :next_token, :max_results, :product_arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] products # A list of products, including details for each product. # @return [Array] # # @!attribute [rw] next_token # The pagination token to use to request the next page of results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeProductsResponse AWS API Documentation # class DescribeProductsResponse < Struct.new( :products, :next_token) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass DescribeStandardsControlsRequest # data as a hash: # # { # standards_subscription_arn: "NonEmptyString", # required # next_token: "NextToken", # max_results: 1, # } # # @!attribute [rw] standards_subscription_arn # The ARN of a resource that represents your subscription to a # supported standard. To get the subscription ARNs of the standards # you have enabled, use the `GetEnabledStandards` operation. # @return [String] # # @!attribute [rw] next_token # The token that is required for pagination. On your first call to the # `DescribeStandardsControls` operation, set the value of this # parameter to `NULL`. # # For subsequent calls to the operation, to continue listing data, set # the value of this parameter to the value returned from the previous # response. # @return [String] # # @!attribute [rw] max_results # The maximum number of security standard controls to return. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeStandardsControlsRequest AWS API Documentation # class DescribeStandardsControlsRequest < Struct.new( :standards_subscription_arn, :next_token, :max_results) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] controls # A list of security standards controls. # @return [Array] # # @!attribute [rw] next_token # The pagination token to use to request the next page of results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeStandardsControlsResponse AWS API Documentation # class DescribeStandardsControlsResponse < Struct.new( :controls, :next_token) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass DescribeStandardsRequest # data as a hash: # # { # next_token: "NextToken", # max_results: 1, # } # # @!attribute [rw] next_token # The token that is required for pagination. On your first call to the # `DescribeStandards` operation, set the value of this parameter to # `NULL`. # # For subsequent calls to the operation, to continue listing data, set # the value of this parameter to the value returned from the previous # response. # @return [String] # # @!attribute [rw] max_results # The maximum number of standards to return. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeStandardsRequest AWS API Documentation # class DescribeStandardsRequest < Struct.new( :next_token, :max_results) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] standards # A list of available standards. # @return [Array] # # @!attribute [rw] next_token # The pagination token to use to request the next page of results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DescribeStandardsResponse AWS API Documentation # class DescribeStandardsResponse < Struct.new( :standards, :next_token) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass DisableImportFindingsForProductRequest # data as a hash: # # { # product_subscription_arn: "NonEmptyString", # required # } # # @!attribute [rw] product_subscription_arn # The ARN of the integrated product to disable the integration for. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableImportFindingsForProductRequest AWS API Documentation # class DisableImportFindingsForProductRequest < Struct.new( :product_subscription_arn) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableImportFindingsForProductResponse AWS API Documentation # class DisableImportFindingsForProductResponse < Aws::EmptyStructure; end # @note When making an API call, you may pass DisableOrganizationAdminAccountRequest # data as a hash: # # { # admin_account_id: "NonEmptyString", # required # } # # @!attribute [rw] admin_account_id # The Amazon Web Services account identifier of the Security Hub # administrator account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccountRequest AWS API Documentation # class DisableOrganizationAdminAccountRequest < Struct.new( :admin_account_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableOrganizationAdminAccountResponse AWS API Documentation # class DisableOrganizationAdminAccountResponse < Aws::EmptyStructure; end # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableSecurityHubRequest AWS API Documentation # class DisableSecurityHubRequest < Aws::EmptyStructure; end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisableSecurityHubResponse AWS API Documentation # class DisableSecurityHubResponse < Aws::EmptyStructure; end # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromAdministratorAccountRequest AWS API Documentation # class DisassociateFromAdministratorAccountRequest < Aws::EmptyStructure; end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromAdministratorAccountResponse AWS API Documentation # class DisassociateFromAdministratorAccountResponse < Aws::EmptyStructure; end # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromMasterAccountRequest AWS API Documentation # class DisassociateFromMasterAccountRequest < Aws::EmptyStructure; end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromMasterAccountResponse AWS API Documentation # class DisassociateFromMasterAccountResponse < Aws::EmptyStructure; end # @note When making an API call, you may pass DisassociateMembersRequest # data as a hash: # # { # account_ids: ["NonEmptyString"], # required # } # # @!attribute [rw] account_ids # The account IDs of the member accounts to disassociate from the # administrator account. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateMembersRequest AWS API Documentation # class DisassociateMembersRequest < Struct.new( :account_ids) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateMembersResponse AWS API Documentation # class DisassociateMembersResponse < Aws::EmptyStructure; end # Provided if `ActionType` is `DNS_REQUEST`. It provides details about # the DNS request that was detected. # # @note When making an API call, you may pass DnsRequestAction # data as a hash: # # { # domain: "NonEmptyString", # protocol: "NonEmptyString", # blocked: false, # } # # @!attribute [rw] domain # The DNS domain that is associated with the DNS request. # @return [String] # # @!attribute [rw] protocol # The protocol that was used for the DNS request. # @return [String] # # @!attribute [rw] blocked # Indicates whether the DNS request was blocked. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DnsRequestAction AWS API Documentation # class DnsRequestAction < Struct.new( :domain, :protocol, :blocked) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass EnableImportFindingsForProductRequest # data as a hash: # # { # product_arn: "NonEmptyString", # required # } # # @!attribute [rw] product_arn # The ARN of the product to enable the integration for. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableImportFindingsForProductRequest AWS API Documentation # class EnableImportFindingsForProductRequest < Struct.new( :product_arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] product_subscription_arn # The ARN of your subscription to the product to enable integrations # for. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableImportFindingsForProductResponse AWS API Documentation # class EnableImportFindingsForProductResponse < Struct.new( :product_subscription_arn) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass EnableOrganizationAdminAccountRequest # data as a hash: # # { # admin_account_id: "NonEmptyString", # required # } # # @!attribute [rw] admin_account_id # The Amazon Web Services account identifier of the account to # designate as the Security Hub administrator account. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountRequest AWS API Documentation # class EnableOrganizationAdminAccountRequest < Struct.new( :admin_account_id) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableOrganizationAdminAccountResponse AWS API Documentation # class EnableOrganizationAdminAccountResponse < Aws::EmptyStructure; end # @note When making an API call, you may pass EnableSecurityHubRequest # data as a hash: # # { # tags: { # "TagKey" => "TagValue", # }, # enable_default_standards: false, # } # # @!attribute [rw] tags # The tags to add to the hub resource when you enable Security Hub. # @return [Hash] # # @!attribute [rw] enable_default_standards # Whether to enable the security standards that Security Hub has # designated as automatically enabled. If you do not provide a value # for `EnableDefaultStandards`, it is set to `true`. To not enable the # automatically enabled standards, set `EnableDefaultStandards` to # `false`. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubRequest AWS API Documentation # class EnableSecurityHubRequest < Struct.new( :tags, :enable_default_standards) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/EnableSecurityHubResponse AWS API Documentation # class EnableSecurityHubResponse < Aws::EmptyStructure; end # A finding aggregator. A finding aggregator contains the configuration # for finding aggregation. # # @!attribute [rw] finding_aggregator_arn # The ARN of the finding aggregator. You use the finding aggregator # ARN to retrieve details for, update, and delete the finding # aggregator. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FindingAggregator AWS API Documentation # class FindingAggregator < Struct.new( :finding_aggregator_arn) SENSITIVE = [] include Aws::Structure end # In a `BatchImportFindings` request, finding providers use # `FindingProviderFields` to provide and update values for confidence, # criticality, related findings, severity, and types. # # @note When making an API call, you may pass FindingProviderFields # data as a hash: # # { # confidence: 1, # criticality: 1, # related_findings: [ # { # product_arn: "NonEmptyString", # required # id: "NonEmptyString", # required # }, # ], # severity: { # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL # original: "NonEmptyString", # }, # types: ["NonEmptyString"], # } # # @!attribute [rw] confidence # A finding's confidence. Confidence is defined as the likelihood # that a finding accurately identifies the behavior or issue that it # was intended to identify. # # Confidence is scored on a 0-100 basis using a ratio scale, where 0 # means zero percent confidence and 100 means 100 percent confidence. # @return [Integer] # # @!attribute [rw] criticality # The level of importance assigned to the resources associated with # the finding. # # A score of 0 means that the underlying resources have no # criticality, and a score of 100 is reserved for the most critical # resources. # @return [Integer] # # @!attribute [rw] related_findings # A list of findings that are related to the current finding. # @return [Array] # # @!attribute [rw] severity # The severity of a finding. # @return [Types::FindingProviderSeverity] # # @!attribute [rw] types # One or more finding types in the format of # `namespace/category/classifier` that classify a finding. # # Valid namespace values are: Software and Configuration Checks \| # TTPs \| Effects \| Unusual Behaviors \| Sensitive Data # Identifications # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FindingProviderFields AWS API Documentation # class FindingProviderFields < Struct.new( :confidence, :criticality, :related_findings, :severity, :types) SENSITIVE = [] include Aws::Structure end # The severity assigned to the finding by the finding provider. # # @note When making an API call, you may pass FindingProviderSeverity # data as a hash: # # { # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL # original: "NonEmptyString", # } # # @!attribute [rw] label # The severity label assigned to the finding by the finding provider. # @return [String] # # @!attribute [rw] original # The finding provider's original value for the severity. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FindingProviderSeverity AWS API Documentation # class FindingProviderSeverity < Struct.new( :label, :original) SENSITIVE = [] include Aws::Structure end # Defines the behavior of the firewall. # # @note When making an API call, you may pass FirewallPolicyDetails # data as a hash: # # { # stateful_rule_group_references: [ # { # resource_arn: "NonEmptyString", # }, # ], # stateless_custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_default_actions: ["NonEmptyString"], # stateless_fragment_default_actions: ["NonEmptyString"], # stateless_rule_group_references: [ # { # priority: 1, # resource_arn: "NonEmptyString", # }, # ], # } # # @!attribute [rw] stateful_rule_group_references # The stateful rule groups that are used in the firewall policy. # @return [Array] # # @!attribute [rw] stateless_custom_actions # The custom action definitions that are available to use in the # firewall policy's `StatelessDefaultActions` setting. # @return [Array] # # @!attribute [rw] stateless_default_actions # The actions to take on a packet if it doesn't match any of the # stateless rules in the policy. # # You must specify a standard action (`aws:pass`, `aws:drop`, # `aws:forward_to_sfe`), and can optionally include a custom action # from `StatelessCustomActions`. # @return [Array] # # @!attribute [rw] stateless_fragment_default_actions # The actions to take on a fragmented UDP packet if it doesn't match # any of the stateless rules in the policy. # # You must specify a standard action (`aws:pass`, `aws:drop`, # `aws:forward_to_sfe`), and can optionally include a custom action # from `StatelessCustomActions`. # @return [Array] # # @!attribute [rw] stateless_rule_group_references # The stateless rule groups that are used in the firewall policy. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyDetails AWS API Documentation # class FirewallPolicyDetails < Struct.new( :stateful_rule_group_references, :stateless_custom_actions, :stateless_default_actions, :stateless_fragment_default_actions, :stateless_rule_group_references) SENSITIVE = [] include Aws::Structure end # A stateful rule group that is used by the firewall policy. # # @note When making an API call, you may pass FirewallPolicyStatefulRuleGroupReferencesDetails # data as a hash: # # { # resource_arn: "NonEmptyString", # } # # @!attribute [rw] resource_arn # The ARN of the stateful rule group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatefulRuleGroupReferencesDetails AWS API Documentation # class FirewallPolicyStatefulRuleGroupReferencesDetails < Struct.new( :resource_arn) SENSITIVE = [] include Aws::Structure end # A custom action that can be used for stateless packet handling. # # @note When making an API call, you may pass FirewallPolicyStatelessCustomActionsDetails # data as a hash: # # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # } # # @!attribute [rw] action_definition # The definition of the custom action. # @return [Types::StatelessCustomActionDefinition] # # @!attribute [rw] action_name # The name of the custom action. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatelessCustomActionsDetails AWS API Documentation # class FirewallPolicyStatelessCustomActionsDetails < Struct.new( :action_definition, :action_name) SENSITIVE = [] include Aws::Structure end # A stateless rule group that is used by the firewall policy. # # @note When making an API call, you may pass FirewallPolicyStatelessRuleGroupReferencesDetails # data as a hash: # # { # priority: 1, # resource_arn: "NonEmptyString", # } # # @!attribute [rw] priority # The order in which to run the stateless rule group. # @return [Integer] # # @!attribute [rw] resource_arn # The ARN of the stateless rule group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/FirewallPolicyStatelessRuleGroupReferencesDetails AWS API Documentation # class FirewallPolicyStatelessRuleGroupReferencesDetails < Struct.new( :priority, :resource_arn) SENSITIVE = [] include Aws::Structure end # Provides the latitude and longitude coordinates of a location. # # @note When making an API call, you may pass GeoLocation # data as a hash: # # { # lon: 1.0, # lat: 1.0, # } # # @!attribute [rw] lon # The longitude of the location. # @return [Float] # # @!attribute [rw] lat # The latitude of the location. # @return [Float] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GeoLocation AWS API Documentation # class GeoLocation < Struct.new( :lon, :lat) SENSITIVE = [] include Aws::Structure end # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetAdministratorAccountRequest AWS API Documentation # class GetAdministratorAccountRequest < Aws::EmptyStructure; end # @!attribute [rw] administrator # Details about an invitation. # @return [Types::Invitation] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetAdministratorAccountResponse AWS API Documentation # class GetAdministratorAccountResponse < Struct.new( :administrator) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass GetEnabledStandardsRequest # data as a hash: # # { # standards_subscription_arns: ["NonEmptyString"], # next_token: "NextToken", # max_results: 1, # } # # @!attribute [rw] standards_subscription_arns # The list of the standards subscription ARNs for the standards to # retrieve. # @return [Array] # # @!attribute [rw] next_token # The token that is required for pagination. On your first call to the # `GetEnabledStandards` operation, set the value of this parameter to # `NULL`. # # For subsequent calls to the operation, to continue listing data, set # the value of this parameter to the value returned from the previous # response. # @return [String] # # @!attribute [rw] max_results # The maximum number of results to return in the response. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetEnabledStandardsRequest AWS API Documentation # class GetEnabledStandardsRequest < Struct.new( :standards_subscription_arns, :next_token, :max_results) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] standards_subscriptions # The list of `StandardsSubscriptions` objects that include # information about the enabled standards. # @return [Array] # # @!attribute [rw] next_token # The pagination token to use to request the next page of results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetEnabledStandardsResponse AWS API Documentation # class GetEnabledStandardsResponse < Struct.new( :standards_subscriptions, :next_token) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass GetFindingAggregatorRequest # data as a hash: # # { # finding_aggregator_arn: "NonEmptyString", # required # } # # @!attribute [rw] finding_aggregator_arn # The ARN of the finding aggregator to return details for. To obtain # the ARN, use `ListFindingAggregators`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindingAggregatorRequest AWS API Documentation # class GetFindingAggregatorRequest < Struct.new( :finding_aggregator_arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] finding_aggregator_arn # The ARN of the finding aggregator. # @return [String] # # @!attribute [rw] finding_aggregation_region # The aggregation Region. # @return [String] # # @!attribute [rw] region_linking_mode # Indicates whether to link all Regions, all Regions except for a list # of excluded Regions, or a list of included Regions. # @return [String] # # @!attribute [rw] regions # The list of excluded Regions or included Regions. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindingAggregatorResponse AWS API Documentation # class GetFindingAggregatorResponse < Struct.new( :finding_aggregator_arn, :finding_aggregation_region, :region_linking_mode, :regions) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass GetFindingsRequest # data as a hash: # # { # filters: { # product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # aws_account_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # generator_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # region: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # first_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # last_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # created_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # updated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # severity_product: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # severity_normalized: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # severity_label: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # title: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # description: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # recommendation_text: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # source_url: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # product_fields: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # product_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # company_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # user_defined_fields: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # malware_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_path: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_direction: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_protocol: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_source_ip_v4: [ # { # cidr: "NonEmptyString", # }, # ], # network_source_ip_v6: [ # { # cidr: "NonEmptyString", # }, # ], # network_source_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # network_source_domain: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_source_mac: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_destination_ip_v4: [ # { # cidr: "NonEmptyString", # }, # ], # network_destination_ip_v6: [ # { # cidr: "NonEmptyString", # }, # ], # network_destination_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # network_destination_domain: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_path: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # process_parent_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # process_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # process_terminated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # threat_intel_indicator_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_value: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_category: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_last_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # threat_intel_indicator_source: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_source_url: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_partition: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_region: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_tags: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # resource_aws_ec2_instance_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_image_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_ip_v4_addresses: [ # { # cidr: "NonEmptyString", # }, # ], # resource_aws_ec2_instance_ip_v6_addresses: [ # { # cidr: "NonEmptyString", # }, # ], # resource_aws_ec2_instance_key_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_iam_instance_profile_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_vpc_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_subnet_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_aws_s3_bucket_owner_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_s3_bucket_owner_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_user_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_principal_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_created_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_aws_iam_user_user_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_image_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_image_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_details_other: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # compliance_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # verification_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # workflow_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # workflow_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # record_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # related_findings_product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # related_findings_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # note_text: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # note_updated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # note_updated_by: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # keyword: [ # { # value: "NonEmptyString", # }, # ], # finding_provider_fields_confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # finding_provider_fields_criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # finding_provider_fields_related_findings_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_related_findings_product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_severity_label: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_severity_original: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_types: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # sample: [ # { # value: false, # }, # ], # }, # sort_criteria: [ # { # field: "NonEmptyString", # sort_order: "asc", # accepts asc, desc # }, # ], # next_token: "NextToken", # max_results: 1, # } # # @!attribute [rw] filters # The finding attributes used to define a condition to filter the # returned findings. # # You can filter by up to 10 finding attributes. For each attribute, # you can provide up to 20 filter values. # # Note that in the available filter fields, `WorkflowState` is # deprecated. To search for a finding based on its workflow status, # use `WorkflowStatus`. # @return [Types::AwsSecurityFindingFilters] # # @!attribute [rw] sort_criteria # The finding attributes used to sort the list of returned findings. # @return [Array] # # @!attribute [rw] next_token # The token that is required for pagination. On your first call to the # `GetFindings` operation, set the value of this parameter to `NULL`. # # For subsequent calls to the operation, to continue listing data, set # the value of this parameter to the value returned from the previous # response. # @return [String] # # @!attribute [rw] max_results # The maximum number of findings to return. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindingsRequest AWS API Documentation # class GetFindingsRequest < Struct.new( :filters, :sort_criteria, :next_token, :max_results) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] findings # The findings that matched the filters specified in the request. # @return [Array] # # @!attribute [rw] next_token # The pagination token to use to request the next page of results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetFindingsResponse AWS API Documentation # class GetFindingsResponse < Struct.new( :findings, :next_token) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass GetInsightResultsRequest # data as a hash: # # { # insight_arn: "NonEmptyString", # required # } # # @!attribute [rw] insight_arn # The ARN of the insight for which to return results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsightResultsRequest AWS API Documentation # class GetInsightResultsRequest < Struct.new( :insight_arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] insight_results # The insight results returned by the operation. # @return [Types::InsightResults] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsightResultsResponse AWS API Documentation # class GetInsightResultsResponse < Struct.new( :insight_results) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass GetInsightsRequest # data as a hash: # # { # insight_arns: ["NonEmptyString"], # next_token: "NextToken", # max_results: 1, # } # # @!attribute [rw] insight_arns # The ARNs of the insights to describe. If you do not provide any # insight ARNs, then `GetInsights` returns all of your custom # insights. It does not return any managed insights. # @return [Array] # # @!attribute [rw] next_token # The token that is required for pagination. On your first call to the # `GetInsights` operation, set the value of this parameter to `NULL`. # # For subsequent calls to the operation, to continue listing data, set # the value of this parameter to the value returned from the previous # response. # @return [String] # # @!attribute [rw] max_results # The maximum number of items to return in the response. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsightsRequest AWS API Documentation # class GetInsightsRequest < Struct.new( :insight_arns, :next_token, :max_results) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] insights # The insights returned by the operation. # @return [Array] # # @!attribute [rw] next_token # The pagination token to use to request the next page of results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInsightsResponse AWS API Documentation # class GetInsightsResponse < Struct.new( :insights, :next_token) SENSITIVE = [] include Aws::Structure end # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInvitationsCountRequest AWS API Documentation # class GetInvitationsCountRequest < Aws::EmptyStructure; end # @!attribute [rw] invitations_count # The number of all membership invitations sent to this Security Hub # member account, not including the currently accepted invitation. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetInvitationsCountResponse AWS API Documentation # class GetInvitationsCountResponse < Struct.new( :invitations_count) SENSITIVE = [] include Aws::Structure end # @api private # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetMasterAccountRequest AWS API Documentation # class GetMasterAccountRequest < Aws::EmptyStructure; end # @!attribute [rw] master # A list of details about the Security Hub administrator account for # the current member account. # @return [Types::Invitation] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetMasterAccountResponse AWS API Documentation # class GetMasterAccountResponse < Struct.new( :master) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass GetMembersRequest # data as a hash: # # { # account_ids: ["NonEmptyString"], # required # } # # @!attribute [rw] account_ids # The list of account IDs for the Security Hub member accounts to # return the details for. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetMembersRequest AWS API Documentation # class GetMembersRequest < Struct.new( :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] members # The list of details about the Security Hub member accounts. # @return [Array] # # @!attribute [rw] unprocessed_accounts # The list of Amazon Web Services accounts that could not be # processed. For each account, the list includes the account ID and # the email address. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetMembersResponse AWS API Documentation # class GetMembersResponse < Struct.new( :members, :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # An Internet Control Message Protocol (ICMP) type and code. # # @note When making an API call, you may pass IcmpTypeCode # data as a hash: # # { # code: 1, # type: 1, # } # # @!attribute [rw] code # The ICMP code for which to deny or allow access. To deny or allow # all codes, use the value -1. # @return [Integer] # # @!attribute [rw] type # The ICMP type for which to deny or allow access. To deny or allow # all types, use the value -1. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IcmpTypeCode AWS API Documentation # class IcmpTypeCode < Struct.new( :code, :type) SENSITIVE = [] include Aws::Structure end # The list of the findings that cannot be imported. For each finding, # the list provides the error. # # @!attribute [rw] id # The identifier of the finding that could not be updated. # @return [String] # # @!attribute [rw] error_code # The code of the error returned by the `BatchImportFindings` # operation. # @return [String] # # @!attribute [rw] error_message # The message of the error returned by the `BatchImportFindings` # operation. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ImportFindingsError AWS API Documentation # class ImportFindingsError < Struct.new( :id, :error_code, :error_message) SENSITIVE = [] include Aws::Structure end # Contains information about a Security Hub insight. # # @!attribute [rw] insight_arn # The ARN of a Security Hub insight. # @return [String] # # @!attribute [rw] name # The name of a Security Hub insight. # @return [String] # # @!attribute [rw] filters # One or more attributes used to filter the findings included in the # insight. The insight only includes findings that match the criteria # defined in the filters. # @return [Types::AwsSecurityFindingFilters] # # @!attribute [rw] group_by_attribute # The grouping attribute for the insight's findings. Indicates how to # group the matching findings, and identifies the type of item that # the insight applies to. For example, if an insight is grouped by # resource identifier, then the insight produces a list of resource # identifiers. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Insight AWS API Documentation # class Insight < Struct.new( :insight_arn, :name, :filters, :group_by_attribute) SENSITIVE = [] include Aws::Structure end # The insight result values returned by the `GetInsightResults` # operation. # # @!attribute [rw] group_by_attribute_value # The value of the attribute that the findings are grouped by for the # insight whose results are returned by the `GetInsightResults` # operation. # @return [String] # # @!attribute [rw] count # The number of findings returned for each `GroupByAttributeValue`. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/InsightResultValue AWS API Documentation # class InsightResultValue < Struct.new( :group_by_attribute_value, :count) SENSITIVE = [] include Aws::Structure end # The insight results returned by the `GetInsightResults` operation. # # @!attribute [rw] insight_arn # The ARN of the insight whose results are returned by the # `GetInsightResults` operation. # @return [String] # # @!attribute [rw] group_by_attribute # The attribute that the findings are grouped by for the insight whose # results are returned by the `GetInsightResults` operation. # @return [String] # # @!attribute [rw] result_values # The list of insight result values returned by the # `GetInsightResults` operation. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/InsightResults AWS API Documentation # class InsightResults < Struct.new( :insight_arn, :group_by_attribute, :result_values) SENSITIVE = [] include Aws::Structure end # Internal server error. # # @!attribute [rw] message # @return [String] # # @!attribute [rw] code # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/InternalException AWS API Documentation # class InternalException < Struct.new( :message, :code) SENSITIVE = [] include Aws::Structure end # There is an issue with the account used to make the request. Either # Security Hub is not enabled for the account, or the account does not # have permission to perform this action. # # @!attribute [rw] message # @return [String] # # @!attribute [rw] code # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/InvalidAccessException AWS API Documentation # class InvalidAccessException < Struct.new( :message, :code) SENSITIVE = [] include Aws::Structure end # The request was rejected because you supplied an invalid or # out-of-range value for an input parameter. # # @!attribute [rw] message # @return [String] # # @!attribute [rw] code # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/InvalidInputException AWS API Documentation # class InvalidInputException < Struct.new( :message, :code) SENSITIVE = [] include Aws::Structure end # Details about an invitation. # # @!attribute [rw] account_id # The account ID of the Security Hub administrator account that the # invitation was sent from. # @return [String] # # @!attribute [rw] invitation_id # The ID of the invitation sent to the member account. # @return [String] # # @!attribute [rw] invited_at # The timestamp of when the invitation was sent. # @return [Time] # # @!attribute [rw] member_status # The current status of the association between the member and # administrator accounts. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Invitation AWS API Documentation # class Invitation < Struct.new( :account_id, :invitation_id, :invited_at, :member_status) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass InviteMembersRequest # data as a hash: # # { # account_ids: ["NonEmptyString"], # required # } # # @!attribute [rw] account_ids # The list of account IDs of the Amazon Web Services accounts to # invite to Security Hub as members. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/InviteMembersRequest AWS API Documentation # class InviteMembersRequest < Struct.new( :account_ids) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] unprocessed_accounts # The list of Amazon Web Services accounts that could not be # processed. For each account, the list includes the account ID and # the email address. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/InviteMembersResponse AWS API Documentation # class InviteMembersResponse < Struct.new( :unprocessed_accounts) SENSITIVE = [] include Aws::Structure end # The IP filter for querying findings. # # @note When making an API call, you may pass IpFilter # data as a hash: # # { # cidr: "NonEmptyString", # } # # @!attribute [rw] cidr # A finding's CIDR value. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IpFilter AWS API Documentation # class IpFilter < Struct.new( :cidr) SENSITIVE = [] include Aws::Structure end # Provides information about an internet provider. # # @note When making an API call, you may pass IpOrganizationDetails # data as a hash: # # { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # } # # @!attribute [rw] asn # The Autonomous System Number (ASN) of the internet provider # @return [Integer] # # @!attribute [rw] asn_org # The name of the organization that registered the ASN. # @return [String] # # @!attribute [rw] isp # The ISP information for the internet provider. # @return [String] # # @!attribute [rw] org # The name of the internet provider. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/IpOrganizationDetails AWS API Documentation # class IpOrganizationDetails < Struct.new( :asn, :asn_org, :isp, :org) SENSITIVE = [] include Aws::Structure end # An IPV6 CIDR block association. # # @note When making an API call, you may pass Ipv6CidrBlockAssociation # data as a hash: # # { # association_id: "NonEmptyString", # ipv_6_cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # } # # @!attribute [rw] association_id # The association ID for the IPv6 CIDR block. # @return [String] # # @!attribute [rw] ipv_6_cidr_block # The IPv6 CIDR block. # @return [String] # # @!attribute [rw] cidr_block_state # Information about the state of the CIDR block. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Ipv6CidrBlockAssociation AWS API Documentation # class Ipv6CidrBlockAssociation < Struct.new( :association_id, :ipv_6_cidr_block, :cidr_block_state) SENSITIVE = [] include Aws::Structure end # A keyword filter for querying findings. # # @note When making an API call, you may pass KeywordFilter # data as a hash: # # { # value: "NonEmptyString", # } # # @!attribute [rw] value # A value for the keyword. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/KeywordFilter AWS API Documentation # class KeywordFilter < Struct.new( :value) SENSITIVE = [] include Aws::Structure end # The request was rejected because it attempted to create resources # beyond the current Amazon Web Services account or throttling limits. # The error code describes the limit exceeded. # # @!attribute [rw] message # @return [String] # # @!attribute [rw] code # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/LimitExceededException AWS API Documentation # class LimitExceededException < Struct.new( :message, :code) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass ListEnabledProductsForImportRequest # data as a hash: # # { # next_token: "NextToken", # max_results: 1, # } # # @!attribute [rw] next_token # The token that is required for pagination. On your first call to the # `ListEnabledProductsForImport` operation, set the value of this # parameter to `NULL`. # # For subsequent calls to the operation, to continue listing data, set # the value of this parameter to the value returned from the previous # response. # @return [String] # # @!attribute [rw] max_results # The maximum number of items to return in the response. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListEnabledProductsForImportRequest AWS API Documentation # class ListEnabledProductsForImportRequest < Struct.new( :next_token, :max_results) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] product_subscriptions # The list of ARNs for the resources that represent your subscriptions # to products. # @return [Array] # # @!attribute [rw] next_token # The pagination token to use to request the next page of results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListEnabledProductsForImportResponse AWS API Documentation # class ListEnabledProductsForImportResponse < Struct.new( :product_subscriptions, :next_token) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass ListFindingAggregatorsRequest # data as a hash: # # { # next_token: "NextToken", # max_results: 1, # } # # @!attribute [rw] next_token # The token returned with the previous set of results. Identifies the # next set of results to return. # @return [String] # # @!attribute [rw] max_results # The maximum number of results to return. This operation currently # only returns a single result. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListFindingAggregatorsRequest AWS API Documentation # class ListFindingAggregatorsRequest < Struct.new( :next_token, :max_results) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] finding_aggregators # The list of finding aggregators. This operation currently only # returns a single result. # @return [Array] # # @!attribute [rw] next_token # If there are more results, this is the token to provide in the next # call to `ListFindingAggregators`. # # This operation currently only returns a single result. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListFindingAggregatorsResponse AWS API Documentation # class ListFindingAggregatorsResponse < Struct.new( :finding_aggregators, :next_token) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass ListInvitationsRequest # data as a hash: # # { # max_results: 1, # next_token: "NextToken", # } # # @!attribute [rw] max_results # The maximum number of items to return in the response. # @return [Integer] # # @!attribute [rw] next_token # The token that is required for pagination. On your first call to the # `ListInvitations` operation, set the value of this parameter to # `NULL`. # # For subsequent calls to the operation, to continue listing data, set # the value of this parameter to the value returned from the previous # response. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListInvitationsRequest AWS API Documentation # class ListInvitationsRequest < Struct.new( :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] invitations # The details of the invitations returned by the operation. # @return [Array] # # @!attribute [rw] next_token # The pagination token to use to request the next page of results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListInvitationsResponse AWS API Documentation # class ListInvitationsResponse < Struct.new( :invitations, :next_token) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass ListMembersRequest # data as a hash: # # { # only_associated: false, # max_results: 1, # next_token: "NextToken", # } # # @!attribute [rw] only_associated # Specifies which member accounts to include in the response based on # their relationship status with the administrator account. The # default value is `TRUE`. # # If `OnlyAssociated` is set to `TRUE`, the response includes member # accounts whose relationship status with the administrator account is # set to `ENABLED`. # # If `OnlyAssociated` is set to `FALSE`, the response includes all # existing member accounts. # @return [Boolean] # # @!attribute [rw] max_results # The maximum number of items to return in the response. # @return [Integer] # # @!attribute [rw] next_token # The token that is required for pagination. On your first call to the # `ListMembers` operation, set the value of this parameter to `NULL`. # # For subsequent calls to the operation, to continue listing data, set # the value of this parameter to the value returned from the previous # response. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListMembersRequest AWS API Documentation # class ListMembersRequest < Struct.new( :only_associated, :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] members # Member details returned by the operation. # @return [Array] # # @!attribute [rw] next_token # The pagination token to use to request the next page of results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListMembersResponse AWS API Documentation # class ListMembersResponse < Struct.new( :members, :next_token) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass ListOrganizationAdminAccountsRequest # data as a hash: # # { # max_results: 1, # next_token: "NextToken", # } # # @!attribute [rw] max_results # The maximum number of items to return in the response. # @return [Integer] # # @!attribute [rw] next_token # The token that is required for pagination. On your first call to the # `ListOrganizationAdminAccounts` operation, set the value of this # parameter to `NULL`. For subsequent calls to the operation, to # continue listing data, set the value of this parameter to the value # returned from the previous response. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccountsRequest AWS API Documentation # class ListOrganizationAdminAccountsRequest < Struct.new( :max_results, :next_token) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] admin_accounts # The list of Security Hub administrator accounts. # @return [Array] # # @!attribute [rw] next_token # The pagination token to use to request the next page of results. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListOrganizationAdminAccountsResponse AWS API Documentation # class ListOrganizationAdminAccountsResponse < Struct.new( :admin_accounts, :next_token) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass ListTagsForResourceRequest # data as a hash: # # { # resource_arn: "ResourceArn", # required # } # # @!attribute [rw] resource_arn # The ARN of the resource to retrieve tags for. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListTagsForResourceRequest AWS API Documentation # class ListTagsForResourceRequest < Struct.new( :resource_arn) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] tags # The tags associated with a resource. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListTagsForResourceResponse AWS API Documentation # class ListTagsForResourceResponse < Struct.new( :tags) SENSITIVE = [] include Aws::Structure end # Information about the state of the load balancer. # # @note When making an API call, you may pass LoadBalancerState # data as a hash: # # { # code: "NonEmptyString", # reason: "NonEmptyString", # } # # @!attribute [rw] code # The state code. The initial state of the load balancer is # provisioning. # # After the load balancer is fully set up and ready to route traffic, # its state is active. # # If the load balancer could not be set up, its state is failed. # @return [String] # # @!attribute [rw] reason # A description of the state. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/LoadBalancerState AWS API Documentation # class LoadBalancerState < Struct.new( :code, :reason) SENSITIVE = [] include Aws::Structure end # A list of malware related to a finding. # # @note When making an API call, you may pass Malware # data as a hash: # # { # name: "NonEmptyString", # required # type: "ADWARE", # accepts ADWARE, BLENDED_THREAT, BOTNET_AGENT, COIN_MINER, EXPLOIT_KIT, KEYLOGGER, MACRO, POTENTIALLY_UNWANTED, SPYWARE, RANSOMWARE, REMOTE_ACCESS, ROOTKIT, TROJAN, VIRUS, WORM # path: "NonEmptyString", # state: "OBSERVED", # accepts OBSERVED, REMOVAL_FAILED, REMOVED # } # # @!attribute [rw] name # The name of the malware that was observed. # @return [String] # # @!attribute [rw] type # The type of the malware that was observed. # @return [String] # # @!attribute [rw] path # The file system path of the malware that was observed. # @return [String] # # @!attribute [rw] state # The state of the malware that was observed. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Malware AWS API Documentation # class Malware < Struct.new( :name, :type, :path, :state) SENSITIVE = [] include Aws::Structure end # A map filter for querying findings. Each map filter provides the field # to check, the value to look for, and the comparison operator. # # @note When making an API call, you may pass MapFilter # data as a hash: # # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # } # # @!attribute [rw] key # The key of the map filter. For example, for `ResourceTags`, `Key` # identifies the name of the tag. For `UserDefinedFields`, `Key` is # the name of the field. # @return [String] # # @!attribute [rw] value # The value for the key in the map filter. Filter values are case # sensitive. For example, one of the values for a tag called # `Department` might be `Security`. If you provide `security` as the # filter value, then there is no match. # @return [String] # # @!attribute [rw] comparison # The condition to apply to the key value when querying for findings # with a map filter. # # To search for values that exactly match the filter value, use # `EQUALS`. For example, for the `ResourceTags` field, the filter # `Department EQUALS Security` matches findings that have the value # `Security` for the tag `Department`. # # To search for values other than the filter value, use `NOT_EQUALS`. # For example, for the `ResourceTags` field, the filter `Department # NOT_EQUALS Finance` matches findings that do not have the value # `Finance` for the tag `Department`. # # `EQUALS` filters on the same field are joined by `OR`. A finding # matches if it matches any one of those filters. # # `NOT_EQUALS` filters on the same field are joined by `AND`. A # finding matches only if it matches all of those filters. # # You cannot have both an `EQUALS` filter and a `NOT_EQUALS` filter on # the same field. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/MapFilter AWS API Documentation # class MapFilter < Struct.new( :key, :value, :comparison) SENSITIVE = [] include Aws::Structure end # The details about a member account. # # @!attribute [rw] account_id # The Amazon Web Services account ID of the member account. # @return [String] # # @!attribute [rw] email # The email address of the member account. # @return [String] # # @!attribute [rw] master_id # This is replaced by `AdministratorID`. # # The Amazon Web Services account ID of the Security Hub administrator # account associated with this member account. # @return [String] # # @!attribute [rw] administrator_id # The Amazon Web Services account ID of the Security Hub administrator # account associated with this member account. # @return [String] # # @!attribute [rw] member_status # The status of the relationship between the member account and its # administrator account. # # The status can have one of the following values: # # * `CREATED` - Indicates that the administrator account added the # member account, but has not yet invited the member account. # # * `INVITED` - Indicates that the administrator account invited the # member account. The member account has not yet responded to the # invitation. # # * `ENABLED` - Indicates that the member account is currently active. # For manually invited member accounts, indicates that the member # account accepted the invitation. # # * `REMOVED` - Indicates that the administrator account disassociated # the member account. # # * `RESIGNED` - Indicates that the member account disassociated # themselves from the administrator account. # # * `DELETED` - Indicates that the administrator account deleted the # member account. # # * `ACCOUNT_SUSPENDED` - Indicates that an organization account was # suspended from Amazon Web Services at the same time that the # administrator account tried to enable the organization account as # a member account. # @return [String] # # @!attribute [rw] invited_at # A timestamp for the date and time when the invitation was sent to # the member account. # @return [Time] # # @!attribute [rw] updated_at # The timestamp for the date and time when the member account was # updated. # @return [Time] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Member AWS API Documentation # class Member < Struct.new( :account_id, :email, :master_id, :administrator_id, :member_status, :invited_at, :updated_at) SENSITIVE = [] include Aws::Structure end # The details of network-related information about a finding. # # @note When making an API call, you may pass Network # data as a hash: # # { # direction: "IN", # accepts IN, OUT # protocol: "NonEmptyString", # open_port_range: { # begin: 1, # end: 1, # }, # source_ip_v4: "NonEmptyString", # source_ip_v6: "NonEmptyString", # source_port: 1, # source_domain: "NonEmptyString", # source_mac: "NonEmptyString", # destination_ip_v4: "NonEmptyString", # destination_ip_v6: "NonEmptyString", # destination_port: 1, # destination_domain: "NonEmptyString", # } # # @!attribute [rw] direction # The direction of network traffic associated with a finding. # @return [String] # # @!attribute [rw] protocol # The protocol of network-related information about a finding. # @return [String] # # @!attribute [rw] open_port_range # The range of open ports that is present on the network. # @return [Types::PortRange] # # @!attribute [rw] source_ip_v4 # The source IPv4 address of network-related information about a # finding. # @return [String] # # @!attribute [rw] source_ip_v6 # The source IPv6 address of network-related information about a # finding. # @return [String] # # @!attribute [rw] source_port # The source port of network-related information about a finding. # @return [Integer] # # @!attribute [rw] source_domain # The source domain of network-related information about a finding. # @return [String] # # @!attribute [rw] source_mac # The source media access control (MAC) address of network-related # information about a finding. # @return [String] # # @!attribute [rw] destination_ip_v4 # The destination IPv4 address of network-related information about a # finding. # @return [String] # # @!attribute [rw] destination_ip_v6 # The destination IPv6 address of network-related information about a # finding. # @return [String] # # @!attribute [rw] destination_port # The destination port of network-related information about a finding. # @return [Integer] # # @!attribute [rw] destination_domain # The destination domain of network-related information about a # finding. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Network AWS API Documentation # class Network < Struct.new( :direction, :protocol, :open_port_range, :source_ip_v4, :source_ip_v6, :source_port, :source_domain, :source_mac, :destination_ip_v4, :destination_ip_v6, :destination_port, :destination_domain) SENSITIVE = [] include Aws::Structure end # Provided if `ActionType` is `NETWORK_CONNECTION`. It provides details # about the attempted network connection that was detected. # # @note When making an API call, you may pass NetworkConnectionAction # data as a hash: # # { # connection_direction: "NonEmptyString", # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # remote_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # local_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # protocol: "NonEmptyString", # blocked: false, # } # # @!attribute [rw] connection_direction # The direction of the network connection request (`IN` or `OUT`). # @return [String] # # @!attribute [rw] remote_ip_details # Information about the remote IP address that issued the network # connection request. # @return [Types::ActionRemoteIpDetails] # # @!attribute [rw] remote_port_details # Information about the port on the remote IP address. # @return [Types::ActionRemotePortDetails] # # @!attribute [rw] local_port_details # Information about the port on the EC2 instance. # @return [Types::ActionLocalPortDetails] # # @!attribute [rw] protocol # The protocol used to make the network connection request. # @return [String] # # @!attribute [rw] blocked # Indicates whether the network connection attempt was blocked. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkConnectionAction AWS API Documentation # class NetworkConnectionAction < Struct.new( :connection_direction, :remote_ip_details, :remote_port_details, :local_port_details, :protocol, :blocked) SENSITIVE = [] include Aws::Structure end # Details about a network path component that occurs before or after the # current component. # # @note When making an API call, you may pass NetworkHeader # data as a hash: # # { # protocol: "NonEmptyString", # destination: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # source: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # } # # @!attribute [rw] protocol # The protocol used for the component. # @return [String] # # @!attribute [rw] destination # Information about the destination of the component. # @return [Types::NetworkPathComponentDetails] # # @!attribute [rw] source # Information about the origin of the component. # @return [Types::NetworkPathComponentDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkHeader AWS API Documentation # class NetworkHeader < Struct.new( :protocol, :destination, :source) SENSITIVE = [] include Aws::Structure end # Information about a network path component. # # @note When making an API call, you may pass NetworkPathComponent # data as a hash: # # { # component_id: "NonEmptyString", # component_type: "NonEmptyString", # egress: { # protocol: "NonEmptyString", # destination: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # source: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # }, # ingress: { # protocol: "NonEmptyString", # destination: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # source: { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # }, # }, # } # # @!attribute [rw] component_id # The identifier of a component in the network path. # @return [String] # # @!attribute [rw] component_type # The type of component. # @return [String] # # @!attribute [rw] egress # Information about the component that comes after the current # component in the network path. # @return [Types::NetworkHeader] # # @!attribute [rw] ingress # Information about the component that comes before the current node # in the network path. # @return [Types::NetworkHeader] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkPathComponent AWS API Documentation # class NetworkPathComponent < Struct.new( :component_id, :component_type, :egress, :ingress) SENSITIVE = [] include Aws::Structure end # Information about the destination of the next component in the network # path. # # @note When making an API call, you may pass NetworkPathComponentDetails # data as a hash: # # { # address: ["NonEmptyString"], # port_ranges: [ # { # begin: 1, # end: 1, # }, # ], # } # # @!attribute [rw] address # The IP addresses of the destination. # @return [Array] # # @!attribute [rw] port_ranges # A list of port ranges for the destination. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NetworkPathComponentDetails AWS API Documentation # class NetworkPathComponentDetails < Struct.new( :address, :port_ranges) SENSITIVE = [] include Aws::Structure end # A user-defined note added to a finding. # # @note When making an API call, you may pass Note # data as a hash: # # { # text: "NonEmptyString", # required # updated_by: "NonEmptyString", # required # updated_at: "NonEmptyString", # required # } # # @!attribute [rw] text # The text of a note. # @return [String] # # @!attribute [rw] updated_by # The principal that created a note. # @return [String] # # @!attribute [rw] updated_at # The timestamp of when the note was updated. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Note AWS API Documentation # class Note < Struct.new( :text, :updated_by, :updated_at) SENSITIVE = [] include Aws::Structure end # The updated note. # # @note When making an API call, you may pass NoteUpdate # data as a hash: # # { # text: "NonEmptyString", # required # updated_by: "NonEmptyString", # required # } # # @!attribute [rw] text # The updated note text. # @return [String] # # @!attribute [rw] updated_by # The principal that updated the note. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NoteUpdate AWS API Documentation # class NoteUpdate < Struct.new( :text, :updated_by) SENSITIVE = [] include Aws::Structure end # A number filter for querying findings. # # @note When making an API call, you may pass NumberFilter # data as a hash: # # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # } # # @!attribute [rw] gte # The greater-than-equal condition to be applied to a single field # when querying for findings. # @return [Float] # # @!attribute [rw] lte # The less-than-equal condition to be applied to a single field when # querying for findings. # @return [Float] # # @!attribute [rw] eq # The equal-to condition to be applied to a single field when querying # for findings. # @return [Float] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/NumberFilter AWS API Documentation # class NumberFilter < Struct.new( :gte, :lte, :eq) SENSITIVE = [] include Aws::Structure end # The detected occurrences of sensitive data. # # @note When making an API call, you may pass Occurrences # data as a hash: # # { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # } # # @!attribute [rw] line_ranges # Occurrences of sensitive data detected in a non-binary text file or # a Microsoft Word file. Non-binary text files include files such as # HTML, XML, JSON, and TXT files. # @return [Array] # # @!attribute [rw] offset_ranges # Occurrences of sensitive data detected in a binary text file. # @return [Array] # # @!attribute [rw] pages # Occurrences of sensitive data in an Adobe Portable Document Format # (PDF) file. # @return [Array] # # @!attribute [rw] records # Occurrences of sensitive data in an Apache Avro object container or # an Apache Parquet file. # @return [Array] # # @!attribute [rw] cells # Occurrences of sensitive data detected in Microsoft Excel workbooks, # comma-separated value (CSV) files, or tab-separated value (TSV) # files. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Occurrences AWS API Documentation # class Occurrences < Struct.new( :line_ranges, :offset_ranges, :pages, :records, :cells) SENSITIVE = [] include Aws::Structure end # An occurrence of sensitive data in an Adobe Portable Document Format # (PDF) file. # # @note When making an API call, you may pass Page # data as a hash: # # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # } # # @!attribute [rw] page_number # The page number of the page that contains the sensitive data. # @return [Integer] # # @!attribute [rw] line_range # An occurrence of sensitive data detected in a non-binary text file # or a Microsoft Word file. Non-binary text files include files such # as HTML, XML, JSON, and TXT files. # @return [Types::Range] # # @!attribute [rw] offset_range # An occurrence of sensitive data detected in a binary text file. # @return [Types::Range] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Page AWS API Documentation # class Page < Struct.new( :page_number, :line_range, :offset_range) SENSITIVE = [] include Aws::Structure end # Provides an overview of the patch compliance status for an instance # against a selected compliance standard. # # @note When making an API call, you may pass PatchSummary # data as a hash: # # { # id: "NonEmptyString", # required # installed_count: 1, # missing_count: 1, # failed_count: 1, # installed_other_count: 1, # installed_rejected_count: 1, # installed_pending_reboot: 1, # operation_start_time: "NonEmptyString", # operation_end_time: "NonEmptyString", # reboot_option: "NonEmptyString", # operation: "NonEmptyString", # } # # @!attribute [rw] id # The identifier of the compliance standard that was used to determine # the patch compliance status. # @return [String] # # @!attribute [rw] installed_count # The number of patches from the compliance standard that were # installed successfully. # @return [Integer] # # @!attribute [rw] missing_count # The number of patches that are part of the compliance standard but # are not installed. The count includes patches that failed to # install. # @return [Integer] # # @!attribute [rw] failed_count # The number of patches from the compliance standard that failed to # install. # @return [Integer] # # @!attribute [rw] installed_other_count # The number of installed patches that are not part of the compliance # standard. # @return [Integer] # # @!attribute [rw] installed_rejected_count # The number of patches that are installed but are also on a list of # patches that the customer rejected. # @return [Integer] # # @!attribute [rw] installed_pending_reboot # The number of patches that were applied, but that require the # instance to be rebooted in order to be marked as installed. # @return [Integer] # # @!attribute [rw] operation_start_time # Indicates when the operation started. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] operation_end_time # Indicates when the operation completed. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] reboot_option # The reboot option specified for the instance. # @return [String] # # @!attribute [rw] operation # The type of patch operation performed. For Patch Manager, the values # are `SCAN` and `INSTALL`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PatchSummary AWS API Documentation # class PatchSummary < Struct.new( :id, :installed_count, :missing_count, :failed_count, :installed_other_count, :installed_rejected_count, :installed_pending_reboot, :operation_start_time, :operation_end_time, :reboot_option, :operation) SENSITIVE = [] include Aws::Structure end # Provided if `ActionType` is `PORT_PROBE`. It provides details about # the attempted port probe that was detected. # # @note When making an API call, you may pass PortProbeAction # data as a hash: # # { # port_probe_details: [ # { # local_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # local_ip_details: { # ip_address_v4: "NonEmptyString", # }, # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # }, # ], # blocked: false, # } # # @!attribute [rw] port_probe_details # Information about the ports affected by the port probe. # @return [Array] # # @!attribute [rw] blocked # Indicates whether the port probe was blocked. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortProbeAction AWS API Documentation # class PortProbeAction < Struct.new( :port_probe_details, :blocked) SENSITIVE = [] include Aws::Structure end # A port scan that was part of the port probe. For each scan, # PortProbeDetails provides information about the local IP address and # port that were scanned, and the remote IP address that the scan # originated from. # # @note When making an API call, you may pass PortProbeDetail # data as a hash: # # { # local_port_details: { # port: 1, # port_name: "NonEmptyString", # }, # local_ip_details: { # ip_address_v4: "NonEmptyString", # }, # remote_ip_details: { # ip_address_v4: "NonEmptyString", # organization: { # asn: 1, # asn_org: "NonEmptyString", # isp: "NonEmptyString", # org: "NonEmptyString", # }, # country: { # country_code: "NonEmptyString", # country_name: "NonEmptyString", # }, # city: { # city_name: "NonEmptyString", # }, # geo_location: { # lon: 1.0, # lat: 1.0, # }, # }, # } # # @!attribute [rw] local_port_details # Provides information about the port that was scanned. # @return [Types::ActionLocalPortDetails] # # @!attribute [rw] local_ip_details # Provides information about the IP address where the scanned port is # located. # @return [Types::ActionLocalIpDetails] # # @!attribute [rw] remote_ip_details # Provides information about the remote IP address that performed the # scan. # @return [Types::ActionRemoteIpDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortProbeDetail AWS API Documentation # class PortProbeDetail < Struct.new( :local_port_details, :local_ip_details, :remote_ip_details) SENSITIVE = [] include Aws::Structure end # A range of ports. # # @note When making an API call, you may pass PortRange # data as a hash: # # { # begin: 1, # end: 1, # } # # @!attribute [rw] begin # The first port in the port range. # @return [Integer] # # @!attribute [rw] end # The last port in the port range. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortRange AWS API Documentation # class PortRange < Struct.new( :begin, :end) SENSITIVE = [] include Aws::Structure end # A range of ports. # # @note When making an API call, you may pass PortRangeFromTo # data as a hash: # # { # from: 1, # to: 1, # } # # @!attribute [rw] from # The first port in the port range. # @return [Integer] # # @!attribute [rw] to # The last port in the port range. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/PortRangeFromTo AWS API Documentation # class PortRangeFromTo < Struct.new( :from, :to) SENSITIVE = [] include Aws::Structure end # The details of process-related information about a finding. # # @note When making an API call, you may pass ProcessDetails # data as a hash: # # { # name: "NonEmptyString", # path: "NonEmptyString", # pid: 1, # parent_pid: 1, # launched_at: "NonEmptyString", # terminated_at: "NonEmptyString", # } # # @!attribute [rw] name # The name of the process. # @return [String] # # @!attribute [rw] path # The path to the process executable. # @return [String] # # @!attribute [rw] pid # The process ID. # @return [Integer] # # @!attribute [rw] parent_pid # The parent process ID. # @return [Integer] # # @!attribute [rw] launched_at # Indicates when the process was launched. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] terminated_at # Indicates when the process was terminated. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ProcessDetails AWS API Documentation # class ProcessDetails < Struct.new( :name, :path, :pid, :parent_pid, :launched_at, :terminated_at) SENSITIVE = [] include Aws::Structure end # Contains details about a product. # # @!attribute [rw] product_arn # The ARN assigned to the product. # @return [String] # # @!attribute [rw] product_name # The name of the product. # @return [String] # # @!attribute [rw] company_name # The name of the company that provides the product. # @return [String] # # @!attribute [rw] description # A description of the product. # @return [String] # # @!attribute [rw] categories # The categories assigned to the product. # @return [Array] # # @!attribute [rw] integration_types # The types of integration that the product supports. Available values # are the following. # # * `SEND_FINDINGS_TO_SECURITY_HUB` - The integration sends findings # to Security Hub. # # * `RECEIVE_FINDINGS_FROM_SECURITY_HUB` - The integration receives # findings from Security Hub. # # * `UPDATE_FINDINGS_IN_SECURITY_HUB` - The integration does not send # new findings to Security Hub, but does make updates to the # findings that it receives from Security Hub. # @return [Array] # # @!attribute [rw] marketplace_url # For integrations with Amazon Web Services services, the Amazon Web # Services Console URL from which to activate the service. # # For integrations with third-party products, the Amazon Web Services # Marketplace URL from which to subscribe to or purchase the product. # @return [String] # # @!attribute [rw] activation_url # The URL to the service or product documentation about the # integration with Security Hub, including how to activate the # integration. # @return [String] # # @!attribute [rw] product_subscription_resource_policy # The resource policy associated with the product. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Product AWS API Documentation # class Product < Struct.new( :product_arn, :product_name, :company_name, :description, :categories, :integration_types, :marketplace_url, :activation_url, :product_subscription_resource_policy) SENSITIVE = [] include Aws::Structure end # Identifies where the sensitive data begins and ends. # # @note When making an API call, you may pass Range # data as a hash: # # { # start: 1, # end: 1, # start_column: 1, # } # # @!attribute [rw] start # The number of lines (for a line range) or characters (for an offset # range) from the beginning of the file to the end of the sensitive # data. # @return [Integer] # # @!attribute [rw] end # The number of lines (for a line range) or characters (for an offset # range) from the beginning of the file to the end of the sensitive # data. # @return [Integer] # # @!attribute [rw] start_column # In the line where the sensitive data starts, the column within the # line where the sensitive data starts. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Range AWS API Documentation # class Range < Struct.new( :start, :end, :start_column) SENSITIVE = [] include Aws::Structure end # A recommendation on how to remediate the issue identified in a # finding. # # @note When making an API call, you may pass Recommendation # data as a hash: # # { # text: "NonEmptyString", # url: "NonEmptyString", # } # # @!attribute [rw] text # Describes the recommended steps to take to remediate an issue # identified in a finding. # @return [String] # # @!attribute [rw] url # A URL to a page or site that contains information about how to # remediate a finding. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Recommendation AWS API Documentation # class Recommendation < Struct.new( :text, :url) SENSITIVE = [] include Aws::Structure end # An occurrence of sensitive data in an Apache Avro object container or # an Apache Parquet file. # # @note When making an API call, you may pass Record # data as a hash: # # { # json_path: "NonEmptyString", # record_index: 1, # } # # @!attribute [rw] json_path # The path, as a JSONPath expression, to the field in the record that # contains the data. If the field name is longer than 20 characters, # it is truncated. If the path is longer than 250 characters, it is # truncated. # @return [String] # # @!attribute [rw] record_index # The record index, starting from 0, for the record that contains the # data. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Record AWS API Documentation # class Record < Struct.new( :json_path, :record_index) SENSITIVE = [] include Aws::Structure end # Details about a related finding. # # @note When making an API call, you may pass RelatedFinding # data as a hash: # # { # product_arn: "NonEmptyString", # required # id: "NonEmptyString", # required # } # # @!attribute [rw] product_arn # The ARN of the product that generated a related finding. # @return [String] # # @!attribute [rw] id # The product-generated identifier for a related finding. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RelatedFinding AWS API Documentation # class RelatedFinding < Struct.new( :product_arn, :id) SENSITIVE = [] include Aws::Structure end # Details about the remediation steps for a finding. # # @note When making an API call, you may pass Remediation # data as a hash: # # { # recommendation: { # text: "NonEmptyString", # url: "NonEmptyString", # }, # } # # @!attribute [rw] recommendation # A recommendation on the steps to take to remediate the issue # identified by a finding. # @return [Types::Recommendation] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Remediation AWS API Documentation # class Remediation < Struct.new( :recommendation) SENSITIVE = [] include Aws::Structure end # A resource related to a finding. # # @note When making an API call, you may pass Resource # data as a hash: # # { # type: "NonEmptyString", # required # id: "NonEmptyString", # required # partition: "aws", # accepts aws, aws-cn, aws-us-gov # region: "NonEmptyString", # resource_role: "NonEmptyString", # tags: { # "NonEmptyString" => "NonEmptyString", # }, # data_classification: { # detailed_results_location: "NonEmptyString", # result: { # mime_type: "NonEmptyString", # size_classified: 1, # additional_occurrences: false, # status: { # code: "NonEmptyString", # reason: "NonEmptyString", # }, # sensitive_data: [ # { # category: "NonEmptyString", # detections: [ # { # count: 1, # type: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # }, # ], # custom_data_identifiers: { # detections: [ # { # count: 1, # arn: "NonEmptyString", # name: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # }, # }, # }, # details: { # aws_auto_scaling_auto_scaling_group: { # launch_configuration_name: "NonEmptyString", # load_balancer_names: ["NonEmptyString"], # health_check_type: "NonEmptyString", # health_check_grace_period: 1, # created_time: "NonEmptyString", # mixed_instances_policy: { # instances_distribution: { # on_demand_allocation_strategy: "NonEmptyString", # on_demand_base_capacity: 1, # on_demand_percentage_above_base_capacity: 1, # spot_allocation_strategy: "NonEmptyString", # spot_instance_pools: 1, # spot_max_price: "NonEmptyString", # }, # launch_template: { # launch_template_specification: { # launch_template_id: "NonEmptyString", # launch_template_name: "NonEmptyString", # version: "NonEmptyString", # }, # overrides: [ # { # instance_type: "NonEmptyString", # weighted_capacity: "NonEmptyString", # }, # ], # }, # }, # availability_zones: [ # { # value: "NonEmptyString", # }, # ], # }, # aws_code_build_project: { # encryption_key: "NonEmptyString", # artifacts: [ # { # artifact_identifier: "NonEmptyString", # encryption_disabled: false, # location: "NonEmptyString", # name: "NonEmptyString", # namespace_type: "NonEmptyString", # override_artifact_name: false, # packaging: "NonEmptyString", # path: "NonEmptyString", # type: "NonEmptyString", # }, # ], # environment: { # certificate: "NonEmptyString", # environment_variables: [ # { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # privileged_mode: false, # image_pull_credentials_type: "NonEmptyString", # registry_credential: { # credential: "NonEmptyString", # credential_provider: "NonEmptyString", # }, # type: "NonEmptyString", # }, # name: "NonEmptyString", # source: { # type: "NonEmptyString", # location: "NonEmptyString", # git_clone_depth: 1, # insecure_ssl: false, # }, # service_role: "NonEmptyString", # logs_config: { # cloud_watch_logs: { # group_name: "NonEmptyString", # status: "NonEmptyString", # stream_name: "NonEmptyString", # }, # s3_logs: { # encryption_disabled: false, # location: "NonEmptyString", # status: "NonEmptyString", # }, # }, # vpc_config: { # vpc_id: "NonEmptyString", # subnets: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # }, # }, # aws_cloud_front_distribution: { # cache_behaviors: { # items: [ # { # viewer_protocol_policy: "NonEmptyString", # }, # ], # }, # default_cache_behavior: { # viewer_protocol_policy: "NonEmptyString", # }, # default_root_object: "NonEmptyString", # domain_name: "NonEmptyString", # etag: "NonEmptyString", # last_modified_time: "NonEmptyString", # logging: { # bucket: "NonEmptyString", # enabled: false, # include_cookies: false, # prefix: "NonEmptyString", # }, # origins: { # items: [ # { # domain_name: "NonEmptyString", # id: "NonEmptyString", # origin_path: "NonEmptyString", # s3_origin_config: { # origin_access_identity: "NonEmptyString", # }, # }, # ], # }, # origin_groups: { # items: [ # { # failover_criteria: { # status_codes: { # items: [1], # quantity: 1, # }, # }, # }, # ], # }, # viewer_certificate: { # acm_certificate_arn: "NonEmptyString", # certificate: "NonEmptyString", # certificate_source: "NonEmptyString", # cloud_front_default_certificate: false, # iam_certificate_id: "NonEmptyString", # minimum_protocol_version: "NonEmptyString", # ssl_support_method: "NonEmptyString", # }, # status: "NonEmptyString", # web_acl_id: "NonEmptyString", # }, # aws_ec2_instance: { # type: "NonEmptyString", # image_id: "NonEmptyString", # ip_v4_addresses: ["NonEmptyString"], # ip_v6_addresses: ["NonEmptyString"], # key_name: "NonEmptyString", # iam_instance_profile_arn: "NonEmptyString", # vpc_id: "NonEmptyString", # subnet_id: "NonEmptyString", # launched_at: "NonEmptyString", # network_interfaces: [ # { # network_interface_id: "NonEmptyString", # }, # ], # }, # aws_ec2_network_interface: { # attachment: { # attach_time: "NonEmptyString", # attachment_id: "NonEmptyString", # delete_on_termination: false, # device_index: 1, # instance_id: "NonEmptyString", # instance_owner_id: "NonEmptyString", # status: "NonEmptyString", # }, # network_interface_id: "NonEmptyString", # security_groups: [ # { # group_name: "NonEmptyString", # group_id: "NonEmptyString", # }, # ], # source_dest_check: false, # ip_v6_addresses: [ # { # ip_v6_address: "NonEmptyString", # }, # ], # private_ip_addresses: [ # { # private_ip_address: "NonEmptyString", # private_dns_name: "NonEmptyString", # }, # ], # public_dns_name: "NonEmptyString", # public_ip: "NonEmptyString", # }, # aws_ec2_security_group: { # group_name: "NonEmptyString", # group_id: "NonEmptyString", # owner_id: "NonEmptyString", # vpc_id: "NonEmptyString", # ip_permissions: [ # { # ip_protocol: "NonEmptyString", # from_port: 1, # to_port: 1, # user_id_group_pairs: [ # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # }, # ], # ip_ranges: [ # { # cidr_ip: "NonEmptyString", # }, # ], # ipv_6_ranges: [ # { # cidr_ipv_6: "NonEmptyString", # }, # ], # prefix_list_ids: [ # { # prefix_list_id: "NonEmptyString", # }, # ], # }, # ], # ip_permissions_egress: [ # { # ip_protocol: "NonEmptyString", # from_port: 1, # to_port: 1, # user_id_group_pairs: [ # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # }, # ], # ip_ranges: [ # { # cidr_ip: "NonEmptyString", # }, # ], # ipv_6_ranges: [ # { # cidr_ipv_6: "NonEmptyString", # }, # ], # prefix_list_ids: [ # { # prefix_list_id: "NonEmptyString", # }, # ], # }, # ], # }, # aws_ec2_volume: { # create_time: "NonEmptyString", # encrypted: false, # size: 1, # snapshot_id: "NonEmptyString", # status: "NonEmptyString", # kms_key_id: "NonEmptyString", # attachments: [ # { # attach_time: "NonEmptyString", # delete_on_termination: false, # instance_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # }, # aws_ec2_vpc: { # cidr_block_association_set: [ # { # association_id: "NonEmptyString", # cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # ipv_6_cidr_block_association_set: [ # { # association_id: "NonEmptyString", # ipv_6_cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # dhcp_options_id: "NonEmptyString", # state: "NonEmptyString", # }, # aws_ec2_eip: { # instance_id: "NonEmptyString", # public_ip: "NonEmptyString", # allocation_id: "NonEmptyString", # association_id: "NonEmptyString", # domain: "NonEmptyString", # public_ipv_4_pool: "NonEmptyString", # network_border_group: "NonEmptyString", # network_interface_id: "NonEmptyString", # network_interface_owner_id: "NonEmptyString", # private_ip_address: "NonEmptyString", # }, # aws_ec2_subnet: { # assign_ipv_6_address_on_creation: false, # availability_zone: "NonEmptyString", # availability_zone_id: "NonEmptyString", # available_ip_address_count: 1, # cidr_block: "NonEmptyString", # default_for_az: false, # map_public_ip_on_launch: false, # owner_id: "NonEmptyString", # state: "NonEmptyString", # subnet_arn: "NonEmptyString", # subnet_id: "NonEmptyString", # vpc_id: "NonEmptyString", # ipv_6_cidr_block_association_set: [ # { # association_id: "NonEmptyString", # ipv_6_cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # }, # aws_ec2_network_acl: { # is_default: false, # network_acl_id: "NonEmptyString", # owner_id: "NonEmptyString", # vpc_id: "NonEmptyString", # associations: [ # { # network_acl_association_id: "NonEmptyString", # network_acl_id: "NonEmptyString", # subnet_id: "NonEmptyString", # }, # ], # entries: [ # { # cidr_block: "NonEmptyString", # egress: false, # icmp_type_code: { # code: 1, # type: 1, # }, # ipv_6_cidr_block: "NonEmptyString", # port_range: { # from: 1, # to: 1, # }, # protocol: "NonEmptyString", # rule_action: "NonEmptyString", # rule_number: 1, # }, # ], # }, # aws_elbv_2_load_balancer: { # availability_zones: [ # { # zone_name: "NonEmptyString", # subnet_id: "NonEmptyString", # }, # ], # canonical_hosted_zone_id: "NonEmptyString", # created_time: "NonEmptyString", # dns_name: "NonEmptyString", # ip_address_type: "NonEmptyString", # scheme: "NonEmptyString", # security_groups: ["NonEmptyString"], # state: { # code: "NonEmptyString", # reason: "NonEmptyString", # }, # type: "NonEmptyString", # vpc_id: "NonEmptyString", # load_balancer_attributes: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # }, # ], # }, # aws_elastic_beanstalk_environment: { # application_name: "NonEmptyString", # cname: "NonEmptyString", # date_created: "NonEmptyString", # date_updated: "NonEmptyString", # description: "NonEmptyString", # endpoint_url: "NonEmptyString", # environment_arn: "NonEmptyString", # environment_id: "NonEmptyString", # environment_links: [ # { # environment_name: "NonEmptyString", # link_name: "NonEmptyString", # }, # ], # environment_name: "NonEmptyString", # option_settings: [ # { # namespace: "NonEmptyString", # option_name: "NonEmptyString", # resource_name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # platform_arn: "NonEmptyString", # solution_stack_name: "NonEmptyString", # status: "NonEmptyString", # tier: { # name: "NonEmptyString", # type: "NonEmptyString", # version: "NonEmptyString", # }, # version_label: "NonEmptyString", # }, # aws_elasticsearch_domain: { # access_policies: "NonEmptyString", # domain_endpoint_options: { # enforce_https: false, # tls_security_policy: "NonEmptyString", # }, # domain_id: "NonEmptyString", # domain_name: "NonEmptyString", # endpoint: "NonEmptyString", # endpoints: { # "NonEmptyString" => "NonEmptyString", # }, # elasticsearch_version: "NonEmptyString", # elasticsearch_cluster_config: { # dedicated_master_count: 1, # dedicated_master_enabled: false, # dedicated_master_type: "NonEmptyString", # instance_count: 1, # instance_type: "NonEmptyString", # zone_awareness_config: { # availability_zone_count: 1, # }, # zone_awareness_enabled: false, # }, # encryption_at_rest_options: { # enabled: false, # kms_key_id: "NonEmptyString", # }, # log_publishing_options: { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # }, # node_to_node_encryption_options: { # enabled: false, # }, # service_software_options: { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # }, # vpc_options: { # availability_zones: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # }, # aws_s3_bucket: { # owner_id: "NonEmptyString", # owner_name: "NonEmptyString", # owner_account_id: "NonEmptyString", # created_at: "NonEmptyString", # server_side_encryption_configuration: { # rules: [ # { # apply_server_side_encryption_by_default: { # sse_algorithm: "NonEmptyString", # kms_master_key_id: "NonEmptyString", # }, # }, # ], # }, # bucket_lifecycle_configuration: { # rules: [ # { # abort_incomplete_multipart_upload: { # days_after_initiation: 1, # }, # expiration_date: "NonEmptyString", # expiration_in_days: 1, # expired_object_delete_marker: false, # filter: { # predicate: { # operands: [ # { # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # }, # id: "NonEmptyString", # noncurrent_version_expiration_in_days: 1, # noncurrent_version_transitions: [ # { # days: 1, # storage_class: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # status: "NonEmptyString", # transitions: [ # { # date: "NonEmptyString", # days: 1, # storage_class: "NonEmptyString", # }, # ], # }, # ], # }, # public_access_block_configuration: { # block_public_acls: false, # block_public_policy: false, # ignore_public_acls: false, # restrict_public_buckets: false, # }, # access_control_list: "NonEmptyString", # bucket_logging_configuration: { # destination_bucket_name: "NonEmptyString", # log_file_prefix: "NonEmptyString", # }, # bucket_website_configuration: { # error_document: "NonEmptyString", # index_document_suffix: "NonEmptyString", # redirect_all_requests_to: { # hostname: "NonEmptyString", # protocol: "NonEmptyString", # }, # routing_rules: [ # { # condition: { # http_error_code_returned_equals: "NonEmptyString", # key_prefix_equals: "NonEmptyString", # }, # redirect: { # hostname: "NonEmptyString", # http_redirect_code: "NonEmptyString", # protocol: "NonEmptyString", # replace_key_prefix_with: "NonEmptyString", # replace_key_with: "NonEmptyString", # }, # }, # ], # }, # bucket_notification_configuration: { # configurations: [ # { # events: ["NonEmptyString"], # filter: { # s3_key_filter: { # filter_rules: [ # { # name: "Prefix", # accepts Prefix, Suffix # value: "NonEmptyString", # }, # ], # }, # }, # destination: "NonEmptyString", # type: "NonEmptyString", # }, # ], # }, # bucket_versioning_configuration: { # is_mfa_delete_enabled: false, # status: "NonEmptyString", # }, # }, # aws_s3_account_public_access_block: { # block_public_acls: false, # block_public_policy: false, # ignore_public_acls: false, # restrict_public_buckets: false, # }, # aws_s3_object: { # last_modified: "NonEmptyString", # etag: "NonEmptyString", # version_id: "NonEmptyString", # content_type: "NonEmptyString", # server_side_encryption: "NonEmptyString", # ssekms_key_id: "NonEmptyString", # }, # aws_secrets_manager_secret: { # rotation_rules: { # automatically_after_days: 1, # }, # rotation_occurred_within_frequency: false, # kms_key_id: "NonEmptyString", # rotation_enabled: false, # rotation_lambda_arn: "NonEmptyString", # deleted: false, # name: "NonEmptyString", # description: "NonEmptyString", # }, # aws_iam_access_key: { # user_name: "NonEmptyString", # status: "Active", # accepts Active, Inactive # created_at: "NonEmptyString", # principal_id: "NonEmptyString", # principal_type: "NonEmptyString", # principal_name: "NonEmptyString", # account_id: "NonEmptyString", # access_key_id: "NonEmptyString", # session_context: { # attributes: { # mfa_authenticated: false, # creation_date: "NonEmptyString", # }, # session_issuer: { # type: "NonEmptyString", # principal_id: "NonEmptyString", # arn: "NonEmptyString", # account_id: "NonEmptyString", # user_name: "NonEmptyString", # }, # }, # }, # aws_iam_user: { # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # group_list: ["NonEmptyString"], # path: "NonEmptyString", # permissions_boundary: { # permissions_boundary_arn: "NonEmptyString", # permissions_boundary_type: "NonEmptyString", # }, # user_id: "NonEmptyString", # user_name: "NonEmptyString", # user_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # }, # aws_iam_policy: { # attachment_count: 1, # create_date: "NonEmptyString", # default_version_id: "NonEmptyString", # description: "NonEmptyString", # is_attachable: false, # path: "NonEmptyString", # permissions_boundary_usage_count: 1, # policy_id: "NonEmptyString", # policy_name: "NonEmptyString", # policy_version_list: [ # { # version_id: "NonEmptyString", # is_default_version: false, # create_date: "NonEmptyString", # }, # ], # update_date: "NonEmptyString", # }, # aws_api_gateway_v2_stage: { # client_certificate_id: "NonEmptyString", # created_date: "NonEmptyString", # description: "NonEmptyString", # default_route_settings: { # detailed_metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # }, # deployment_id: "NonEmptyString", # last_updated_date: "NonEmptyString", # route_settings: { # detailed_metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # }, # stage_name: "NonEmptyString", # stage_variables: { # "NonEmptyString" => "NonEmptyString", # }, # access_log_settings: { # format: "NonEmptyString", # destination_arn: "NonEmptyString", # }, # auto_deploy: false, # last_deployment_status_message: "NonEmptyString", # api_gateway_managed: false, # }, # aws_api_gateway_v2_api: { # api_endpoint: "NonEmptyString", # api_id: "NonEmptyString", # api_key_selection_expression: "NonEmptyString", # created_date: "NonEmptyString", # description: "NonEmptyString", # version: "NonEmptyString", # name: "NonEmptyString", # protocol_type: "NonEmptyString", # route_selection_expression: "NonEmptyString", # cors_configuration: { # allow_origins: ["NonEmptyString"], # allow_credentials: false, # expose_headers: ["NonEmptyString"], # max_age: 1, # allow_methods: ["NonEmptyString"], # allow_headers: ["NonEmptyString"], # }, # }, # aws_dynamo_db_table: { # attribute_definitions: [ # { # attribute_name: "NonEmptyString", # attribute_type: "NonEmptyString", # }, # ], # billing_mode_summary: { # billing_mode: "NonEmptyString", # last_update_to_pay_per_request_date_time: "NonEmptyString", # }, # creation_date_time: "NonEmptyString", # global_secondary_indexes: [ # { # backfilling: false, # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # index_size_bytes: 1, # index_status: "NonEmptyString", # item_count: 1, # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # provisioned_throughput: { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # }, # }, # ], # global_table_version: "NonEmptyString", # item_count: 1, # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # latest_stream_arn: "NonEmptyString", # latest_stream_label: "NonEmptyString", # local_secondary_indexes: [ # { # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # }, # ], # provisioned_throughput: { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # }, # replicas: [ # { # global_secondary_indexes: [ # { # index_name: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # }, # ], # kms_master_key_id: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # region_name: "NonEmptyString", # replica_status: "NonEmptyString", # replica_status_description: "NonEmptyString", # }, # ], # restore_summary: { # source_backup_arn: "NonEmptyString", # source_table_arn: "NonEmptyString", # restore_date_time: "NonEmptyString", # restore_in_progress: false, # }, # sse_description: { # inaccessible_encryption_date_time: "NonEmptyString", # status: "NonEmptyString", # sse_type: "NonEmptyString", # kms_master_key_arn: "NonEmptyString", # }, # stream_specification: { # stream_enabled: false, # stream_view_type: "NonEmptyString", # }, # table_id: "NonEmptyString", # table_name: "NonEmptyString", # table_size_bytes: 1, # table_status: "NonEmptyString", # }, # aws_api_gateway_stage: { # deployment_id: "NonEmptyString", # client_certificate_id: "NonEmptyString", # stage_name: "NonEmptyString", # description: "NonEmptyString", # cache_cluster_enabled: false, # cache_cluster_size: "NonEmptyString", # cache_cluster_status: "NonEmptyString", # method_settings: [ # { # metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # caching_enabled: false, # cache_ttl_in_seconds: 1, # cache_data_encrypted: false, # require_authorization_for_cache_control: false, # unauthorized_cache_control_header_strategy: "NonEmptyString", # http_method: "NonEmptyString", # resource_path: "NonEmptyString", # }, # ], # variables: { # "NonEmptyString" => "NonEmptyString", # }, # documentation_version: "NonEmptyString", # access_log_settings: { # format: "NonEmptyString", # destination_arn: "NonEmptyString", # }, # canary_settings: { # percent_traffic: 1.0, # deployment_id: "NonEmptyString", # stage_variable_overrides: { # "NonEmptyString" => "NonEmptyString", # }, # use_stage_cache: false, # }, # tracing_enabled: false, # created_date: "NonEmptyString", # last_updated_date: "NonEmptyString", # web_acl_arn: "NonEmptyString", # }, # aws_api_gateway_rest_api: { # id: "NonEmptyString", # name: "NonEmptyString", # description: "NonEmptyString", # created_date: "NonEmptyString", # version: "NonEmptyString", # binary_media_types: ["NonEmptyString"], # minimum_compression_size: 1, # api_key_source: "NonEmptyString", # endpoint_configuration: { # types: ["NonEmptyString"], # }, # }, # aws_cloud_trail_trail: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # cloud_watch_logs_role_arn: "NonEmptyString", # has_custom_event_selectors: false, # home_region: "NonEmptyString", # include_global_service_events: false, # is_multi_region_trail: false, # is_organization_trail: false, # kms_key_id: "NonEmptyString", # log_file_validation_enabled: false, # name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_key_prefix: "NonEmptyString", # sns_topic_arn: "NonEmptyString", # sns_topic_name: "NonEmptyString", # trail_arn: "NonEmptyString", # }, # aws_ssm_patch_compliance: { # patch: { # compliance_summary: { # status: "NonEmptyString", # compliant_critical_count: 1, # compliant_high_count: 1, # compliant_medium_count: 1, # execution_type: "NonEmptyString", # non_compliant_critical_count: 1, # compliant_informational_count: 1, # non_compliant_informational_count: 1, # compliant_unspecified_count: 1, # non_compliant_low_count: 1, # non_compliant_high_count: 1, # compliant_low_count: 1, # compliance_type: "NonEmptyString", # patch_baseline_id: "NonEmptyString", # overall_severity: "NonEmptyString", # non_compliant_medium_count: 1, # non_compliant_unspecified_count: 1, # patch_group: "NonEmptyString", # }, # }, # }, # aws_certificate_manager_certificate: { # certificate_authority_arn: "NonEmptyString", # created_at: "NonEmptyString", # domain_name: "NonEmptyString", # domain_validation_options: [ # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # }, # ], # extended_key_usages: [ # { # name: "NonEmptyString", # o_id: "NonEmptyString", # }, # ], # failure_reason: "NonEmptyString", # imported_at: "NonEmptyString", # in_use_by: ["NonEmptyString"], # issued_at: "NonEmptyString", # issuer: "NonEmptyString", # key_algorithm: "NonEmptyString", # key_usages: [ # { # name: "NonEmptyString", # }, # ], # not_after: "NonEmptyString", # not_before: "NonEmptyString", # options: { # certificate_transparency_logging_preference: "NonEmptyString", # }, # renewal_eligibility: "NonEmptyString", # renewal_summary: { # domain_validation_options: [ # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # }, # ], # renewal_status: "NonEmptyString", # renewal_status_reason: "NonEmptyString", # updated_at: "NonEmptyString", # }, # serial: "NonEmptyString", # signature_algorithm: "NonEmptyString", # status: "NonEmptyString", # subject: "NonEmptyString", # subject_alternative_names: ["NonEmptyString"], # type: "NonEmptyString", # }, # aws_redshift_cluster: { # allow_version_upgrade: false, # automated_snapshot_retention_period: 1, # availability_zone: "NonEmptyString", # cluster_availability_status: "NonEmptyString", # cluster_create_time: "NonEmptyString", # cluster_identifier: "NonEmptyString", # cluster_nodes: [ # { # node_role: "NonEmptyString", # private_ip_address: "NonEmptyString", # public_ip_address: "NonEmptyString", # }, # ], # cluster_parameter_groups: [ # { # cluster_parameter_status_list: [ # { # parameter_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # parameter_apply_error_description: "NonEmptyString", # }, # ], # parameter_apply_status: "NonEmptyString", # parameter_group_name: "NonEmptyString", # }, # ], # cluster_public_key: "NonEmptyString", # cluster_revision_number: "NonEmptyString", # cluster_security_groups: [ # { # cluster_security_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # cluster_snapshot_copy_status: { # destination_region: "NonEmptyString", # manual_snapshot_retention_period: 1, # retention_period: 1, # snapshot_copy_grant_name: "NonEmptyString", # }, # cluster_status: "NonEmptyString", # cluster_subnet_group_name: "NonEmptyString", # cluster_version: "NonEmptyString", # db_name: "NonEmptyString", # deferred_maintenance_windows: [ # { # defer_maintenance_end_time: "NonEmptyString", # defer_maintenance_identifier: "NonEmptyString", # defer_maintenance_start_time: "NonEmptyString", # }, # ], # elastic_ip_status: { # elastic_ip: "NonEmptyString", # status: "NonEmptyString", # }, # elastic_resize_number_of_node_options: "NonEmptyString", # encrypted: false, # endpoint: { # address: "NonEmptyString", # port: 1, # }, # enhanced_vpc_routing: false, # expected_next_snapshot_schedule_time: "NonEmptyString", # expected_next_snapshot_schedule_time_status: "NonEmptyString", # hsm_status: { # hsm_client_certificate_identifier: "NonEmptyString", # hsm_configuration_identifier: "NonEmptyString", # status: "NonEmptyString", # }, # iam_roles: [ # { # apply_status: "NonEmptyString", # iam_role_arn: "NonEmptyString", # }, # ], # kms_key_id: "NonEmptyString", # maintenance_track_name: "NonEmptyString", # manual_snapshot_retention_period: 1, # master_username: "NonEmptyString", # next_maintenance_window_start_time: "NonEmptyString", # node_type: "NonEmptyString", # number_of_nodes: 1, # pending_actions: ["NonEmptyString"], # pending_modified_values: { # automated_snapshot_retention_period: 1, # cluster_identifier: "NonEmptyString", # cluster_type: "NonEmptyString", # cluster_version: "NonEmptyString", # encryption_type: "NonEmptyString", # enhanced_vpc_routing: false, # maintenance_track_name: "NonEmptyString", # master_user_password: "NonEmptyString", # node_type: "NonEmptyString", # number_of_nodes: 1, # publicly_accessible: false, # }, # preferred_maintenance_window: "NonEmptyString", # publicly_accessible: false, # resize_info: { # allow_cancel_resize: false, # resize_type: "NonEmptyString", # }, # restore_status: { # current_restore_rate_in_mega_bytes_per_second: 1.0, # elapsed_time_in_seconds: 1, # estimated_time_to_completion_in_seconds: 1, # progress_in_mega_bytes: 1, # snapshot_size_in_mega_bytes: 1, # status: "NonEmptyString", # }, # snapshot_schedule_identifier: "NonEmptyString", # snapshot_schedule_state: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_security_groups: [ # { # status: "NonEmptyString", # vpc_security_group_id: "NonEmptyString", # }, # ], # }, # aws_elb_load_balancer: { # availability_zones: ["NonEmptyString"], # backend_server_descriptions: [ # { # instance_port: 1, # policy_names: ["NonEmptyString"], # }, # ], # canonical_hosted_zone_name: "NonEmptyString", # canonical_hosted_zone_name_id: "NonEmptyString", # created_time: "NonEmptyString", # dns_name: "NonEmptyString", # health_check: { # healthy_threshold: 1, # interval: 1, # target: "NonEmptyString", # timeout: 1, # unhealthy_threshold: 1, # }, # instances: [ # { # instance_id: "NonEmptyString", # }, # ], # listener_descriptions: [ # { # listener: { # instance_port: 1, # instance_protocol: "NonEmptyString", # load_balancer_port: 1, # protocol: "NonEmptyString", # ssl_certificate_id: "NonEmptyString", # }, # policy_names: ["NonEmptyString"], # }, # ], # load_balancer_attributes: { # access_log: { # emit_interval: 1, # enabled: false, # s3_bucket_name: "NonEmptyString", # s3_bucket_prefix: "NonEmptyString", # }, # connection_draining: { # enabled: false, # timeout: 1, # }, # connection_settings: { # idle_timeout: 1, # }, # cross_zone_load_balancing: { # enabled: false, # }, # }, # load_balancer_name: "NonEmptyString", # policies: { # app_cookie_stickiness_policies: [ # { # cookie_name: "NonEmptyString", # policy_name: "NonEmptyString", # }, # ], # lb_cookie_stickiness_policies: [ # { # cookie_expiration_period: 1, # policy_name: "NonEmptyString", # }, # ], # other_policies: ["NonEmptyString"], # }, # scheme: "NonEmptyString", # security_groups: ["NonEmptyString"], # source_security_group: { # group_name: "NonEmptyString", # owner_alias: "NonEmptyString", # }, # subnets: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # aws_iam_group: { # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # group_id: "NonEmptyString", # group_name: "NonEmptyString", # group_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # path: "NonEmptyString", # }, # aws_iam_role: { # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # instance_profile_list: [ # { # arn: "NonEmptyString", # create_date: "NonEmptyString", # instance_profile_id: "NonEmptyString", # instance_profile_name: "NonEmptyString", # path: "NonEmptyString", # roles: [ # { # arn: "NonEmptyString", # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # create_date: "NonEmptyString", # path: "NonEmptyString", # role_id: "NonEmptyString", # role_name: "NonEmptyString", # }, # ], # }, # ], # permissions_boundary: { # permissions_boundary_arn: "NonEmptyString", # permissions_boundary_type: "NonEmptyString", # }, # role_id: "NonEmptyString", # role_name: "NonEmptyString", # role_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # max_session_duration: 1, # path: "NonEmptyString", # }, # aws_kms_key: { # aws_account_id: "NonEmptyString", # creation_date: 1.0, # key_id: "NonEmptyString", # key_manager: "NonEmptyString", # key_state: "NonEmptyString", # origin: "NonEmptyString", # description: "NonEmptyString", # key_rotation_status: false, # }, # aws_lambda_function: { # code: { # s3_bucket: "NonEmptyString", # s3_key: "NonEmptyString", # s3_object_version: "NonEmptyString", # zip_file: "NonEmptyString", # }, # code_sha_256: "NonEmptyString", # dead_letter_config: { # target_arn: "NonEmptyString", # }, # environment: { # variables: { # "NonEmptyString" => "NonEmptyString", # }, # error: { # error_code: "NonEmptyString", # message: "NonEmptyString", # }, # }, # function_name: "NonEmptyString", # handler: "NonEmptyString", # kms_key_arn: "NonEmptyString", # last_modified: "NonEmptyString", # layers: [ # { # arn: "NonEmptyString", # code_size: 1, # }, # ], # master_arn: "NonEmptyString", # memory_size: 1, # revision_id: "NonEmptyString", # role: "NonEmptyString", # runtime: "NonEmptyString", # timeout: 1, # tracing_config: { # mode: "NonEmptyString", # }, # vpc_config: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # version: "NonEmptyString", # }, # aws_lambda_layer_version: { # version: 1, # compatible_runtimes: ["NonEmptyString"], # created_date: "NonEmptyString", # }, # aws_rds_db_instance: { # associated_roles: [ # { # role_arn: "NonEmptyString", # feature_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # ca_certificate_identifier: "NonEmptyString", # db_cluster_identifier: "NonEmptyString", # db_instance_identifier: "NonEmptyString", # db_instance_class: "NonEmptyString", # db_instance_port: 1, # dbi_resource_id: "NonEmptyString", # db_name: "NonEmptyString", # deletion_protection: false, # endpoint: { # address: "NonEmptyString", # port: 1, # hosted_zone_id: "NonEmptyString", # }, # engine: "NonEmptyString", # engine_version: "NonEmptyString", # iam_database_authentication_enabled: false, # instance_create_time: "NonEmptyString", # kms_key_id: "NonEmptyString", # publicly_accessible: false, # storage_encrypted: false, # tde_credential_arn: "NonEmptyString", # vpc_security_groups: [ # { # vpc_security_group_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # multi_az: false, # enhanced_monitoring_resource_arn: "NonEmptyString", # db_instance_status: "NonEmptyString", # master_username: "NonEmptyString", # allocated_storage: 1, # preferred_backup_window: "NonEmptyString", # backup_retention_period: 1, # db_security_groups: ["NonEmptyString"], # db_parameter_groups: [ # { # db_parameter_group_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # }, # ], # availability_zone: "NonEmptyString", # db_subnet_group: { # db_subnet_group_name: "NonEmptyString", # db_subnet_group_description: "NonEmptyString", # vpc_id: "NonEmptyString", # subnet_group_status: "NonEmptyString", # subnets: [ # { # subnet_identifier: "NonEmptyString", # subnet_availability_zone: { # name: "NonEmptyString", # }, # subnet_status: "NonEmptyString", # }, # ], # db_subnet_group_arn: "NonEmptyString", # }, # preferred_maintenance_window: "NonEmptyString", # pending_modified_values: { # db_instance_class: "NonEmptyString", # allocated_storage: 1, # master_user_password: "NonEmptyString", # port: 1, # backup_retention_period: 1, # multi_az: false, # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # iops: 1, # db_instance_identifier: "NonEmptyString", # storage_type: "NonEmptyString", # ca_certificate_identifier: "NonEmptyString", # db_subnet_group_name: "NonEmptyString", # pending_cloud_watch_logs_exports: { # log_types_to_enable: ["NonEmptyString"], # log_types_to_disable: ["NonEmptyString"], # }, # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # }, # latest_restorable_time: "NonEmptyString", # auto_minor_version_upgrade: false, # read_replica_source_db_instance_identifier: "NonEmptyString", # read_replica_db_instance_identifiers: ["NonEmptyString"], # read_replica_db_cluster_identifiers: ["NonEmptyString"], # license_model: "NonEmptyString", # iops: 1, # option_group_memberships: [ # { # option_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # character_set_name: "NonEmptyString", # secondary_availability_zone: "NonEmptyString", # status_infos: [ # { # status_type: "NonEmptyString", # normal: false, # status: "NonEmptyString", # message: "NonEmptyString", # }, # ], # storage_type: "NonEmptyString", # domain_memberships: [ # { # domain: "NonEmptyString", # status: "NonEmptyString", # fqdn: "NonEmptyString", # iam_role_name: "NonEmptyString", # }, # ], # copy_tags_to_snapshot: false, # monitoring_interval: 1, # monitoring_role_arn: "NonEmptyString", # promotion_tier: 1, # timezone: "NonEmptyString", # performance_insights_enabled: false, # performance_insights_kms_key_id: "NonEmptyString", # performance_insights_retention_period: 1, # enabled_cloud_watch_logs_exports: ["NonEmptyString"], # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # listener_endpoint: { # address: "NonEmptyString", # port: 1, # hosted_zone_id: "NonEmptyString", # }, # max_allocated_storage: 1, # }, # aws_sns_topic: { # kms_master_key_id: "NonEmptyString", # subscription: [ # { # endpoint: "NonEmptyString", # protocol: "NonEmptyString", # }, # ], # topic_name: "NonEmptyString", # owner: "NonEmptyString", # }, # aws_sqs_queue: { # kms_data_key_reuse_period_seconds: 1, # kms_master_key_id: "NonEmptyString", # queue_name: "NonEmptyString", # dead_letter_target_arn: "NonEmptyString", # }, # aws_waf_web_acl: { # name: "NonEmptyString", # default_action: "NonEmptyString", # rules: [ # { # action: { # type: "NonEmptyString", # }, # excluded_rules: [ # { # rule_id: "NonEmptyString", # }, # ], # override_action: { # type: "NonEmptyString", # }, # priority: 1, # rule_id: "NonEmptyString", # type: "NonEmptyString", # }, # ], # web_acl_id: "NonEmptyString", # }, # aws_rds_db_snapshot: { # db_snapshot_identifier: "NonEmptyString", # db_instance_identifier: "NonEmptyString", # snapshot_create_time: "NonEmptyString", # engine: "NonEmptyString", # allocated_storage: 1, # status: "NonEmptyString", # port: 1, # availability_zone: "NonEmptyString", # vpc_id: "NonEmptyString", # instance_create_time: "NonEmptyString", # master_username: "NonEmptyString", # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # snapshot_type: "NonEmptyString", # iops: 1, # option_group_name: "NonEmptyString", # percent_progress: 1, # source_region: "NonEmptyString", # source_db_snapshot_identifier: "NonEmptyString", # storage_type: "NonEmptyString", # tde_credential_arn: "NonEmptyString", # encrypted: false, # kms_key_id: "NonEmptyString", # timezone: "NonEmptyString", # iam_database_authentication_enabled: false, # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # dbi_resource_id: "NonEmptyString", # }, # aws_rds_db_cluster_snapshot: { # availability_zones: ["NonEmptyString"], # snapshot_create_time: "NonEmptyString", # engine: "NonEmptyString", # allocated_storage: 1, # status: "NonEmptyString", # port: 1, # vpc_id: "NonEmptyString", # cluster_create_time: "NonEmptyString", # master_username: "NonEmptyString", # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # snapshot_type: "NonEmptyString", # percent_progress: 1, # storage_encrypted: false, # kms_key_id: "NonEmptyString", # db_cluster_identifier: "NonEmptyString", # db_cluster_snapshot_identifier: "NonEmptyString", # iam_database_authentication_enabled: false, # }, # aws_rds_db_cluster: { # allocated_storage: 1, # availability_zones: ["NonEmptyString"], # backup_retention_period: 1, # database_name: "NonEmptyString", # status: "NonEmptyString", # endpoint: "NonEmptyString", # reader_endpoint: "NonEmptyString", # custom_endpoints: ["NonEmptyString"], # multi_az: false, # engine: "NonEmptyString", # engine_version: "NonEmptyString", # port: 1, # master_username: "NonEmptyString", # preferred_backup_window: "NonEmptyString", # preferred_maintenance_window: "NonEmptyString", # read_replica_identifiers: ["NonEmptyString"], # vpc_security_groups: [ # { # vpc_security_group_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # hosted_zone_id: "NonEmptyString", # storage_encrypted: false, # kms_key_id: "NonEmptyString", # db_cluster_resource_id: "NonEmptyString", # associated_roles: [ # { # role_arn: "NonEmptyString", # status: "NonEmptyString", # }, # ], # cluster_create_time: "NonEmptyString", # enabled_cloud_watch_logs_exports: ["NonEmptyString"], # engine_mode: "NonEmptyString", # deletion_protection: false, # http_endpoint_enabled: false, # activity_stream_status: "NonEmptyString", # copy_tags_to_snapshot: false, # cross_account_clone: false, # domain_memberships: [ # { # domain: "NonEmptyString", # status: "NonEmptyString", # fqdn: "NonEmptyString", # iam_role_name: "NonEmptyString", # }, # ], # db_cluster_parameter_group: "NonEmptyString", # db_subnet_group: "NonEmptyString", # db_cluster_option_group_memberships: [ # { # db_cluster_option_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # db_cluster_identifier: "NonEmptyString", # db_cluster_members: [ # { # is_cluster_writer: false, # promotion_tier: 1, # db_instance_identifier: "NonEmptyString", # db_cluster_parameter_group_status: "NonEmptyString", # }, # ], # iam_database_authentication_enabled: false, # }, # aws_ecs_cluster: { # capacity_providers: ["NonEmptyString"], # cluster_settings: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # configuration: { # execute_command_configuration: { # kms_key_id: "NonEmptyString", # log_configuration: { # cloud_watch_encryption_enabled: false, # cloud_watch_log_group_name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_encryption_enabled: false, # s3_key_prefix: "NonEmptyString", # }, # logging: "NonEmptyString", # }, # }, # default_capacity_provider_strategy: [ # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # }, # ], # }, # aws_ecs_task_definition: { # container_definitions: [ # { # command: ["NonEmptyString"], # cpu: 1, # depends_on: [ # { # condition: "NonEmptyString", # container_name: "NonEmptyString", # }, # ], # disable_networking: false, # dns_search_domains: ["NonEmptyString"], # dns_servers: ["NonEmptyString"], # docker_labels: { # "NonEmptyString" => "NonEmptyString", # }, # docker_security_options: ["NonEmptyString"], # entry_point: ["NonEmptyString"], # environment: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # environment_files: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # essential: false, # extra_hosts: [ # { # hostname: "NonEmptyString", # ip_address: "NonEmptyString", # }, # ], # firelens_configuration: { # options: { # "NonEmptyString" => "NonEmptyString", # }, # type: "NonEmptyString", # }, # health_check: { # command: ["NonEmptyString"], # interval: 1, # retries: 1, # start_period: 1, # timeout: 1, # }, # hostname: "NonEmptyString", # image: "NonEmptyString", # interactive: false, # links: ["NonEmptyString"], # linux_parameters: { # capabilities: { # add: ["NonEmptyString"], # drop: ["NonEmptyString"], # }, # devices: [ # { # container_path: "NonEmptyString", # host_path: "NonEmptyString", # permissions: ["NonEmptyString"], # }, # ], # init_process_enabled: false, # max_swap: 1, # shared_memory_size: 1, # swappiness: 1, # tmpfs: [ # { # container_path: "NonEmptyString", # mount_options: ["NonEmptyString"], # size: 1, # }, # ], # }, # log_configuration: { # log_driver: "NonEmptyString", # options: { # "NonEmptyString" => "NonEmptyString", # }, # secret_options: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # }, # memory: 1, # memory_reservation: 1, # mount_points: [ # { # container_path: "NonEmptyString", # read_only: false, # source_volume: "NonEmptyString", # }, # ], # name: "NonEmptyString", # port_mappings: [ # { # container_port: 1, # host_port: 1, # protocol: "NonEmptyString", # }, # ], # privileged: false, # pseudo_terminal: false, # readonly_root_filesystem: false, # repository_credentials: { # credentials_parameter: "NonEmptyString", # }, # resource_requirements: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # secrets: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # start_timeout: 1, # stop_timeout: 1, # system_controls: [ # { # namespace: "NonEmptyString", # value: "NonEmptyString", # }, # ], # ulimits: [ # { # hard_limit: 1, # name: "NonEmptyString", # soft_limit: 1, # }, # ], # user: "NonEmptyString", # volumes_from: [ # { # read_only: false, # source_container: "NonEmptyString", # }, # ], # working_directory: "NonEmptyString", # }, # ], # cpu: "NonEmptyString", # execution_role_arn: "NonEmptyString", # family: "NonEmptyString", # inference_accelerators: [ # { # device_name: "NonEmptyString", # device_type: "NonEmptyString", # }, # ], # ipc_mode: "NonEmptyString", # memory: "NonEmptyString", # network_mode: "NonEmptyString", # pid_mode: "NonEmptyString", # placement_constraints: [ # { # expression: "NonEmptyString", # type: "NonEmptyString", # }, # ], # proxy_configuration: { # container_name: "NonEmptyString", # proxy_configuration_properties: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # type: "NonEmptyString", # }, # requires_compatibilities: ["NonEmptyString"], # task_role_arn: "NonEmptyString", # volumes: [ # { # docker_volume_configuration: { # autoprovision: false, # driver: "NonEmptyString", # driver_opts: { # "NonEmptyString" => "NonEmptyString", # }, # labels: { # "NonEmptyString" => "NonEmptyString", # }, # scope: "NonEmptyString", # }, # efs_volume_configuration: { # authorization_config: { # access_point_id: "NonEmptyString", # iam: "NonEmptyString", # }, # filesystem_id: "NonEmptyString", # root_directory: "NonEmptyString", # transit_encryption: "NonEmptyString", # transit_encryption_port: 1, # }, # host: { # source_path: "NonEmptyString", # }, # name: "NonEmptyString", # }, # ], # }, # container: { # name: "NonEmptyString", # image_id: "NonEmptyString", # image_name: "NonEmptyString", # launched_at: "NonEmptyString", # }, # other: { # "NonEmptyString" => "NonEmptyString", # }, # aws_rds_event_subscription: { # cust_subscription_id: "NonEmptyString", # customer_aws_id: "NonEmptyString", # enabled: false, # event_categories_list: ["NonEmptyString"], # event_subscription_arn: "NonEmptyString", # sns_topic_arn: "NonEmptyString", # source_ids_list: ["NonEmptyString"], # source_type: "NonEmptyString", # status: "NonEmptyString", # subscription_creation_time: "NonEmptyString", # }, # aws_ecs_service: { # capacity_provider_strategy: [ # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # }, # ], # cluster: "NonEmptyString", # deployment_configuration: { # deployment_circuit_breaker: { # enable: false, # rollback: false, # }, # maximum_percent: 1, # minimum_healthy_percent: 1, # }, # deployment_controller: { # type: "NonEmptyString", # }, # desired_count: 1, # enable_ecs_managed_tags: false, # enable_execute_command: false, # health_check_grace_period_seconds: 1, # launch_type: "NonEmptyString", # load_balancers: [ # { # container_name: "NonEmptyString", # container_port: 1, # load_balancer_name: "NonEmptyString", # target_group_arn: "NonEmptyString", # }, # ], # name: "NonEmptyString", # network_configuration: { # aws_vpc_configuration: { # assign_public_ip: "NonEmptyString", # security_groups: ["NonEmptyString"], # subnets: ["NonEmptyString"], # }, # }, # placement_constraints: [ # { # expression: "NonEmptyString", # type: "NonEmptyString", # }, # ], # placement_strategies: [ # { # field: "NonEmptyString", # type: "NonEmptyString", # }, # ], # platform_version: "NonEmptyString", # propagate_tags: "NonEmptyString", # role: "NonEmptyString", # scheduling_strategy: "NonEmptyString", # service_arn: "NonEmptyString", # service_name: "NonEmptyString", # service_registries: [ # { # container_name: "NonEmptyString", # container_port: 1, # port: 1, # registry_arn: "NonEmptyString", # }, # ], # task_definition: "NonEmptyString", # }, # aws_auto_scaling_launch_configuration: { # associate_public_ip_address: false, # block_device_mappings: [ # { # device_name: "NonEmptyString", # ebs: { # delete_on_termination: false, # encrypted: false, # iops: 1, # snapshot_id: "NonEmptyString", # volume_size: 1, # volume_type: "NonEmptyString", # }, # no_device: false, # virtual_name: "NonEmptyString", # }, # ], # classic_link_vpc_id: "NonEmptyString", # classic_link_vpc_security_groups: ["NonEmptyString"], # created_time: "NonEmptyString", # ebs_optimized: false, # iam_instance_profile: "NonEmptyString", # image_id: "NonEmptyString", # instance_monitoring: { # enabled: false, # }, # instance_type: "NonEmptyString", # kernel_id: "NonEmptyString", # key_name: "NonEmptyString", # launch_configuration_name: "NonEmptyString", # placement_tenancy: "NonEmptyString", # ramdisk_id: "NonEmptyString", # security_groups: ["NonEmptyString"], # spot_price: "NonEmptyString", # user_data: "NonEmptyString", # metadata_options: { # http_endpoint: "NonEmptyString", # http_put_response_hop_limit: 1, # http_tokens: "NonEmptyString", # }, # }, # aws_ec2_vpn_connection: { # vpn_connection_id: "NonEmptyString", # state: "NonEmptyString", # customer_gateway_id: "NonEmptyString", # customer_gateway_configuration: "NonEmptyString", # type: "NonEmptyString", # vpn_gateway_id: "NonEmptyString", # category: "NonEmptyString", # vgw_telemetry: [ # { # accepted_route_count: 1, # certificate_arn: "NonEmptyString", # last_status_change: "NonEmptyString", # outside_ip_address: "NonEmptyString", # status: "NonEmptyString", # status_message: "NonEmptyString", # }, # ], # options: { # static_routes_only: false, # tunnel_options: [ # { # dpd_timeout_seconds: 1, # ike_versions: ["NonEmptyString"], # outside_ip_address: "NonEmptyString", # phase_1_dh_group_numbers: [1], # phase_1_encryption_algorithms: ["NonEmptyString"], # phase_1_integrity_algorithms: ["NonEmptyString"], # phase_1_lifetime_seconds: 1, # phase_2_dh_group_numbers: [1], # phase_2_encryption_algorithms: ["NonEmptyString"], # phase_2_integrity_algorithms: ["NonEmptyString"], # phase_2_lifetime_seconds: 1, # pre_shared_key: "NonEmptyString", # rekey_fuzz_percentage: 1, # rekey_margin_time_seconds: 1, # replay_window_size: 1, # tunnel_inside_cidr: "NonEmptyString", # }, # ], # }, # routes: [ # { # destination_cidr_block: "NonEmptyString", # state: "NonEmptyString", # }, # ], # transit_gateway_id: "NonEmptyString", # }, # aws_ecr_container_image: { # registry_id: "NonEmptyString", # repository_name: "NonEmptyString", # architecture: "NonEmptyString", # image_digest: "NonEmptyString", # image_tags: ["NonEmptyString"], # image_published_at: "NonEmptyString", # }, # aws_open_search_service_domain: { # arn: "NonEmptyString", # access_policies: "NonEmptyString", # domain_name: "NonEmptyString", # id: "NonEmptyString", # domain_endpoint: "NonEmptyString", # engine_version: "NonEmptyString", # encryption_at_rest_options: { # enabled: false, # kms_key_id: "NonEmptyString", # }, # node_to_node_encryption_options: { # enabled: false, # }, # service_software_options: { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # optional_deployment: false, # }, # cluster_config: { # instance_count: 1, # warm_enabled: false, # warm_count: 1, # dedicated_master_enabled: false, # zone_awareness_config: { # availability_zone_count: 1, # }, # dedicated_master_count: 1, # instance_type: "NonEmptyString", # warm_type: "NonEmptyString", # zone_awareness_enabled: false, # dedicated_master_type: "NonEmptyString", # }, # domain_endpoint_options: { # custom_endpoint_certificate_arn: "NonEmptyString", # custom_endpoint_enabled: false, # enforce_https: false, # custom_endpoint: "NonEmptyString", # tls_security_policy: "NonEmptyString", # }, # vpc_options: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # }, # log_publishing_options: { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # }, # domain_endpoints: { # "NonEmptyString" => "NonEmptyString", # }, # }, # aws_ec2_vpc_endpoint_service: { # acceptance_required: false, # availability_zones: ["NonEmptyString"], # base_endpoint_dns_names: ["NonEmptyString"], # manages_vpc_endpoints: false, # gateway_load_balancer_arns: ["NonEmptyString"], # network_load_balancer_arns: ["NonEmptyString"], # private_dns_name: "NonEmptyString", # service_id: "NonEmptyString", # service_name: "NonEmptyString", # service_state: "NonEmptyString", # service_type: [ # { # service_type: "NonEmptyString", # }, # ], # }, # aws_xray_encryption_config: { # key_id: "NonEmptyString", # status: "NonEmptyString", # type: "NonEmptyString", # }, # aws_waf_rate_based_rule: { # metric_name: "NonEmptyString", # name: "NonEmptyString", # rate_key: "NonEmptyString", # rate_limit: 1, # rule_id: "NonEmptyString", # match_predicates: [ # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # }, # ], # }, # aws_waf_regional_rate_based_rule: { # metric_name: "NonEmptyString", # name: "NonEmptyString", # rate_key: "NonEmptyString", # rate_limit: 1, # rule_id: "NonEmptyString", # match_predicates: [ # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # }, # ], # }, # aws_ecr_repository: { # arn: "NonEmptyString", # image_scanning_configuration: { # scan_on_push: false, # }, # image_tag_mutability: "NonEmptyString", # lifecycle_policy: { # lifecycle_policy_text: "NonEmptyString", # registry_id: "NonEmptyString", # }, # repository_name: "NonEmptyString", # repository_policy_text: "NonEmptyString", # }, # aws_eks_cluster: { # arn: "NonEmptyString", # certificate_authority_data: "NonEmptyString", # cluster_status: "NonEmptyString", # endpoint: "NonEmptyString", # name: "NonEmptyString", # resources_vpc_config: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # }, # role_arn: "NonEmptyString", # version: "NonEmptyString", # logging: { # cluster_logging: [ # { # enabled: false, # types: ["NonEmptyString"], # }, # ], # }, # }, # aws_network_firewall_firewall_policy: { # firewall_policy: { # stateful_rule_group_references: [ # { # resource_arn: "NonEmptyString", # }, # ], # stateless_custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_default_actions: ["NonEmptyString"], # stateless_fragment_default_actions: ["NonEmptyString"], # stateless_rule_group_references: [ # { # priority: 1, # resource_arn: "NonEmptyString", # }, # ], # }, # firewall_policy_arn: "NonEmptyString", # firewall_policy_id: "NonEmptyString", # firewall_policy_name: "NonEmptyString", # description: "NonEmptyString", # }, # aws_network_firewall_firewall: { # delete_protection: false, # description: "NonEmptyString", # firewall_arn: "NonEmptyString", # firewall_id: "NonEmptyString", # firewall_name: "NonEmptyString", # firewall_policy_arn: "NonEmptyString", # firewall_policy_change_protection: false, # subnet_change_protection: false, # subnet_mappings: [ # { # subnet_id: "NonEmptyString", # }, # ], # vpc_id: "NonEmptyString", # }, # aws_network_firewall_rule_group: { # capacity: 1, # description: "NonEmptyString", # rule_group: { # rule_variables: { # ip_sets: { # definition: ["NonEmptyString"], # }, # port_sets: { # definition: ["NonEmptyString"], # }, # }, # rules_source: { # rules_source_list: { # generated_rules_type: "NonEmptyString", # target_types: ["NonEmptyString"], # targets: ["NonEmptyString"], # }, # rules_string: "NonEmptyString", # stateful_rules: [ # { # action: "NonEmptyString", # header: { # destination: "NonEmptyString", # destination_port: "NonEmptyString", # direction: "NonEmptyString", # protocol: "NonEmptyString", # source: "NonEmptyString", # source_port: "NonEmptyString", # }, # rule_options: [ # { # keyword: "NonEmptyString", # settings: ["NonEmptyString"], # }, # ], # }, # ], # stateless_rules_and_custom_actions: { # custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_rules: [ # { # priority: 1, # rule_definition: { # actions: ["NonEmptyString"], # match_attributes: { # destination_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # destinations: [ # { # address_definition: "NonEmptyString", # }, # ], # protocols: [1], # source_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # sources: [ # { # address_definition: "NonEmptyString", # }, # ], # tcp_flags: [ # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # }, # ], # }, # }, # }, # ], # }, # }, # }, # rule_group_arn: "NonEmptyString", # rule_group_id: "NonEmptyString", # rule_group_name: "NonEmptyString", # type: "NonEmptyString", # }, # }, # } # # @!attribute [rw] type # The type of the resource that details are provided for. If possible, # set `Type` to one of the supported resource types. For example, if # the resource is an EC2 instance, then set `Type` to # `AwsEc2Instance`. # # If the resource does not match any of the provided types, then set # `Type` to `Other`. # @return [String] # # @!attribute [rw] id # The canonical identifier for the given resource type. # @return [String] # # @!attribute [rw] partition # The canonical Amazon Web Services partition name that the Region is # assigned to. # @return [String] # # @!attribute [rw] region # The canonical Amazon Web Services external Region name where this # resource is located. # @return [String] # # @!attribute [rw] resource_role # Identifies the role of the resource in the finding. A resource is # either the actor or target of the finding activity, # @return [String] # # @!attribute [rw] tags # A list of Amazon Web Services tags associated with a resource at the # time the finding was processed. # @return [Hash] # # @!attribute [rw] data_classification # Contains information about sensitive data that was detected on the # resource. # @return [Types::DataClassificationDetails] # # @!attribute [rw] details # Additional details about the resource related to a finding. # @return [Types::ResourceDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Resource AWS API Documentation # class Resource < Struct.new( :type, :id, :partition, :region, :resource_role, :tags, :data_classification, :details) SENSITIVE = [] include Aws::Structure end # The resource specified in the request conflicts with an existing # resource. # # @!attribute [rw] message # @return [String] # # @!attribute [rw] code # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceConflictException AWS API Documentation # class ResourceConflictException < Struct.new( :message, :code) SENSITIVE = [] include Aws::Structure end # Additional details about a resource related to a finding. # # To provide the details, use the object that corresponds to the # resource type. For example, if the resource type is `AwsEc2Instance`, # then you use the `AwsEc2Instance` object to provide the details. # # If the type-specific object does not contain all of the fields you # want to populate, then you use the `Other` object to populate those # additional fields. # # You also use the `Other` object to populate the details when the # selected type does not have a corresponding object. # # @note When making an API call, you may pass ResourceDetails # data as a hash: # # { # aws_auto_scaling_auto_scaling_group: { # launch_configuration_name: "NonEmptyString", # load_balancer_names: ["NonEmptyString"], # health_check_type: "NonEmptyString", # health_check_grace_period: 1, # created_time: "NonEmptyString", # mixed_instances_policy: { # instances_distribution: { # on_demand_allocation_strategy: "NonEmptyString", # on_demand_base_capacity: 1, # on_demand_percentage_above_base_capacity: 1, # spot_allocation_strategy: "NonEmptyString", # spot_instance_pools: 1, # spot_max_price: "NonEmptyString", # }, # launch_template: { # launch_template_specification: { # launch_template_id: "NonEmptyString", # launch_template_name: "NonEmptyString", # version: "NonEmptyString", # }, # overrides: [ # { # instance_type: "NonEmptyString", # weighted_capacity: "NonEmptyString", # }, # ], # }, # }, # availability_zones: [ # { # value: "NonEmptyString", # }, # ], # }, # aws_code_build_project: { # encryption_key: "NonEmptyString", # artifacts: [ # { # artifact_identifier: "NonEmptyString", # encryption_disabled: false, # location: "NonEmptyString", # name: "NonEmptyString", # namespace_type: "NonEmptyString", # override_artifact_name: false, # packaging: "NonEmptyString", # path: "NonEmptyString", # type: "NonEmptyString", # }, # ], # environment: { # certificate: "NonEmptyString", # environment_variables: [ # { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # privileged_mode: false, # image_pull_credentials_type: "NonEmptyString", # registry_credential: { # credential: "NonEmptyString", # credential_provider: "NonEmptyString", # }, # type: "NonEmptyString", # }, # name: "NonEmptyString", # source: { # type: "NonEmptyString", # location: "NonEmptyString", # git_clone_depth: 1, # insecure_ssl: false, # }, # service_role: "NonEmptyString", # logs_config: { # cloud_watch_logs: { # group_name: "NonEmptyString", # status: "NonEmptyString", # stream_name: "NonEmptyString", # }, # s3_logs: { # encryption_disabled: false, # location: "NonEmptyString", # status: "NonEmptyString", # }, # }, # vpc_config: { # vpc_id: "NonEmptyString", # subnets: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # }, # }, # aws_cloud_front_distribution: { # cache_behaviors: { # items: [ # { # viewer_protocol_policy: "NonEmptyString", # }, # ], # }, # default_cache_behavior: { # viewer_protocol_policy: "NonEmptyString", # }, # default_root_object: "NonEmptyString", # domain_name: "NonEmptyString", # etag: "NonEmptyString", # last_modified_time: "NonEmptyString", # logging: { # bucket: "NonEmptyString", # enabled: false, # include_cookies: false, # prefix: "NonEmptyString", # }, # origins: { # items: [ # { # domain_name: "NonEmptyString", # id: "NonEmptyString", # origin_path: "NonEmptyString", # s3_origin_config: { # origin_access_identity: "NonEmptyString", # }, # }, # ], # }, # origin_groups: { # items: [ # { # failover_criteria: { # status_codes: { # items: [1], # quantity: 1, # }, # }, # }, # ], # }, # viewer_certificate: { # acm_certificate_arn: "NonEmptyString", # certificate: "NonEmptyString", # certificate_source: "NonEmptyString", # cloud_front_default_certificate: false, # iam_certificate_id: "NonEmptyString", # minimum_protocol_version: "NonEmptyString", # ssl_support_method: "NonEmptyString", # }, # status: "NonEmptyString", # web_acl_id: "NonEmptyString", # }, # aws_ec2_instance: { # type: "NonEmptyString", # image_id: "NonEmptyString", # ip_v4_addresses: ["NonEmptyString"], # ip_v6_addresses: ["NonEmptyString"], # key_name: "NonEmptyString", # iam_instance_profile_arn: "NonEmptyString", # vpc_id: "NonEmptyString", # subnet_id: "NonEmptyString", # launched_at: "NonEmptyString", # network_interfaces: [ # { # network_interface_id: "NonEmptyString", # }, # ], # }, # aws_ec2_network_interface: { # attachment: { # attach_time: "NonEmptyString", # attachment_id: "NonEmptyString", # delete_on_termination: false, # device_index: 1, # instance_id: "NonEmptyString", # instance_owner_id: "NonEmptyString", # status: "NonEmptyString", # }, # network_interface_id: "NonEmptyString", # security_groups: [ # { # group_name: "NonEmptyString", # group_id: "NonEmptyString", # }, # ], # source_dest_check: false, # ip_v6_addresses: [ # { # ip_v6_address: "NonEmptyString", # }, # ], # private_ip_addresses: [ # { # private_ip_address: "NonEmptyString", # private_dns_name: "NonEmptyString", # }, # ], # public_dns_name: "NonEmptyString", # public_ip: "NonEmptyString", # }, # aws_ec2_security_group: { # group_name: "NonEmptyString", # group_id: "NonEmptyString", # owner_id: "NonEmptyString", # vpc_id: "NonEmptyString", # ip_permissions: [ # { # ip_protocol: "NonEmptyString", # from_port: 1, # to_port: 1, # user_id_group_pairs: [ # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # }, # ], # ip_ranges: [ # { # cidr_ip: "NonEmptyString", # }, # ], # ipv_6_ranges: [ # { # cidr_ipv_6: "NonEmptyString", # }, # ], # prefix_list_ids: [ # { # prefix_list_id: "NonEmptyString", # }, # ], # }, # ], # ip_permissions_egress: [ # { # ip_protocol: "NonEmptyString", # from_port: 1, # to_port: 1, # user_id_group_pairs: [ # { # group_id: "NonEmptyString", # group_name: "NonEmptyString", # peering_status: "NonEmptyString", # user_id: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_peering_connection_id: "NonEmptyString", # }, # ], # ip_ranges: [ # { # cidr_ip: "NonEmptyString", # }, # ], # ipv_6_ranges: [ # { # cidr_ipv_6: "NonEmptyString", # }, # ], # prefix_list_ids: [ # { # prefix_list_id: "NonEmptyString", # }, # ], # }, # ], # }, # aws_ec2_volume: { # create_time: "NonEmptyString", # encrypted: false, # size: 1, # snapshot_id: "NonEmptyString", # status: "NonEmptyString", # kms_key_id: "NonEmptyString", # attachments: [ # { # attach_time: "NonEmptyString", # delete_on_termination: false, # instance_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # }, # aws_ec2_vpc: { # cidr_block_association_set: [ # { # association_id: "NonEmptyString", # cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # ipv_6_cidr_block_association_set: [ # { # association_id: "NonEmptyString", # ipv_6_cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # dhcp_options_id: "NonEmptyString", # state: "NonEmptyString", # }, # aws_ec2_eip: { # instance_id: "NonEmptyString", # public_ip: "NonEmptyString", # allocation_id: "NonEmptyString", # association_id: "NonEmptyString", # domain: "NonEmptyString", # public_ipv_4_pool: "NonEmptyString", # network_border_group: "NonEmptyString", # network_interface_id: "NonEmptyString", # network_interface_owner_id: "NonEmptyString", # private_ip_address: "NonEmptyString", # }, # aws_ec2_subnet: { # assign_ipv_6_address_on_creation: false, # availability_zone: "NonEmptyString", # availability_zone_id: "NonEmptyString", # available_ip_address_count: 1, # cidr_block: "NonEmptyString", # default_for_az: false, # map_public_ip_on_launch: false, # owner_id: "NonEmptyString", # state: "NonEmptyString", # subnet_arn: "NonEmptyString", # subnet_id: "NonEmptyString", # vpc_id: "NonEmptyString", # ipv_6_cidr_block_association_set: [ # { # association_id: "NonEmptyString", # ipv_6_cidr_block: "NonEmptyString", # cidr_block_state: "NonEmptyString", # }, # ], # }, # aws_ec2_network_acl: { # is_default: false, # network_acl_id: "NonEmptyString", # owner_id: "NonEmptyString", # vpc_id: "NonEmptyString", # associations: [ # { # network_acl_association_id: "NonEmptyString", # network_acl_id: "NonEmptyString", # subnet_id: "NonEmptyString", # }, # ], # entries: [ # { # cidr_block: "NonEmptyString", # egress: false, # icmp_type_code: { # code: 1, # type: 1, # }, # ipv_6_cidr_block: "NonEmptyString", # port_range: { # from: 1, # to: 1, # }, # protocol: "NonEmptyString", # rule_action: "NonEmptyString", # rule_number: 1, # }, # ], # }, # aws_elbv_2_load_balancer: { # availability_zones: [ # { # zone_name: "NonEmptyString", # subnet_id: "NonEmptyString", # }, # ], # canonical_hosted_zone_id: "NonEmptyString", # created_time: "NonEmptyString", # dns_name: "NonEmptyString", # ip_address_type: "NonEmptyString", # scheme: "NonEmptyString", # security_groups: ["NonEmptyString"], # state: { # code: "NonEmptyString", # reason: "NonEmptyString", # }, # type: "NonEmptyString", # vpc_id: "NonEmptyString", # load_balancer_attributes: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # }, # ], # }, # aws_elastic_beanstalk_environment: { # application_name: "NonEmptyString", # cname: "NonEmptyString", # date_created: "NonEmptyString", # date_updated: "NonEmptyString", # description: "NonEmptyString", # endpoint_url: "NonEmptyString", # environment_arn: "NonEmptyString", # environment_id: "NonEmptyString", # environment_links: [ # { # environment_name: "NonEmptyString", # link_name: "NonEmptyString", # }, # ], # environment_name: "NonEmptyString", # option_settings: [ # { # namespace: "NonEmptyString", # option_name: "NonEmptyString", # resource_name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # platform_arn: "NonEmptyString", # solution_stack_name: "NonEmptyString", # status: "NonEmptyString", # tier: { # name: "NonEmptyString", # type: "NonEmptyString", # version: "NonEmptyString", # }, # version_label: "NonEmptyString", # }, # aws_elasticsearch_domain: { # access_policies: "NonEmptyString", # domain_endpoint_options: { # enforce_https: false, # tls_security_policy: "NonEmptyString", # }, # domain_id: "NonEmptyString", # domain_name: "NonEmptyString", # endpoint: "NonEmptyString", # endpoints: { # "NonEmptyString" => "NonEmptyString", # }, # elasticsearch_version: "NonEmptyString", # elasticsearch_cluster_config: { # dedicated_master_count: 1, # dedicated_master_enabled: false, # dedicated_master_type: "NonEmptyString", # instance_count: 1, # instance_type: "NonEmptyString", # zone_awareness_config: { # availability_zone_count: 1, # }, # zone_awareness_enabled: false, # }, # encryption_at_rest_options: { # enabled: false, # kms_key_id: "NonEmptyString", # }, # log_publishing_options: { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # }, # node_to_node_encryption_options: { # enabled: false, # }, # service_software_options: { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # }, # vpc_options: { # availability_zones: ["NonEmptyString"], # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # }, # aws_s3_bucket: { # owner_id: "NonEmptyString", # owner_name: "NonEmptyString", # owner_account_id: "NonEmptyString", # created_at: "NonEmptyString", # server_side_encryption_configuration: { # rules: [ # { # apply_server_side_encryption_by_default: { # sse_algorithm: "NonEmptyString", # kms_master_key_id: "NonEmptyString", # }, # }, # ], # }, # bucket_lifecycle_configuration: { # rules: [ # { # abort_incomplete_multipart_upload: { # days_after_initiation: 1, # }, # expiration_date: "NonEmptyString", # expiration_in_days: 1, # expired_object_delete_marker: false, # filter: { # predicate: { # operands: [ # { # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # tag: { # key: "NonEmptyString", # value: "NonEmptyString", # }, # type: "NonEmptyString", # }, # }, # id: "NonEmptyString", # noncurrent_version_expiration_in_days: 1, # noncurrent_version_transitions: [ # { # days: 1, # storage_class: "NonEmptyString", # }, # ], # prefix: "NonEmptyString", # status: "NonEmptyString", # transitions: [ # { # date: "NonEmptyString", # days: 1, # storage_class: "NonEmptyString", # }, # ], # }, # ], # }, # public_access_block_configuration: { # block_public_acls: false, # block_public_policy: false, # ignore_public_acls: false, # restrict_public_buckets: false, # }, # access_control_list: "NonEmptyString", # bucket_logging_configuration: { # destination_bucket_name: "NonEmptyString", # log_file_prefix: "NonEmptyString", # }, # bucket_website_configuration: { # error_document: "NonEmptyString", # index_document_suffix: "NonEmptyString", # redirect_all_requests_to: { # hostname: "NonEmptyString", # protocol: "NonEmptyString", # }, # routing_rules: [ # { # condition: { # http_error_code_returned_equals: "NonEmptyString", # key_prefix_equals: "NonEmptyString", # }, # redirect: { # hostname: "NonEmptyString", # http_redirect_code: "NonEmptyString", # protocol: "NonEmptyString", # replace_key_prefix_with: "NonEmptyString", # replace_key_with: "NonEmptyString", # }, # }, # ], # }, # bucket_notification_configuration: { # configurations: [ # { # events: ["NonEmptyString"], # filter: { # s3_key_filter: { # filter_rules: [ # { # name: "Prefix", # accepts Prefix, Suffix # value: "NonEmptyString", # }, # ], # }, # }, # destination: "NonEmptyString", # type: "NonEmptyString", # }, # ], # }, # bucket_versioning_configuration: { # is_mfa_delete_enabled: false, # status: "NonEmptyString", # }, # }, # aws_s3_account_public_access_block: { # block_public_acls: false, # block_public_policy: false, # ignore_public_acls: false, # restrict_public_buckets: false, # }, # aws_s3_object: { # last_modified: "NonEmptyString", # etag: "NonEmptyString", # version_id: "NonEmptyString", # content_type: "NonEmptyString", # server_side_encryption: "NonEmptyString", # ssekms_key_id: "NonEmptyString", # }, # aws_secrets_manager_secret: { # rotation_rules: { # automatically_after_days: 1, # }, # rotation_occurred_within_frequency: false, # kms_key_id: "NonEmptyString", # rotation_enabled: false, # rotation_lambda_arn: "NonEmptyString", # deleted: false, # name: "NonEmptyString", # description: "NonEmptyString", # }, # aws_iam_access_key: { # user_name: "NonEmptyString", # status: "Active", # accepts Active, Inactive # created_at: "NonEmptyString", # principal_id: "NonEmptyString", # principal_type: "NonEmptyString", # principal_name: "NonEmptyString", # account_id: "NonEmptyString", # access_key_id: "NonEmptyString", # session_context: { # attributes: { # mfa_authenticated: false, # creation_date: "NonEmptyString", # }, # session_issuer: { # type: "NonEmptyString", # principal_id: "NonEmptyString", # arn: "NonEmptyString", # account_id: "NonEmptyString", # user_name: "NonEmptyString", # }, # }, # }, # aws_iam_user: { # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # group_list: ["NonEmptyString"], # path: "NonEmptyString", # permissions_boundary: { # permissions_boundary_arn: "NonEmptyString", # permissions_boundary_type: "NonEmptyString", # }, # user_id: "NonEmptyString", # user_name: "NonEmptyString", # user_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # }, # aws_iam_policy: { # attachment_count: 1, # create_date: "NonEmptyString", # default_version_id: "NonEmptyString", # description: "NonEmptyString", # is_attachable: false, # path: "NonEmptyString", # permissions_boundary_usage_count: 1, # policy_id: "NonEmptyString", # policy_name: "NonEmptyString", # policy_version_list: [ # { # version_id: "NonEmptyString", # is_default_version: false, # create_date: "NonEmptyString", # }, # ], # update_date: "NonEmptyString", # }, # aws_api_gateway_v2_stage: { # client_certificate_id: "NonEmptyString", # created_date: "NonEmptyString", # description: "NonEmptyString", # default_route_settings: { # detailed_metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # }, # deployment_id: "NonEmptyString", # last_updated_date: "NonEmptyString", # route_settings: { # detailed_metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # }, # stage_name: "NonEmptyString", # stage_variables: { # "NonEmptyString" => "NonEmptyString", # }, # access_log_settings: { # format: "NonEmptyString", # destination_arn: "NonEmptyString", # }, # auto_deploy: false, # last_deployment_status_message: "NonEmptyString", # api_gateway_managed: false, # }, # aws_api_gateway_v2_api: { # api_endpoint: "NonEmptyString", # api_id: "NonEmptyString", # api_key_selection_expression: "NonEmptyString", # created_date: "NonEmptyString", # description: "NonEmptyString", # version: "NonEmptyString", # name: "NonEmptyString", # protocol_type: "NonEmptyString", # route_selection_expression: "NonEmptyString", # cors_configuration: { # allow_origins: ["NonEmptyString"], # allow_credentials: false, # expose_headers: ["NonEmptyString"], # max_age: 1, # allow_methods: ["NonEmptyString"], # allow_headers: ["NonEmptyString"], # }, # }, # aws_dynamo_db_table: { # attribute_definitions: [ # { # attribute_name: "NonEmptyString", # attribute_type: "NonEmptyString", # }, # ], # billing_mode_summary: { # billing_mode: "NonEmptyString", # last_update_to_pay_per_request_date_time: "NonEmptyString", # }, # creation_date_time: "NonEmptyString", # global_secondary_indexes: [ # { # backfilling: false, # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # index_size_bytes: 1, # index_status: "NonEmptyString", # item_count: 1, # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # provisioned_throughput: { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # }, # }, # ], # global_table_version: "NonEmptyString", # item_count: 1, # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # latest_stream_arn: "NonEmptyString", # latest_stream_label: "NonEmptyString", # local_secondary_indexes: [ # { # index_arn: "NonEmptyString", # index_name: "NonEmptyString", # key_schema: [ # { # attribute_name: "NonEmptyString", # key_type: "NonEmptyString", # }, # ], # projection: { # non_key_attributes: ["NonEmptyString"], # projection_type: "NonEmptyString", # }, # }, # ], # provisioned_throughput: { # last_decrease_date_time: "NonEmptyString", # last_increase_date_time: "NonEmptyString", # number_of_decreases_today: 1, # read_capacity_units: 1, # write_capacity_units: 1, # }, # replicas: [ # { # global_secondary_indexes: [ # { # index_name: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # }, # ], # kms_master_key_id: "NonEmptyString", # provisioned_throughput_override: { # read_capacity_units: 1, # }, # region_name: "NonEmptyString", # replica_status: "NonEmptyString", # replica_status_description: "NonEmptyString", # }, # ], # restore_summary: { # source_backup_arn: "NonEmptyString", # source_table_arn: "NonEmptyString", # restore_date_time: "NonEmptyString", # restore_in_progress: false, # }, # sse_description: { # inaccessible_encryption_date_time: "NonEmptyString", # status: "NonEmptyString", # sse_type: "NonEmptyString", # kms_master_key_arn: "NonEmptyString", # }, # stream_specification: { # stream_enabled: false, # stream_view_type: "NonEmptyString", # }, # table_id: "NonEmptyString", # table_name: "NonEmptyString", # table_size_bytes: 1, # table_status: "NonEmptyString", # }, # aws_api_gateway_stage: { # deployment_id: "NonEmptyString", # client_certificate_id: "NonEmptyString", # stage_name: "NonEmptyString", # description: "NonEmptyString", # cache_cluster_enabled: false, # cache_cluster_size: "NonEmptyString", # cache_cluster_status: "NonEmptyString", # method_settings: [ # { # metrics_enabled: false, # logging_level: "NonEmptyString", # data_trace_enabled: false, # throttling_burst_limit: 1, # throttling_rate_limit: 1.0, # caching_enabled: false, # cache_ttl_in_seconds: 1, # cache_data_encrypted: false, # require_authorization_for_cache_control: false, # unauthorized_cache_control_header_strategy: "NonEmptyString", # http_method: "NonEmptyString", # resource_path: "NonEmptyString", # }, # ], # variables: { # "NonEmptyString" => "NonEmptyString", # }, # documentation_version: "NonEmptyString", # access_log_settings: { # format: "NonEmptyString", # destination_arn: "NonEmptyString", # }, # canary_settings: { # percent_traffic: 1.0, # deployment_id: "NonEmptyString", # stage_variable_overrides: { # "NonEmptyString" => "NonEmptyString", # }, # use_stage_cache: false, # }, # tracing_enabled: false, # created_date: "NonEmptyString", # last_updated_date: "NonEmptyString", # web_acl_arn: "NonEmptyString", # }, # aws_api_gateway_rest_api: { # id: "NonEmptyString", # name: "NonEmptyString", # description: "NonEmptyString", # created_date: "NonEmptyString", # version: "NonEmptyString", # binary_media_types: ["NonEmptyString"], # minimum_compression_size: 1, # api_key_source: "NonEmptyString", # endpoint_configuration: { # types: ["NonEmptyString"], # }, # }, # aws_cloud_trail_trail: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # cloud_watch_logs_role_arn: "NonEmptyString", # has_custom_event_selectors: false, # home_region: "NonEmptyString", # include_global_service_events: false, # is_multi_region_trail: false, # is_organization_trail: false, # kms_key_id: "NonEmptyString", # log_file_validation_enabled: false, # name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_key_prefix: "NonEmptyString", # sns_topic_arn: "NonEmptyString", # sns_topic_name: "NonEmptyString", # trail_arn: "NonEmptyString", # }, # aws_ssm_patch_compliance: { # patch: { # compliance_summary: { # status: "NonEmptyString", # compliant_critical_count: 1, # compliant_high_count: 1, # compliant_medium_count: 1, # execution_type: "NonEmptyString", # non_compliant_critical_count: 1, # compliant_informational_count: 1, # non_compliant_informational_count: 1, # compliant_unspecified_count: 1, # non_compliant_low_count: 1, # non_compliant_high_count: 1, # compliant_low_count: 1, # compliance_type: "NonEmptyString", # patch_baseline_id: "NonEmptyString", # overall_severity: "NonEmptyString", # non_compliant_medium_count: 1, # non_compliant_unspecified_count: 1, # patch_group: "NonEmptyString", # }, # }, # }, # aws_certificate_manager_certificate: { # certificate_authority_arn: "NonEmptyString", # created_at: "NonEmptyString", # domain_name: "NonEmptyString", # domain_validation_options: [ # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # }, # ], # extended_key_usages: [ # { # name: "NonEmptyString", # o_id: "NonEmptyString", # }, # ], # failure_reason: "NonEmptyString", # imported_at: "NonEmptyString", # in_use_by: ["NonEmptyString"], # issued_at: "NonEmptyString", # issuer: "NonEmptyString", # key_algorithm: "NonEmptyString", # key_usages: [ # { # name: "NonEmptyString", # }, # ], # not_after: "NonEmptyString", # not_before: "NonEmptyString", # options: { # certificate_transparency_logging_preference: "NonEmptyString", # }, # renewal_eligibility: "NonEmptyString", # renewal_summary: { # domain_validation_options: [ # { # domain_name: "NonEmptyString", # resource_record: { # name: "NonEmptyString", # type: "NonEmptyString", # value: "NonEmptyString", # }, # validation_domain: "NonEmptyString", # validation_emails: ["NonEmptyString"], # validation_method: "NonEmptyString", # validation_status: "NonEmptyString", # }, # ], # renewal_status: "NonEmptyString", # renewal_status_reason: "NonEmptyString", # updated_at: "NonEmptyString", # }, # serial: "NonEmptyString", # signature_algorithm: "NonEmptyString", # status: "NonEmptyString", # subject: "NonEmptyString", # subject_alternative_names: ["NonEmptyString"], # type: "NonEmptyString", # }, # aws_redshift_cluster: { # allow_version_upgrade: false, # automated_snapshot_retention_period: 1, # availability_zone: "NonEmptyString", # cluster_availability_status: "NonEmptyString", # cluster_create_time: "NonEmptyString", # cluster_identifier: "NonEmptyString", # cluster_nodes: [ # { # node_role: "NonEmptyString", # private_ip_address: "NonEmptyString", # public_ip_address: "NonEmptyString", # }, # ], # cluster_parameter_groups: [ # { # cluster_parameter_status_list: [ # { # parameter_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # parameter_apply_error_description: "NonEmptyString", # }, # ], # parameter_apply_status: "NonEmptyString", # parameter_group_name: "NonEmptyString", # }, # ], # cluster_public_key: "NonEmptyString", # cluster_revision_number: "NonEmptyString", # cluster_security_groups: [ # { # cluster_security_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # cluster_snapshot_copy_status: { # destination_region: "NonEmptyString", # manual_snapshot_retention_period: 1, # retention_period: 1, # snapshot_copy_grant_name: "NonEmptyString", # }, # cluster_status: "NonEmptyString", # cluster_subnet_group_name: "NonEmptyString", # cluster_version: "NonEmptyString", # db_name: "NonEmptyString", # deferred_maintenance_windows: [ # { # defer_maintenance_end_time: "NonEmptyString", # defer_maintenance_identifier: "NonEmptyString", # defer_maintenance_start_time: "NonEmptyString", # }, # ], # elastic_ip_status: { # elastic_ip: "NonEmptyString", # status: "NonEmptyString", # }, # elastic_resize_number_of_node_options: "NonEmptyString", # encrypted: false, # endpoint: { # address: "NonEmptyString", # port: 1, # }, # enhanced_vpc_routing: false, # expected_next_snapshot_schedule_time: "NonEmptyString", # expected_next_snapshot_schedule_time_status: "NonEmptyString", # hsm_status: { # hsm_client_certificate_identifier: "NonEmptyString", # hsm_configuration_identifier: "NonEmptyString", # status: "NonEmptyString", # }, # iam_roles: [ # { # apply_status: "NonEmptyString", # iam_role_arn: "NonEmptyString", # }, # ], # kms_key_id: "NonEmptyString", # maintenance_track_name: "NonEmptyString", # manual_snapshot_retention_period: 1, # master_username: "NonEmptyString", # next_maintenance_window_start_time: "NonEmptyString", # node_type: "NonEmptyString", # number_of_nodes: 1, # pending_actions: ["NonEmptyString"], # pending_modified_values: { # automated_snapshot_retention_period: 1, # cluster_identifier: "NonEmptyString", # cluster_type: "NonEmptyString", # cluster_version: "NonEmptyString", # encryption_type: "NonEmptyString", # enhanced_vpc_routing: false, # maintenance_track_name: "NonEmptyString", # master_user_password: "NonEmptyString", # node_type: "NonEmptyString", # number_of_nodes: 1, # publicly_accessible: false, # }, # preferred_maintenance_window: "NonEmptyString", # publicly_accessible: false, # resize_info: { # allow_cancel_resize: false, # resize_type: "NonEmptyString", # }, # restore_status: { # current_restore_rate_in_mega_bytes_per_second: 1.0, # elapsed_time_in_seconds: 1, # estimated_time_to_completion_in_seconds: 1, # progress_in_mega_bytes: 1, # snapshot_size_in_mega_bytes: 1, # status: "NonEmptyString", # }, # snapshot_schedule_identifier: "NonEmptyString", # snapshot_schedule_state: "NonEmptyString", # vpc_id: "NonEmptyString", # vpc_security_groups: [ # { # status: "NonEmptyString", # vpc_security_group_id: "NonEmptyString", # }, # ], # }, # aws_elb_load_balancer: { # availability_zones: ["NonEmptyString"], # backend_server_descriptions: [ # { # instance_port: 1, # policy_names: ["NonEmptyString"], # }, # ], # canonical_hosted_zone_name: "NonEmptyString", # canonical_hosted_zone_name_id: "NonEmptyString", # created_time: "NonEmptyString", # dns_name: "NonEmptyString", # health_check: { # healthy_threshold: 1, # interval: 1, # target: "NonEmptyString", # timeout: 1, # unhealthy_threshold: 1, # }, # instances: [ # { # instance_id: "NonEmptyString", # }, # ], # listener_descriptions: [ # { # listener: { # instance_port: 1, # instance_protocol: "NonEmptyString", # load_balancer_port: 1, # protocol: "NonEmptyString", # ssl_certificate_id: "NonEmptyString", # }, # policy_names: ["NonEmptyString"], # }, # ], # load_balancer_attributes: { # access_log: { # emit_interval: 1, # enabled: false, # s3_bucket_name: "NonEmptyString", # s3_bucket_prefix: "NonEmptyString", # }, # connection_draining: { # enabled: false, # timeout: 1, # }, # connection_settings: { # idle_timeout: 1, # }, # cross_zone_load_balancing: { # enabled: false, # }, # }, # load_balancer_name: "NonEmptyString", # policies: { # app_cookie_stickiness_policies: [ # { # cookie_name: "NonEmptyString", # policy_name: "NonEmptyString", # }, # ], # lb_cookie_stickiness_policies: [ # { # cookie_expiration_period: 1, # policy_name: "NonEmptyString", # }, # ], # other_policies: ["NonEmptyString"], # }, # scheme: "NonEmptyString", # security_groups: ["NonEmptyString"], # source_security_group: { # group_name: "NonEmptyString", # owner_alias: "NonEmptyString", # }, # subnets: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # aws_iam_group: { # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # group_id: "NonEmptyString", # group_name: "NonEmptyString", # group_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # path: "NonEmptyString", # }, # aws_iam_role: { # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # attached_managed_policies: [ # { # policy_name: "NonEmptyString", # policy_arn: "NonEmptyString", # }, # ], # create_date: "NonEmptyString", # instance_profile_list: [ # { # arn: "NonEmptyString", # create_date: "NonEmptyString", # instance_profile_id: "NonEmptyString", # instance_profile_name: "NonEmptyString", # path: "NonEmptyString", # roles: [ # { # arn: "NonEmptyString", # assume_role_policy_document: "AwsIamRoleAssumeRolePolicyDocument", # create_date: "NonEmptyString", # path: "NonEmptyString", # role_id: "NonEmptyString", # role_name: "NonEmptyString", # }, # ], # }, # ], # permissions_boundary: { # permissions_boundary_arn: "NonEmptyString", # permissions_boundary_type: "NonEmptyString", # }, # role_id: "NonEmptyString", # role_name: "NonEmptyString", # role_policy_list: [ # { # policy_name: "NonEmptyString", # }, # ], # max_session_duration: 1, # path: "NonEmptyString", # }, # aws_kms_key: { # aws_account_id: "NonEmptyString", # creation_date: 1.0, # key_id: "NonEmptyString", # key_manager: "NonEmptyString", # key_state: "NonEmptyString", # origin: "NonEmptyString", # description: "NonEmptyString", # key_rotation_status: false, # }, # aws_lambda_function: { # code: { # s3_bucket: "NonEmptyString", # s3_key: "NonEmptyString", # s3_object_version: "NonEmptyString", # zip_file: "NonEmptyString", # }, # code_sha_256: "NonEmptyString", # dead_letter_config: { # target_arn: "NonEmptyString", # }, # environment: { # variables: { # "NonEmptyString" => "NonEmptyString", # }, # error: { # error_code: "NonEmptyString", # message: "NonEmptyString", # }, # }, # function_name: "NonEmptyString", # handler: "NonEmptyString", # kms_key_arn: "NonEmptyString", # last_modified: "NonEmptyString", # layers: [ # { # arn: "NonEmptyString", # code_size: 1, # }, # ], # master_arn: "NonEmptyString", # memory_size: 1, # revision_id: "NonEmptyString", # role: "NonEmptyString", # runtime: "NonEmptyString", # timeout: 1, # tracing_config: { # mode: "NonEmptyString", # }, # vpc_config: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # vpc_id: "NonEmptyString", # }, # version: "NonEmptyString", # }, # aws_lambda_layer_version: { # version: 1, # compatible_runtimes: ["NonEmptyString"], # created_date: "NonEmptyString", # }, # aws_rds_db_instance: { # associated_roles: [ # { # role_arn: "NonEmptyString", # feature_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # ca_certificate_identifier: "NonEmptyString", # db_cluster_identifier: "NonEmptyString", # db_instance_identifier: "NonEmptyString", # db_instance_class: "NonEmptyString", # db_instance_port: 1, # dbi_resource_id: "NonEmptyString", # db_name: "NonEmptyString", # deletion_protection: false, # endpoint: { # address: "NonEmptyString", # port: 1, # hosted_zone_id: "NonEmptyString", # }, # engine: "NonEmptyString", # engine_version: "NonEmptyString", # iam_database_authentication_enabled: false, # instance_create_time: "NonEmptyString", # kms_key_id: "NonEmptyString", # publicly_accessible: false, # storage_encrypted: false, # tde_credential_arn: "NonEmptyString", # vpc_security_groups: [ # { # vpc_security_group_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # multi_az: false, # enhanced_monitoring_resource_arn: "NonEmptyString", # db_instance_status: "NonEmptyString", # master_username: "NonEmptyString", # allocated_storage: 1, # preferred_backup_window: "NonEmptyString", # backup_retention_period: 1, # db_security_groups: ["NonEmptyString"], # db_parameter_groups: [ # { # db_parameter_group_name: "NonEmptyString", # parameter_apply_status: "NonEmptyString", # }, # ], # availability_zone: "NonEmptyString", # db_subnet_group: { # db_subnet_group_name: "NonEmptyString", # db_subnet_group_description: "NonEmptyString", # vpc_id: "NonEmptyString", # subnet_group_status: "NonEmptyString", # subnets: [ # { # subnet_identifier: "NonEmptyString", # subnet_availability_zone: { # name: "NonEmptyString", # }, # subnet_status: "NonEmptyString", # }, # ], # db_subnet_group_arn: "NonEmptyString", # }, # preferred_maintenance_window: "NonEmptyString", # pending_modified_values: { # db_instance_class: "NonEmptyString", # allocated_storage: 1, # master_user_password: "NonEmptyString", # port: 1, # backup_retention_period: 1, # multi_az: false, # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # iops: 1, # db_instance_identifier: "NonEmptyString", # storage_type: "NonEmptyString", # ca_certificate_identifier: "NonEmptyString", # db_subnet_group_name: "NonEmptyString", # pending_cloud_watch_logs_exports: { # log_types_to_enable: ["NonEmptyString"], # log_types_to_disable: ["NonEmptyString"], # }, # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # }, # latest_restorable_time: "NonEmptyString", # auto_minor_version_upgrade: false, # read_replica_source_db_instance_identifier: "NonEmptyString", # read_replica_db_instance_identifiers: ["NonEmptyString"], # read_replica_db_cluster_identifiers: ["NonEmptyString"], # license_model: "NonEmptyString", # iops: 1, # option_group_memberships: [ # { # option_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # character_set_name: "NonEmptyString", # secondary_availability_zone: "NonEmptyString", # status_infos: [ # { # status_type: "NonEmptyString", # normal: false, # status: "NonEmptyString", # message: "NonEmptyString", # }, # ], # storage_type: "NonEmptyString", # domain_memberships: [ # { # domain: "NonEmptyString", # status: "NonEmptyString", # fqdn: "NonEmptyString", # iam_role_name: "NonEmptyString", # }, # ], # copy_tags_to_snapshot: false, # monitoring_interval: 1, # monitoring_role_arn: "NonEmptyString", # promotion_tier: 1, # timezone: "NonEmptyString", # performance_insights_enabled: false, # performance_insights_kms_key_id: "NonEmptyString", # performance_insights_retention_period: 1, # enabled_cloud_watch_logs_exports: ["NonEmptyString"], # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # listener_endpoint: { # address: "NonEmptyString", # port: 1, # hosted_zone_id: "NonEmptyString", # }, # max_allocated_storage: 1, # }, # aws_sns_topic: { # kms_master_key_id: "NonEmptyString", # subscription: [ # { # endpoint: "NonEmptyString", # protocol: "NonEmptyString", # }, # ], # topic_name: "NonEmptyString", # owner: "NonEmptyString", # }, # aws_sqs_queue: { # kms_data_key_reuse_period_seconds: 1, # kms_master_key_id: "NonEmptyString", # queue_name: "NonEmptyString", # dead_letter_target_arn: "NonEmptyString", # }, # aws_waf_web_acl: { # name: "NonEmptyString", # default_action: "NonEmptyString", # rules: [ # { # action: { # type: "NonEmptyString", # }, # excluded_rules: [ # { # rule_id: "NonEmptyString", # }, # ], # override_action: { # type: "NonEmptyString", # }, # priority: 1, # rule_id: "NonEmptyString", # type: "NonEmptyString", # }, # ], # web_acl_id: "NonEmptyString", # }, # aws_rds_db_snapshot: { # db_snapshot_identifier: "NonEmptyString", # db_instance_identifier: "NonEmptyString", # snapshot_create_time: "NonEmptyString", # engine: "NonEmptyString", # allocated_storage: 1, # status: "NonEmptyString", # port: 1, # availability_zone: "NonEmptyString", # vpc_id: "NonEmptyString", # instance_create_time: "NonEmptyString", # master_username: "NonEmptyString", # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # snapshot_type: "NonEmptyString", # iops: 1, # option_group_name: "NonEmptyString", # percent_progress: 1, # source_region: "NonEmptyString", # source_db_snapshot_identifier: "NonEmptyString", # storage_type: "NonEmptyString", # tde_credential_arn: "NonEmptyString", # encrypted: false, # kms_key_id: "NonEmptyString", # timezone: "NonEmptyString", # iam_database_authentication_enabled: false, # processor_features: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # dbi_resource_id: "NonEmptyString", # }, # aws_rds_db_cluster_snapshot: { # availability_zones: ["NonEmptyString"], # snapshot_create_time: "NonEmptyString", # engine: "NonEmptyString", # allocated_storage: 1, # status: "NonEmptyString", # port: 1, # vpc_id: "NonEmptyString", # cluster_create_time: "NonEmptyString", # master_username: "NonEmptyString", # engine_version: "NonEmptyString", # license_model: "NonEmptyString", # snapshot_type: "NonEmptyString", # percent_progress: 1, # storage_encrypted: false, # kms_key_id: "NonEmptyString", # db_cluster_identifier: "NonEmptyString", # db_cluster_snapshot_identifier: "NonEmptyString", # iam_database_authentication_enabled: false, # }, # aws_rds_db_cluster: { # allocated_storage: 1, # availability_zones: ["NonEmptyString"], # backup_retention_period: 1, # database_name: "NonEmptyString", # status: "NonEmptyString", # endpoint: "NonEmptyString", # reader_endpoint: "NonEmptyString", # custom_endpoints: ["NonEmptyString"], # multi_az: false, # engine: "NonEmptyString", # engine_version: "NonEmptyString", # port: 1, # master_username: "NonEmptyString", # preferred_backup_window: "NonEmptyString", # preferred_maintenance_window: "NonEmptyString", # read_replica_identifiers: ["NonEmptyString"], # vpc_security_groups: [ # { # vpc_security_group_id: "NonEmptyString", # status: "NonEmptyString", # }, # ], # hosted_zone_id: "NonEmptyString", # storage_encrypted: false, # kms_key_id: "NonEmptyString", # db_cluster_resource_id: "NonEmptyString", # associated_roles: [ # { # role_arn: "NonEmptyString", # status: "NonEmptyString", # }, # ], # cluster_create_time: "NonEmptyString", # enabled_cloud_watch_logs_exports: ["NonEmptyString"], # engine_mode: "NonEmptyString", # deletion_protection: false, # http_endpoint_enabled: false, # activity_stream_status: "NonEmptyString", # copy_tags_to_snapshot: false, # cross_account_clone: false, # domain_memberships: [ # { # domain: "NonEmptyString", # status: "NonEmptyString", # fqdn: "NonEmptyString", # iam_role_name: "NonEmptyString", # }, # ], # db_cluster_parameter_group: "NonEmptyString", # db_subnet_group: "NonEmptyString", # db_cluster_option_group_memberships: [ # { # db_cluster_option_group_name: "NonEmptyString", # status: "NonEmptyString", # }, # ], # db_cluster_identifier: "NonEmptyString", # db_cluster_members: [ # { # is_cluster_writer: false, # promotion_tier: 1, # db_instance_identifier: "NonEmptyString", # db_cluster_parameter_group_status: "NonEmptyString", # }, # ], # iam_database_authentication_enabled: false, # }, # aws_ecs_cluster: { # capacity_providers: ["NonEmptyString"], # cluster_settings: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # configuration: { # execute_command_configuration: { # kms_key_id: "NonEmptyString", # log_configuration: { # cloud_watch_encryption_enabled: false, # cloud_watch_log_group_name: "NonEmptyString", # s3_bucket_name: "NonEmptyString", # s3_encryption_enabled: false, # s3_key_prefix: "NonEmptyString", # }, # logging: "NonEmptyString", # }, # }, # default_capacity_provider_strategy: [ # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # }, # ], # }, # aws_ecs_task_definition: { # container_definitions: [ # { # command: ["NonEmptyString"], # cpu: 1, # depends_on: [ # { # condition: "NonEmptyString", # container_name: "NonEmptyString", # }, # ], # disable_networking: false, # dns_search_domains: ["NonEmptyString"], # dns_servers: ["NonEmptyString"], # docker_labels: { # "NonEmptyString" => "NonEmptyString", # }, # docker_security_options: ["NonEmptyString"], # entry_point: ["NonEmptyString"], # environment: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # environment_files: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # essential: false, # extra_hosts: [ # { # hostname: "NonEmptyString", # ip_address: "NonEmptyString", # }, # ], # firelens_configuration: { # options: { # "NonEmptyString" => "NonEmptyString", # }, # type: "NonEmptyString", # }, # health_check: { # command: ["NonEmptyString"], # interval: 1, # retries: 1, # start_period: 1, # timeout: 1, # }, # hostname: "NonEmptyString", # image: "NonEmptyString", # interactive: false, # links: ["NonEmptyString"], # linux_parameters: { # capabilities: { # add: ["NonEmptyString"], # drop: ["NonEmptyString"], # }, # devices: [ # { # container_path: "NonEmptyString", # host_path: "NonEmptyString", # permissions: ["NonEmptyString"], # }, # ], # init_process_enabled: false, # max_swap: 1, # shared_memory_size: 1, # swappiness: 1, # tmpfs: [ # { # container_path: "NonEmptyString", # mount_options: ["NonEmptyString"], # size: 1, # }, # ], # }, # log_configuration: { # log_driver: "NonEmptyString", # options: { # "NonEmptyString" => "NonEmptyString", # }, # secret_options: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # }, # memory: 1, # memory_reservation: 1, # mount_points: [ # { # container_path: "NonEmptyString", # read_only: false, # source_volume: "NonEmptyString", # }, # ], # name: "NonEmptyString", # port_mappings: [ # { # container_port: 1, # host_port: 1, # protocol: "NonEmptyString", # }, # ], # privileged: false, # pseudo_terminal: false, # readonly_root_filesystem: false, # repository_credentials: { # credentials_parameter: "NonEmptyString", # }, # resource_requirements: [ # { # type: "NonEmptyString", # value: "NonEmptyString", # }, # ], # secrets: [ # { # name: "NonEmptyString", # value_from: "NonEmptyString", # }, # ], # start_timeout: 1, # stop_timeout: 1, # system_controls: [ # { # namespace: "NonEmptyString", # value: "NonEmptyString", # }, # ], # ulimits: [ # { # hard_limit: 1, # name: "NonEmptyString", # soft_limit: 1, # }, # ], # user: "NonEmptyString", # volumes_from: [ # { # read_only: false, # source_container: "NonEmptyString", # }, # ], # working_directory: "NonEmptyString", # }, # ], # cpu: "NonEmptyString", # execution_role_arn: "NonEmptyString", # family: "NonEmptyString", # inference_accelerators: [ # { # device_name: "NonEmptyString", # device_type: "NonEmptyString", # }, # ], # ipc_mode: "NonEmptyString", # memory: "NonEmptyString", # network_mode: "NonEmptyString", # pid_mode: "NonEmptyString", # placement_constraints: [ # { # expression: "NonEmptyString", # type: "NonEmptyString", # }, # ], # proxy_configuration: { # container_name: "NonEmptyString", # proxy_configuration_properties: [ # { # name: "NonEmptyString", # value: "NonEmptyString", # }, # ], # type: "NonEmptyString", # }, # requires_compatibilities: ["NonEmptyString"], # task_role_arn: "NonEmptyString", # volumes: [ # { # docker_volume_configuration: { # autoprovision: false, # driver: "NonEmptyString", # driver_opts: { # "NonEmptyString" => "NonEmptyString", # }, # labels: { # "NonEmptyString" => "NonEmptyString", # }, # scope: "NonEmptyString", # }, # efs_volume_configuration: { # authorization_config: { # access_point_id: "NonEmptyString", # iam: "NonEmptyString", # }, # filesystem_id: "NonEmptyString", # root_directory: "NonEmptyString", # transit_encryption: "NonEmptyString", # transit_encryption_port: 1, # }, # host: { # source_path: "NonEmptyString", # }, # name: "NonEmptyString", # }, # ], # }, # container: { # name: "NonEmptyString", # image_id: "NonEmptyString", # image_name: "NonEmptyString", # launched_at: "NonEmptyString", # }, # other: { # "NonEmptyString" => "NonEmptyString", # }, # aws_rds_event_subscription: { # cust_subscription_id: "NonEmptyString", # customer_aws_id: "NonEmptyString", # enabled: false, # event_categories_list: ["NonEmptyString"], # event_subscription_arn: "NonEmptyString", # sns_topic_arn: "NonEmptyString", # source_ids_list: ["NonEmptyString"], # source_type: "NonEmptyString", # status: "NonEmptyString", # subscription_creation_time: "NonEmptyString", # }, # aws_ecs_service: { # capacity_provider_strategy: [ # { # base: 1, # capacity_provider: "NonEmptyString", # weight: 1, # }, # ], # cluster: "NonEmptyString", # deployment_configuration: { # deployment_circuit_breaker: { # enable: false, # rollback: false, # }, # maximum_percent: 1, # minimum_healthy_percent: 1, # }, # deployment_controller: { # type: "NonEmptyString", # }, # desired_count: 1, # enable_ecs_managed_tags: false, # enable_execute_command: false, # health_check_grace_period_seconds: 1, # launch_type: "NonEmptyString", # load_balancers: [ # { # container_name: "NonEmptyString", # container_port: 1, # load_balancer_name: "NonEmptyString", # target_group_arn: "NonEmptyString", # }, # ], # name: "NonEmptyString", # network_configuration: { # aws_vpc_configuration: { # assign_public_ip: "NonEmptyString", # security_groups: ["NonEmptyString"], # subnets: ["NonEmptyString"], # }, # }, # placement_constraints: [ # { # expression: "NonEmptyString", # type: "NonEmptyString", # }, # ], # placement_strategies: [ # { # field: "NonEmptyString", # type: "NonEmptyString", # }, # ], # platform_version: "NonEmptyString", # propagate_tags: "NonEmptyString", # role: "NonEmptyString", # scheduling_strategy: "NonEmptyString", # service_arn: "NonEmptyString", # service_name: "NonEmptyString", # service_registries: [ # { # container_name: "NonEmptyString", # container_port: 1, # port: 1, # registry_arn: "NonEmptyString", # }, # ], # task_definition: "NonEmptyString", # }, # aws_auto_scaling_launch_configuration: { # associate_public_ip_address: false, # block_device_mappings: [ # { # device_name: "NonEmptyString", # ebs: { # delete_on_termination: false, # encrypted: false, # iops: 1, # snapshot_id: "NonEmptyString", # volume_size: 1, # volume_type: "NonEmptyString", # }, # no_device: false, # virtual_name: "NonEmptyString", # }, # ], # classic_link_vpc_id: "NonEmptyString", # classic_link_vpc_security_groups: ["NonEmptyString"], # created_time: "NonEmptyString", # ebs_optimized: false, # iam_instance_profile: "NonEmptyString", # image_id: "NonEmptyString", # instance_monitoring: { # enabled: false, # }, # instance_type: "NonEmptyString", # kernel_id: "NonEmptyString", # key_name: "NonEmptyString", # launch_configuration_name: "NonEmptyString", # placement_tenancy: "NonEmptyString", # ramdisk_id: "NonEmptyString", # security_groups: ["NonEmptyString"], # spot_price: "NonEmptyString", # user_data: "NonEmptyString", # metadata_options: { # http_endpoint: "NonEmptyString", # http_put_response_hop_limit: 1, # http_tokens: "NonEmptyString", # }, # }, # aws_ec2_vpn_connection: { # vpn_connection_id: "NonEmptyString", # state: "NonEmptyString", # customer_gateway_id: "NonEmptyString", # customer_gateway_configuration: "NonEmptyString", # type: "NonEmptyString", # vpn_gateway_id: "NonEmptyString", # category: "NonEmptyString", # vgw_telemetry: [ # { # accepted_route_count: 1, # certificate_arn: "NonEmptyString", # last_status_change: "NonEmptyString", # outside_ip_address: "NonEmptyString", # status: "NonEmptyString", # status_message: "NonEmptyString", # }, # ], # options: { # static_routes_only: false, # tunnel_options: [ # { # dpd_timeout_seconds: 1, # ike_versions: ["NonEmptyString"], # outside_ip_address: "NonEmptyString", # phase_1_dh_group_numbers: [1], # phase_1_encryption_algorithms: ["NonEmptyString"], # phase_1_integrity_algorithms: ["NonEmptyString"], # phase_1_lifetime_seconds: 1, # phase_2_dh_group_numbers: [1], # phase_2_encryption_algorithms: ["NonEmptyString"], # phase_2_integrity_algorithms: ["NonEmptyString"], # phase_2_lifetime_seconds: 1, # pre_shared_key: "NonEmptyString", # rekey_fuzz_percentage: 1, # rekey_margin_time_seconds: 1, # replay_window_size: 1, # tunnel_inside_cidr: "NonEmptyString", # }, # ], # }, # routes: [ # { # destination_cidr_block: "NonEmptyString", # state: "NonEmptyString", # }, # ], # transit_gateway_id: "NonEmptyString", # }, # aws_ecr_container_image: { # registry_id: "NonEmptyString", # repository_name: "NonEmptyString", # architecture: "NonEmptyString", # image_digest: "NonEmptyString", # image_tags: ["NonEmptyString"], # image_published_at: "NonEmptyString", # }, # aws_open_search_service_domain: { # arn: "NonEmptyString", # access_policies: "NonEmptyString", # domain_name: "NonEmptyString", # id: "NonEmptyString", # domain_endpoint: "NonEmptyString", # engine_version: "NonEmptyString", # encryption_at_rest_options: { # enabled: false, # kms_key_id: "NonEmptyString", # }, # node_to_node_encryption_options: { # enabled: false, # }, # service_software_options: { # automated_update_date: "NonEmptyString", # cancellable: false, # current_version: "NonEmptyString", # description: "NonEmptyString", # new_version: "NonEmptyString", # update_available: false, # update_status: "NonEmptyString", # optional_deployment: false, # }, # cluster_config: { # instance_count: 1, # warm_enabled: false, # warm_count: 1, # dedicated_master_enabled: false, # zone_awareness_config: { # availability_zone_count: 1, # }, # dedicated_master_count: 1, # instance_type: "NonEmptyString", # warm_type: "NonEmptyString", # zone_awareness_enabled: false, # dedicated_master_type: "NonEmptyString", # }, # domain_endpoint_options: { # custom_endpoint_certificate_arn: "NonEmptyString", # custom_endpoint_enabled: false, # enforce_https: false, # custom_endpoint: "NonEmptyString", # tls_security_policy: "NonEmptyString", # }, # vpc_options: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # }, # log_publishing_options: { # index_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # search_slow_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # audit_logs: { # cloud_watch_logs_log_group_arn: "NonEmptyString", # enabled: false, # }, # }, # domain_endpoints: { # "NonEmptyString" => "NonEmptyString", # }, # }, # aws_ec2_vpc_endpoint_service: { # acceptance_required: false, # availability_zones: ["NonEmptyString"], # base_endpoint_dns_names: ["NonEmptyString"], # manages_vpc_endpoints: false, # gateway_load_balancer_arns: ["NonEmptyString"], # network_load_balancer_arns: ["NonEmptyString"], # private_dns_name: "NonEmptyString", # service_id: "NonEmptyString", # service_name: "NonEmptyString", # service_state: "NonEmptyString", # service_type: [ # { # service_type: "NonEmptyString", # }, # ], # }, # aws_xray_encryption_config: { # key_id: "NonEmptyString", # status: "NonEmptyString", # type: "NonEmptyString", # }, # aws_waf_rate_based_rule: { # metric_name: "NonEmptyString", # name: "NonEmptyString", # rate_key: "NonEmptyString", # rate_limit: 1, # rule_id: "NonEmptyString", # match_predicates: [ # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # }, # ], # }, # aws_waf_regional_rate_based_rule: { # metric_name: "NonEmptyString", # name: "NonEmptyString", # rate_key: "NonEmptyString", # rate_limit: 1, # rule_id: "NonEmptyString", # match_predicates: [ # { # data_id: "NonEmptyString", # negated: false, # type: "NonEmptyString", # }, # ], # }, # aws_ecr_repository: { # arn: "NonEmptyString", # image_scanning_configuration: { # scan_on_push: false, # }, # image_tag_mutability: "NonEmptyString", # lifecycle_policy: { # lifecycle_policy_text: "NonEmptyString", # registry_id: "NonEmptyString", # }, # repository_name: "NonEmptyString", # repository_policy_text: "NonEmptyString", # }, # aws_eks_cluster: { # arn: "NonEmptyString", # certificate_authority_data: "NonEmptyString", # cluster_status: "NonEmptyString", # endpoint: "NonEmptyString", # name: "NonEmptyString", # resources_vpc_config: { # security_group_ids: ["NonEmptyString"], # subnet_ids: ["NonEmptyString"], # }, # role_arn: "NonEmptyString", # version: "NonEmptyString", # logging: { # cluster_logging: [ # { # enabled: false, # types: ["NonEmptyString"], # }, # ], # }, # }, # aws_network_firewall_firewall_policy: { # firewall_policy: { # stateful_rule_group_references: [ # { # resource_arn: "NonEmptyString", # }, # ], # stateless_custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_default_actions: ["NonEmptyString"], # stateless_fragment_default_actions: ["NonEmptyString"], # stateless_rule_group_references: [ # { # priority: 1, # resource_arn: "NonEmptyString", # }, # ], # }, # firewall_policy_arn: "NonEmptyString", # firewall_policy_id: "NonEmptyString", # firewall_policy_name: "NonEmptyString", # description: "NonEmptyString", # }, # aws_network_firewall_firewall: { # delete_protection: false, # description: "NonEmptyString", # firewall_arn: "NonEmptyString", # firewall_id: "NonEmptyString", # firewall_name: "NonEmptyString", # firewall_policy_arn: "NonEmptyString", # firewall_policy_change_protection: false, # subnet_change_protection: false, # subnet_mappings: [ # { # subnet_id: "NonEmptyString", # }, # ], # vpc_id: "NonEmptyString", # }, # aws_network_firewall_rule_group: { # capacity: 1, # description: "NonEmptyString", # rule_group: { # rule_variables: { # ip_sets: { # definition: ["NonEmptyString"], # }, # port_sets: { # definition: ["NonEmptyString"], # }, # }, # rules_source: { # rules_source_list: { # generated_rules_type: "NonEmptyString", # target_types: ["NonEmptyString"], # targets: ["NonEmptyString"], # }, # rules_string: "NonEmptyString", # stateful_rules: [ # { # action: "NonEmptyString", # header: { # destination: "NonEmptyString", # destination_port: "NonEmptyString", # direction: "NonEmptyString", # protocol: "NonEmptyString", # source: "NonEmptyString", # source_port: "NonEmptyString", # }, # rule_options: [ # { # keyword: "NonEmptyString", # settings: ["NonEmptyString"], # }, # ], # }, # ], # stateless_rules_and_custom_actions: { # custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_rules: [ # { # priority: 1, # rule_definition: { # actions: ["NonEmptyString"], # match_attributes: { # destination_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # destinations: [ # { # address_definition: "NonEmptyString", # }, # ], # protocols: [1], # source_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # sources: [ # { # address_definition: "NonEmptyString", # }, # ], # tcp_flags: [ # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # }, # ], # }, # }, # }, # ], # }, # }, # }, # rule_group_arn: "NonEmptyString", # rule_group_id: "NonEmptyString", # rule_group_name: "NonEmptyString", # type: "NonEmptyString", # }, # } # # @!attribute [rw] aws_auto_scaling_auto_scaling_group # Details for an autoscaling group. # @return [Types::AwsAutoScalingAutoScalingGroupDetails] # # @!attribute [rw] aws_code_build_project # Details for an CodeBuild project. # @return [Types::AwsCodeBuildProjectDetails] # # @!attribute [rw] aws_cloud_front_distribution # Details about a CloudFront distribution. # @return [Types::AwsCloudFrontDistributionDetails] # # @!attribute [rw] aws_ec2_instance # Details about an EC2 instance related to a finding. # @return [Types::AwsEc2InstanceDetails] # # @!attribute [rw] aws_ec2_network_interface # Details for an EC2 network interface. # @return [Types::AwsEc2NetworkInterfaceDetails] # # @!attribute [rw] aws_ec2_security_group # Details for an EC2 security group. # @return [Types::AwsEc2SecurityGroupDetails] # # @!attribute [rw] aws_ec2_volume # Details for an EC2 volume. # @return [Types::AwsEc2VolumeDetails] # # @!attribute [rw] aws_ec2_vpc # Details for an EC2 VPC. # @return [Types::AwsEc2VpcDetails] # # @!attribute [rw] aws_ec2_eip # Details about an Elastic IP address. # @return [Types::AwsEc2EipDetails] # # @!attribute [rw] aws_ec2_subnet # Details about a subnet in Amazon EC2. # @return [Types::AwsEc2SubnetDetails] # # @!attribute [rw] aws_ec2_network_acl # Details about an EC2 network access control list (ACL). # @return [Types::AwsEc2NetworkAclDetails] # # @!attribute [rw] aws_elbv_2_load_balancer # Details about a load balancer. # @return [Types::AwsElbv2LoadBalancerDetails] # # @!attribute [rw] aws_elastic_beanstalk_environment # Details about an Elastic Beanstalk environment. # @return [Types::AwsElasticBeanstalkEnvironmentDetails] # # @!attribute [rw] aws_elasticsearch_domain # Details for an Elasticsearch domain. # @return [Types::AwsElasticsearchDomainDetails] # # @!attribute [rw] aws_s3_bucket # Details about an S3 bucket related to a finding. # @return [Types::AwsS3BucketDetails] # # @!attribute [rw] aws_s3_account_public_access_block # Details about the Amazon S3 Public Access Block configuration for an # account. # @return [Types::AwsS3AccountPublicAccessBlockDetails] # # @!attribute [rw] aws_s3_object # Details about an S3 object related to a finding. # @return [Types::AwsS3ObjectDetails] # # @!attribute [rw] aws_secrets_manager_secret # Details about a Secrets Manager secret. # @return [Types::AwsSecretsManagerSecretDetails] # # @!attribute [rw] aws_iam_access_key # Details about an IAM access key related to a finding. # @return [Types::AwsIamAccessKeyDetails] # # @!attribute [rw] aws_iam_user # Details about an IAM user. # @return [Types::AwsIamUserDetails] # # @!attribute [rw] aws_iam_policy # Details about an IAM permissions policy. # @return [Types::AwsIamPolicyDetails] # # @!attribute [rw] aws_api_gateway_v2_stage # Provides information about a version 2 stage for Amazon API Gateway. # @return [Types::AwsApiGatewayV2StageDetails] # # @!attribute [rw] aws_api_gateway_v2_api # Provides information about a version 2 API in Amazon API Gateway. # @return [Types::AwsApiGatewayV2ApiDetails] # # @!attribute [rw] aws_dynamo_db_table # Details about a DynamoDB table. # @return [Types::AwsDynamoDbTableDetails] # # @!attribute [rw] aws_api_gateway_stage # Provides information about a version 1 Amazon API Gateway stage. # @return [Types::AwsApiGatewayStageDetails] # # @!attribute [rw] aws_api_gateway_rest_api # Provides information about a REST API in version 1 of Amazon API # Gateway. # @return [Types::AwsApiGatewayRestApiDetails] # # @!attribute [rw] aws_cloud_trail_trail # Provides details about a CloudTrail trail. # @return [Types::AwsCloudTrailTrailDetails] # # @!attribute [rw] aws_ssm_patch_compliance # Provides information about the state of a patch on an instance based # on the patch baseline that was used to patch the instance. # @return [Types::AwsSsmPatchComplianceDetails] # # @!attribute [rw] aws_certificate_manager_certificate # Provides details about an Certificate Manager certificate. # @return [Types::AwsCertificateManagerCertificateDetails] # # @!attribute [rw] aws_redshift_cluster # Contains details about an Amazon Redshift cluster. # @return [Types::AwsRedshiftClusterDetails] # # @!attribute [rw] aws_elb_load_balancer # Contains details about a Classic Load Balancer. # @return [Types::AwsElbLoadBalancerDetails] # # @!attribute [rw] aws_iam_group # Contains details about an IAM group. # @return [Types::AwsIamGroupDetails] # # @!attribute [rw] aws_iam_role # Details about an IAM role. # @return [Types::AwsIamRoleDetails] # # @!attribute [rw] aws_kms_key # Details about an KMS key. # @return [Types::AwsKmsKeyDetails] # # @!attribute [rw] aws_lambda_function # Details about a Lambda function. # @return [Types::AwsLambdaFunctionDetails] # # @!attribute [rw] aws_lambda_layer_version # Details for a Lambda layer version. # @return [Types::AwsLambdaLayerVersionDetails] # # @!attribute [rw] aws_rds_db_instance # Details about an Amazon RDS database instance. # @return [Types::AwsRdsDbInstanceDetails] # # @!attribute [rw] aws_sns_topic # Details about an SNS topic. # @return [Types::AwsSnsTopicDetails] # # @!attribute [rw] aws_sqs_queue # Details about an SQS queue. # @return [Types::AwsSqsQueueDetails] # # @!attribute [rw] aws_waf_web_acl # Details for an WAF WebACL. # @return [Types::AwsWafWebAclDetails] # # @!attribute [rw] aws_rds_db_snapshot # Details about an Amazon RDS database snapshot. # @return [Types::AwsRdsDbSnapshotDetails] # # @!attribute [rw] aws_rds_db_cluster_snapshot # Details about an Amazon RDS database cluster snapshot. # @return [Types::AwsRdsDbClusterSnapshotDetails] # # @!attribute [rw] aws_rds_db_cluster # Details about an Amazon RDS database cluster. # @return [Types::AwsRdsDbClusterDetails] # # @!attribute [rw] aws_ecs_cluster # Details about an ECS cluster. # @return [Types::AwsEcsClusterDetails] # # @!attribute [rw] aws_ecs_task_definition # Details about a task definition. A task definition describes the # container and volume definitions of an Amazon Elastic Container # Service task. # @return [Types::AwsEcsTaskDefinitionDetails] # # @!attribute [rw] container # Details about a container resource related to a finding. # @return [Types::ContainerDetails] # # @!attribute [rw] other # Details about a resource that are not available in a type-specific # details object. Use the `Other` object in the following cases. # # * The type-specific object does not contain all of the fields that # you want to populate. In this case, first use the type-specific # object to populate those fields. Use the `Other` object to # populate the fields that are missing from the type-specific # object. # # * The resource type does not have a corresponding object. This # includes resources for which the type is `Other`. # @return [Hash] # # @!attribute [rw] aws_rds_event_subscription # Details about an RDS event notification subscription. # @return [Types::AwsRdsEventSubscriptionDetails] # # @!attribute [rw] aws_ecs_service # Details about a service within an ECS cluster. # @return [Types::AwsEcsServiceDetails] # # @!attribute [rw] aws_auto_scaling_launch_configuration # Provides details about a launch configuration. # @return [Types::AwsAutoScalingLaunchConfigurationDetails] # # @!attribute [rw] aws_ec2_vpn_connection # Details about an EC2 VPN connection. # @return [Types::AwsEc2VpnConnectionDetails] # # @!attribute [rw] aws_ecr_container_image # Information about an Amazon ECR image. # @return [Types::AwsEcrContainerImageDetails] # # @!attribute [rw] aws_open_search_service_domain # Details about an Amazon OpenSearch Service domain. # @return [Types::AwsOpenSearchServiceDomainDetails] # # @!attribute [rw] aws_ec2_vpc_endpoint_service # Details about the service configuration for a VPC endpoint service. # @return [Types::AwsEc2VpcEndpointServiceDetails] # # @!attribute [rw] aws_xray_encryption_config # Information about the encryption configuration for X-Ray. # @return [Types::AwsXrayEncryptionConfigDetails] # # @!attribute [rw] aws_waf_rate_based_rule # Details about a rate-based rule for global resources. # @return [Types::AwsWafRateBasedRuleDetails] # # @!attribute [rw] aws_waf_regional_rate_based_rule # Details about a rate-based rule for Regional resources. # @return [Types::AwsWafRegionalRateBasedRuleDetails] # # @!attribute [rw] aws_ecr_repository # Information about an Amazon Elastic Container Registry repository. # @return [Types::AwsEcrRepositoryDetails] # # @!attribute [rw] aws_eks_cluster # Details about an Amazon EKS cluster. # @return [Types::AwsEksClusterDetails] # # @!attribute [rw] aws_network_firewall_firewall_policy # Details about an Network Firewall firewall policy. # @return [Types::AwsNetworkFirewallFirewallPolicyDetails] # # @!attribute [rw] aws_network_firewall_firewall # Details about an Network Firewall firewall. # @return [Types::AwsNetworkFirewallFirewallDetails] # # @!attribute [rw] aws_network_firewall_rule_group # Details about an Network Firewall rule group. # @return [Types::AwsNetworkFirewallRuleGroupDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceDetails AWS API Documentation # class ResourceDetails < Struct.new( :aws_auto_scaling_auto_scaling_group, :aws_code_build_project, :aws_cloud_front_distribution, :aws_ec2_instance, :aws_ec2_network_interface, :aws_ec2_security_group, :aws_ec2_volume, :aws_ec2_vpc, :aws_ec2_eip, :aws_ec2_subnet, :aws_ec2_network_acl, :aws_elbv_2_load_balancer, :aws_elastic_beanstalk_environment, :aws_elasticsearch_domain, :aws_s3_bucket, :aws_s3_account_public_access_block, :aws_s3_object, :aws_secrets_manager_secret, :aws_iam_access_key, :aws_iam_user, :aws_iam_policy, :aws_api_gateway_v2_stage, :aws_api_gateway_v2_api, :aws_dynamo_db_table, :aws_api_gateway_stage, :aws_api_gateway_rest_api, :aws_cloud_trail_trail, :aws_ssm_patch_compliance, :aws_certificate_manager_certificate, :aws_redshift_cluster, :aws_elb_load_balancer, :aws_iam_group, :aws_iam_role, :aws_kms_key, :aws_lambda_function, :aws_lambda_layer_version, :aws_rds_db_instance, :aws_sns_topic, :aws_sqs_queue, :aws_waf_web_acl, :aws_rds_db_snapshot, :aws_rds_db_cluster_snapshot, :aws_rds_db_cluster, :aws_ecs_cluster, :aws_ecs_task_definition, :container, :other, :aws_rds_event_subscription, :aws_ecs_service, :aws_auto_scaling_launch_configuration, :aws_ec2_vpn_connection, :aws_ecr_container_image, :aws_open_search_service_domain, :aws_ec2_vpc_endpoint_service, :aws_xray_encryption_config, :aws_waf_rate_based_rule, :aws_waf_regional_rate_based_rule, :aws_ecr_repository, :aws_eks_cluster, :aws_network_firewall_firewall_policy, :aws_network_firewall_firewall, :aws_network_firewall_rule_group) SENSITIVE = [] include Aws::Structure end # The request was rejected because we can't find the specified # resource. # # @!attribute [rw] message # @return [String] # # @!attribute [rw] code # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ResourceNotFoundException AWS API Documentation # class ResourceNotFoundException < Struct.new( :message, :code) SENSITIVE = [] include Aws::Structure end # Details about the account that was not processed. # # @!attribute [rw] account_id # An Amazon Web Services account ID of the account that was not # processed. # @return [String] # # @!attribute [rw] processing_result # The reason that the account was not processed. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Result AWS API Documentation # class Result < Struct.new( :account_id, :processing_result) SENSITIVE = [] include Aws::Structure end # Details about the rule group. # # @note When making an API call, you may pass RuleGroupDetails # data as a hash: # # { # rule_variables: { # ip_sets: { # definition: ["NonEmptyString"], # }, # port_sets: { # definition: ["NonEmptyString"], # }, # }, # rules_source: { # rules_source_list: { # generated_rules_type: "NonEmptyString", # target_types: ["NonEmptyString"], # targets: ["NonEmptyString"], # }, # rules_string: "NonEmptyString", # stateful_rules: [ # { # action: "NonEmptyString", # header: { # destination: "NonEmptyString", # destination_port: "NonEmptyString", # direction: "NonEmptyString", # protocol: "NonEmptyString", # source: "NonEmptyString", # source_port: "NonEmptyString", # }, # rule_options: [ # { # keyword: "NonEmptyString", # settings: ["NonEmptyString"], # }, # ], # }, # ], # stateless_rules_and_custom_actions: { # custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_rules: [ # { # priority: 1, # rule_definition: { # actions: ["NonEmptyString"], # match_attributes: { # destination_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # destinations: [ # { # address_definition: "NonEmptyString", # }, # ], # protocols: [1], # source_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # sources: [ # { # address_definition: "NonEmptyString", # }, # ], # tcp_flags: [ # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # }, # ], # }, # }, # }, # ], # }, # }, # } # # @!attribute [rw] rule_variables # Additional settings to use in the specified rules. # @return [Types::RuleGroupVariables] # # @!attribute [rw] rules_source # The rules and actions for the rule group. # # For stateful rule groups, can contain `RulesString`, # `RulesSourceList`, or `StatefulRules`. # # For stateless rule groups, contains # `StatelessRulesAndCustomActions`. # @return [Types::RuleGroupSource] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupDetails AWS API Documentation # class RuleGroupDetails < Struct.new( :rule_variables, :rules_source) SENSITIVE = [] include Aws::Structure end # The rules and actions for the rule group. # # @note When making an API call, you may pass RuleGroupSource # data as a hash: # # { # rules_source_list: { # generated_rules_type: "NonEmptyString", # target_types: ["NonEmptyString"], # targets: ["NonEmptyString"], # }, # rules_string: "NonEmptyString", # stateful_rules: [ # { # action: "NonEmptyString", # header: { # destination: "NonEmptyString", # destination_port: "NonEmptyString", # direction: "NonEmptyString", # protocol: "NonEmptyString", # source: "NonEmptyString", # source_port: "NonEmptyString", # }, # rule_options: [ # { # keyword: "NonEmptyString", # settings: ["NonEmptyString"], # }, # ], # }, # ], # stateless_rules_and_custom_actions: { # custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_rules: [ # { # priority: 1, # rule_definition: { # actions: ["NonEmptyString"], # match_attributes: { # destination_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # destinations: [ # { # address_definition: "NonEmptyString", # }, # ], # protocols: [1], # source_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # sources: [ # { # address_definition: "NonEmptyString", # }, # ], # tcp_flags: [ # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # }, # ], # }, # }, # }, # ], # }, # } # # @!attribute [rw] rules_source_list # Stateful inspection criteria for a domain list rule group. A domain # list rule group determines access by specific protocols to specific # domains. # @return [Types::RuleGroupSourceListDetails] # # @!attribute [rw] rules_string # Stateful inspection criteria, provided in Suricata compatible # intrusion prevention system (IPS) rules. # @return [String] # # @!attribute [rw] stateful_rules # Suricata rule specifications. # @return [Array] # # @!attribute [rw] stateless_rules_and_custom_actions # The stateless rules and custom actions used by a stateless rule # group. # @return [Types::RuleGroupSourceStatelessRulesAndCustomActionsDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSource AWS API Documentation # class RuleGroupSource < Struct.new( :rules_source_list, :rules_string, :stateful_rules, :stateless_rules_and_custom_actions) SENSITIVE = [] include Aws::Structure end # A custom action definition. A custom action is an optional, # non-standard action to use for stateless packet handling. # # @note When making an API call, you may pass RuleGroupSourceCustomActionsDetails # data as a hash: # # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # } # # @!attribute [rw] action_definition # The definition of a custom action. # @return [Types::StatelessCustomActionDefinition] # # @!attribute [rw] action_name # A descriptive name of the custom action. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceCustomActionsDetails AWS API Documentation # class RuleGroupSourceCustomActionsDetails < Struct.new( :action_definition, :action_name) SENSITIVE = [] include Aws::Structure end # Stateful inspection criteria for a domain list rule group. # # @note When making an API call, you may pass RuleGroupSourceListDetails # data as a hash: # # { # generated_rules_type: "NonEmptyString", # target_types: ["NonEmptyString"], # targets: ["NonEmptyString"], # } # # @!attribute [rw] generated_rules_type # Indicates whether to allow or deny access to the domains listed in # `Targets`. # @return [String] # # @!attribute [rw] target_types # The protocols that you want to inspect. Specify `LS_SNI` for HTTPS. # Specify `HTTP_HOST` for HTTP. You can specify either or both. # @return [Array] # # @!attribute [rw] targets # The domains that you want to inspect for in your traffic flows. You # can provide full domain names, or use the '.' prefix as a # wildcard. For example, `.example.com` matches all domains that end # with `example.com`. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceListDetails AWS API Documentation # class RuleGroupSourceListDetails < Struct.new( :generated_rules_type, :target_types, :targets) SENSITIVE = [] include Aws::Structure end # A Suricata rule specification. # # @note When making an API call, you may pass RuleGroupSourceStatefulRulesDetails # data as a hash: # # { # action: "NonEmptyString", # header: { # destination: "NonEmptyString", # destination_port: "NonEmptyString", # direction: "NonEmptyString", # protocol: "NonEmptyString", # source: "NonEmptyString", # source_port: "NonEmptyString", # }, # rule_options: [ # { # keyword: "NonEmptyString", # settings: ["NonEmptyString"], # }, # ], # } # # @!attribute [rw] action # Defines what Network Firewall should do with the packets in a # traffic flow when the flow matches the stateful rule criteria. # @return [String] # # @!attribute [rw] header # The stateful inspection criteria for the rule. # @return [Types::RuleGroupSourceStatefulRulesHeaderDetails] # # @!attribute [rw] rule_options # Additional options for the rule. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesDetails AWS API Documentation # class RuleGroupSourceStatefulRulesDetails < Struct.new( :action, :header, :rule_options) SENSITIVE = [] include Aws::Structure end # The inspection criteria for a stateful rule. # # @note When making an API call, you may pass RuleGroupSourceStatefulRulesHeaderDetails # data as a hash: # # { # destination: "NonEmptyString", # destination_port: "NonEmptyString", # direction: "NonEmptyString", # protocol: "NonEmptyString", # source: "NonEmptyString", # source_port: "NonEmptyString", # } # # @!attribute [rw] destination # The destination IP address or address range to inspect for, in CIDR # notation. To match with any address, specify `ANY`. # @return [String] # # @!attribute [rw] destination_port # The destination port to inspect for. You can specify an individual # port, such as `1994`. You also can specify a port range, such as # `1990:1994`. To match with any port, specify `ANY`. # @return [String] # # @!attribute [rw] direction # The direction of traffic flow to inspect. If set to `ANY`, the # inspection matches bidirectional traffic, both from the source to # the destination and from the destination to the source. If set to # `FORWARD`, the inspection only matches traffic going from the source # to the destination. # @return [String] # # @!attribute [rw] protocol # The protocol to inspect for. To inspector for all protocols, use # `IP`. # @return [String] # # @!attribute [rw] source # The source IP address or address range to inspect for, in CIDR # notation. To match with any address, specify `ANY`. # @return [String] # # @!attribute [rw] source_port # The source port to inspect for. You can specify an individual port, # such as `1994`. You also can specify a port range, such as # `1990:1994`. To match with any port, specify `ANY`. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesHeaderDetails AWS API Documentation # class RuleGroupSourceStatefulRulesHeaderDetails < Struct.new( :destination, :destination_port, :direction, :protocol, :source, :source_port) SENSITIVE = [] include Aws::Structure end # A rule option for a stateful rule. # # @note When making an API call, you may pass RuleGroupSourceStatefulRulesOptionsDetails # data as a hash: # # { # keyword: "NonEmptyString", # settings: ["NonEmptyString"], # } # # @!attribute [rw] keyword # A keyword to look for. # @return [String] # # @!attribute [rw] settings # A list of settings. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatefulRulesOptionsDetails AWS API Documentation # class RuleGroupSourceStatefulRulesOptionsDetails < Struct.new( :keyword, :settings) SENSITIVE = [] include Aws::Structure end # The definition of the stateless rule. # # @note When making an API call, you may pass RuleGroupSourceStatelessRuleDefinition # data as a hash: # # { # actions: ["NonEmptyString"], # match_attributes: { # destination_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # destinations: [ # { # address_definition: "NonEmptyString", # }, # ], # protocols: [1], # source_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # sources: [ # { # address_definition: "NonEmptyString", # }, # ], # tcp_flags: [ # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # }, # ], # }, # } # # @!attribute [rw] actions # The actions to take on a packet that matches one of the stateless # rule definition's match attributes. You must specify a standard # action (`aws:pass`, `aws:drop`, or `aws:forward_to_sfe`). You can # then add custom actions. # @return [Array] # # @!attribute [rw] match_attributes # The criteria for Network Firewall to use to inspect an individual # packet in a stateless rule inspection. # @return [Types::RuleGroupSourceStatelessRuleMatchAttributes] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleDefinition AWS API Documentation # class RuleGroupSourceStatelessRuleDefinition < Struct.new( :actions, :match_attributes) SENSITIVE = [] include Aws::Structure end # Criteria for the stateless rule. # # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributes # data as a hash: # # { # destination_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # destinations: [ # { # address_definition: "NonEmptyString", # }, # ], # protocols: [1], # source_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # sources: [ # { # address_definition: "NonEmptyString", # }, # ], # tcp_flags: [ # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # }, # ], # } # # @!attribute [rw] destination_ports # A list of port ranges to specify the destination ports to inspect # for. # @return [Array] # # @!attribute [rw] destinations # The destination IP addresses and address ranges to inspect for, in # CIDR notation. # @return [Array] # # @!attribute [rw] protocols # The protocols to inspect for. # @return [Array] # # @!attribute [rw] source_ports # A list of port ranges to specify the source ports to inspect for. # @return [Array] # # @!attribute [rw] sources # The source IP addresses and address ranges to inspect for, in CIDR # notation. # @return [Array] # # @!attribute [rw] tcp_flags # The TCP flags and masks to inspect for. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributes AWS API Documentation # class RuleGroupSourceStatelessRuleMatchAttributes < Struct.new( :destination_ports, :destinations, :protocols, :source_ports, :sources, :tcp_flags) SENSITIVE = [] include Aws::Structure end # A port range to specify the destination ports to inspect for. # # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts # data as a hash: # # { # from_port: 1, # to_port: 1, # } # # @!attribute [rw] from_port # The starting port value for the port range. # @return [Integer] # # @!attribute [rw] to_port # The ending port value for the port range. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts AWS API Documentation # class RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts < Struct.new( :from_port, :to_port) SENSITIVE = [] include Aws::Structure end # A destination IP address or range. # # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesDestinations # data as a hash: # # { # address_definition: "NonEmptyString", # } # # @!attribute [rw] address_definition # An IP address or a block of IP addresses. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesDestinations AWS API Documentation # class RuleGroupSourceStatelessRuleMatchAttributesDestinations < Struct.new( :address_definition) SENSITIVE = [] include Aws::Structure end # A port range to specify the source ports to inspect for. # # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesSourcePorts # data as a hash: # # { # from_port: 1, # to_port: 1, # } # # @!attribute [rw] from_port # The starting port value for the port range. # @return [Integer] # # @!attribute [rw] to_port # The ending port value for the port range. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesSourcePorts AWS API Documentation # class RuleGroupSourceStatelessRuleMatchAttributesSourcePorts < Struct.new( :from_port, :to_port) SENSITIVE = [] include Aws::Structure end # A source IP addresses and address range to inspect for. # # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesSources # data as a hash: # # { # address_definition: "NonEmptyString", # } # # @!attribute [rw] address_definition # An IP address or a block of IP addresses. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesSources AWS API Documentation # class RuleGroupSourceStatelessRuleMatchAttributesSources < Struct.new( :address_definition) SENSITIVE = [] include Aws::Structure end # A set of TCP flags and masks to inspect for. # # @note When making an API call, you may pass RuleGroupSourceStatelessRuleMatchAttributesTcpFlags # data as a hash: # # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # } # # @!attribute [rw] flags # Defines the flags from the `Masks` setting that must be set in order # for the packet to match. Flags that are listed must be set. Flags # that are not listed must not be set. # @return [Array] # # @!attribute [rw] masks # The set of flags to consider in the inspection. If not specified, # then all flags are inspected. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRuleMatchAttributesTcpFlags AWS API Documentation # class RuleGroupSourceStatelessRuleMatchAttributesTcpFlags < Struct.new( :flags, :masks) SENSITIVE = [] include Aws::Structure end # Stateless rules and custom actions for a stateless rule group. # # @note When making an API call, you may pass RuleGroupSourceStatelessRulesAndCustomActionsDetails # data as a hash: # # { # custom_actions: [ # { # action_definition: { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # }, # action_name: "NonEmptyString", # }, # ], # stateless_rules: [ # { # priority: 1, # rule_definition: { # actions: ["NonEmptyString"], # match_attributes: { # destination_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # destinations: [ # { # address_definition: "NonEmptyString", # }, # ], # protocols: [1], # source_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # sources: [ # { # address_definition: "NonEmptyString", # }, # ], # tcp_flags: [ # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # }, # ], # }, # }, # }, # ], # } # # @!attribute [rw] custom_actions # Custom actions for the rule group. # @return [Array] # # @!attribute [rw] stateless_rules # Stateless rules for the rule group. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRulesAndCustomActionsDetails AWS API Documentation # class RuleGroupSourceStatelessRulesAndCustomActionsDetails < Struct.new( :custom_actions, :stateless_rules) SENSITIVE = [] include Aws::Structure end # A stateless rule in the rule group. # # @note When making an API call, you may pass RuleGroupSourceStatelessRulesDetails # data as a hash: # # { # priority: 1, # rule_definition: { # actions: ["NonEmptyString"], # match_attributes: { # destination_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # destinations: [ # { # address_definition: "NonEmptyString", # }, # ], # protocols: [1], # source_ports: [ # { # from_port: 1, # to_port: 1, # }, # ], # sources: [ # { # address_definition: "NonEmptyString", # }, # ], # tcp_flags: [ # { # flags: ["NonEmptyString"], # masks: ["NonEmptyString"], # }, # ], # }, # }, # } # # @!attribute [rw] priority # Indicates the order in which to run this rule relative to all of the # rules in the stateless rule group. # @return [Integer] # # @!attribute [rw] rule_definition # Provides the definition of the stateless rule. # @return [Types::RuleGroupSourceStatelessRuleDefinition] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupSourceStatelessRulesDetails AWS API Documentation # class RuleGroupSourceStatelessRulesDetails < Struct.new( :priority, :rule_definition) SENSITIVE = [] include Aws::Structure end # Additional settings to use in the specified rules. # # @note When making an API call, you may pass RuleGroupVariables # data as a hash: # # { # ip_sets: { # definition: ["NonEmptyString"], # }, # port_sets: { # definition: ["NonEmptyString"], # }, # } # # @!attribute [rw] ip_sets # A list of IP addresses and address ranges, in CIDR notation. # @return [Types::RuleGroupVariablesIpSetsDetails] # # @!attribute [rw] port_sets # A list of port ranges. # @return [Types::RuleGroupVariablesPortSetsDetails] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariables AWS API Documentation # class RuleGroupVariables < Struct.new( :ip_sets, :port_sets) SENSITIVE = [] include Aws::Structure end # A list of IP addresses and address ranges, in CIDR notation. # # @note When making an API call, you may pass RuleGroupVariablesIpSetsDetails # data as a hash: # # { # definition: ["NonEmptyString"], # } # # @!attribute [rw] definition # The list of IP addresses and ranges. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariablesIpSetsDetails AWS API Documentation # class RuleGroupVariablesIpSetsDetails < Struct.new( :definition) SENSITIVE = [] include Aws::Structure end # A list of port ranges. # # @note When making an API call, you may pass RuleGroupVariablesPortSetsDetails # data as a hash: # # { # definition: ["NonEmptyString"], # } # # @!attribute [rw] definition # The list of port ranges. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/RuleGroupVariablesPortSetsDetails AWS API Documentation # class RuleGroupVariablesPortSetsDetails < Struct.new( :definition) SENSITIVE = [] include Aws::Structure end # The list of detected instances of sensitive data. # # @note When making an API call, you may pass SensitiveDataDetections # data as a hash: # # { # count: 1, # type: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # } # # @!attribute [rw] count # The total number of occurrences of sensitive data that were # detected. # @return [Integer] # # @!attribute [rw] type # The type of sensitive data that was detected. For example, the type # might indicate that the data is an email address. # @return [String] # # @!attribute [rw] occurrences # Details about the sensitive data that was detected. # @return [Types::Occurrences] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SensitiveDataDetections AWS API Documentation # class SensitiveDataDetections < Struct.new( :count, :type, :occurrences) SENSITIVE = [] include Aws::Structure end # Contains a detected instance of sensitive data that are based on # built-in identifiers. # # @note When making an API call, you may pass SensitiveDataResult # data as a hash: # # { # category: "NonEmptyString", # detections: [ # { # count: 1, # type: "NonEmptyString", # occurrences: { # line_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # offset_ranges: [ # { # start: 1, # end: 1, # start_column: 1, # }, # ], # pages: [ # { # page_number: 1, # line_range: { # start: 1, # end: 1, # start_column: 1, # }, # offset_range: { # start: 1, # end: 1, # start_column: 1, # }, # }, # ], # records: [ # { # json_path: "NonEmptyString", # record_index: 1, # }, # ], # cells: [ # { # column: 1, # row: 1, # column_name: "NonEmptyString", # cell_reference: "NonEmptyString", # }, # ], # }, # }, # ], # total_count: 1, # } # # @!attribute [rw] category # The category of sensitive data that was detected. For example, the # category can indicate that the sensitive data involved credentials, # financial information, or personal information. # @return [String] # # @!attribute [rw] detections # The list of detected instances of sensitive data. # @return [Array] # # @!attribute [rw] total_count # The total number of occurrences of sensitive data. # @return [Integer] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SensitiveDataResult AWS API Documentation # class SensitiveDataResult < Struct.new( :category, :detections, :total_count) SENSITIVE = [] include Aws::Structure end # The severity of the finding. # # The finding provider can provide the initial severity. The finding # provider can only update the severity if it has not been updated using # `BatchUpdateFindings`. # # The finding must have either `Label` or `Normalized` populated. If # only one of these attributes is populated, then Security Hub # automatically populates the other one. If neither attribute is # populated, then the finding is invalid. `Label` is the preferred # attribute. # # @note When making an API call, you may pass Severity # data as a hash: # # { # product: 1.0, # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL # normalized: 1, # original: "NonEmptyString", # } # # @!attribute [rw] product # Deprecated. This attribute is being deprecated. Instead of providing # `Product`, provide `Original`. # # The native severity as defined by the Amazon Web Services service or # integrated partner product that generated the finding. # @return [Float] # # @!attribute [rw] label # The severity value of the finding. The allowed values are the # following. # # * `INFORMATIONAL` - No issue was found. # # * `LOW` - The issue does not require action on its own. # # * `MEDIUM` - The issue must be addressed but not urgently. # # * `HIGH` - The issue must be addressed as a priority. # # * `CRITICAL` - The issue must be remediated immediately to avoid it # escalating. # # If you provide `Normalized` and do not provide `Label`, then `Label` # is set automatically as follows. # # * 0 - `INFORMATIONAL` # # * 1–39 - `LOW` # # * 40–69 - `MEDIUM` # # * 70–89 - `HIGH` # # * 90–100 - `CRITICAL` # @return [String] # # @!attribute [rw] normalized # Deprecated. The normalized severity of a finding. This attribute is # being deprecated. Instead of providing `Normalized`, provide # `Label`. # # If you provide `Label` and do not provide `Normalized`, then # `Normalized` is set automatically as follows. # # * `INFORMATIONAL` - 0 # # * `LOW` - 1 # # * `MEDIUM` - 40 # # * `HIGH` - 70 # # * `CRITICAL` - 90 # @return [Integer] # # @!attribute [rw] original # The native severity from the finding product that generated the # finding. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Severity AWS API Documentation # class Severity < Struct.new( :product, :label, :normalized, :original) SENSITIVE = [] include Aws::Structure end # Updates to the severity information for a finding. # # @note When making an API call, you may pass SeverityUpdate # data as a hash: # # { # normalized: 1, # product: 1.0, # label: "INFORMATIONAL", # accepts INFORMATIONAL, LOW, MEDIUM, HIGH, CRITICAL # } # # @!attribute [rw] normalized # The normalized severity for the finding. This attribute is to be # deprecated in favor of `Label`. # # If you provide `Normalized` and do not provide `Label`, `Label` is # set automatically as follows. # # * 0 - `INFORMATIONAL` # # * 1–39 - `LOW` # # * 40–69 - `MEDIUM` # # * 70–89 - `HIGH` # # * 90–100 - `CRITICAL` # @return [Integer] # # @!attribute [rw] product # The native severity as defined by the Amazon Web Services service or # integrated partner product that generated the finding. # @return [Float] # # @!attribute [rw] label # The severity value of the finding. The allowed values are the # following. # # * `INFORMATIONAL` - No issue was found. # # * `LOW` - The issue does not require action on its own. # # * `MEDIUM` - The issue must be addressed but not urgently. # # * `HIGH` - The issue must be addressed as a priority. # # * `CRITICAL` - The issue must be remediated immediately to avoid it # escalating. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SeverityUpdate AWS API Documentation # class SeverityUpdate < Struct.new( :normalized, :product, :label) SENSITIVE = [] include Aws::Structure end # Information about a software package. # # @note When making an API call, you may pass SoftwarePackage # data as a hash: # # { # name: "NonEmptyString", # version: "NonEmptyString", # epoch: "NonEmptyString", # release: "NonEmptyString", # architecture: "NonEmptyString", # package_manager: "NonEmptyString", # file_path: "NonEmptyString", # } # # @!attribute [rw] name # The name of the software package. # @return [String] # # @!attribute [rw] version # The version of the software package. # @return [String] # # @!attribute [rw] epoch # The epoch of the software package. # @return [String] # # @!attribute [rw] release # The release of the software package. # @return [String] # # @!attribute [rw] architecture # The architecture used for the software package. # @return [String] # # @!attribute [rw] package_manager # The source of the package. # @return [String] # # @!attribute [rw] file_path # The file system path to the package manager inventory file. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SoftwarePackage AWS API Documentation # class SoftwarePackage < Struct.new( :name, :version, :epoch, :release, :architecture, :package_manager, :file_path) SENSITIVE = [] include Aws::Structure end # A collection of finding attributes used to sort findings. # # @note When making an API call, you may pass SortCriterion # data as a hash: # # { # field: "NonEmptyString", # sort_order: "asc", # accepts asc, desc # } # # @!attribute [rw] field # The finding attribute used to sort findings. # @return [String] # # @!attribute [rw] sort_order # The order used to sort findings. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/SortCriterion AWS API Documentation # class SortCriterion < Struct.new( :field, :sort_order) SENSITIVE = [] include Aws::Structure end # Provides information about a specific standard. # # @!attribute [rw] standards_arn # The ARN of a standard. # @return [String] # # @!attribute [rw] name # The name of the standard. # @return [String] # # @!attribute [rw] description # A description of the standard. # @return [String] # # @!attribute [rw] enabled_by_default # Whether the standard is enabled by default. When Security Hub is # enabled from the console, if a standard is enabled by default, the # check box for that standard is selected by default. # # When Security Hub is enabled using the `EnableSecurityHub` API # operation, the standard is enabled by default unless # `EnableDefaultStandards` is set to `false`. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Standard AWS API Documentation # class Standard < Struct.new( :standards_arn, :name, :description, :enabled_by_default) SENSITIVE = [] include Aws::Structure end # Details for an individual security standard control. # # @!attribute [rw] standards_control_arn # The ARN of the security standard control. # @return [String] # # @!attribute [rw] control_status # The current status of the security standard control. Indicates # whether the control is enabled or disabled. Security Hub does not # check against disabled controls. # @return [String] # # @!attribute [rw] disabled_reason # The reason provided for the most recent change in status for the # control. # @return [String] # # @!attribute [rw] control_status_updated_at # The date and time that the status of the security standard control # was most recently updated. # @return [Time] # # @!attribute [rw] control_id # The identifier of the security standard control. # @return [String] # # @!attribute [rw] title # The title of the security standard control. # @return [String] # # @!attribute [rw] description # The longer description of the security standard control. Provides # information about what the control is checking for. # @return [String] # # @!attribute [rw] remediation_url # A link to remediation information for the control in the Security # Hub user documentation. # @return [String] # # @!attribute [rw] severity_rating # The severity of findings generated from this security standard # control. # # The finding severity is based on an assessment of how easy it would # be to compromise Amazon Web Services resources if the issue is # detected. # @return [String] # # @!attribute [rw] related_requirements # The list of requirements that are related to this control. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsControl AWS API Documentation # class StandardsControl < Struct.new( :standards_control_arn, :control_status, :disabled_reason, :control_status_updated_at, :control_id, :title, :description, :remediation_url, :severity_rating, :related_requirements) SENSITIVE = [] include Aws::Structure end # The reason for the current status of a standard subscription. # # @!attribute [rw] status_reason_code # The reason code that represents the reason for the current status of # a standard subscription. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsStatusReason AWS API Documentation # class StandardsStatusReason < Struct.new( :status_reason_code) SENSITIVE = [] include Aws::Structure end # A resource that represents your subscription to a supported standard. # # @!attribute [rw] standards_subscription_arn # The ARN of a resource that represents your subscription to a # supported standard. # @return [String] # # @!attribute [rw] standards_arn # The ARN of a standard. # @return [String] # # @!attribute [rw] standards_input # A key-value pair of input for the standard. # @return [Hash] # # @!attribute [rw] standards_status # The status of the standard subscription. # # The status values are as follows: # # * `PENDING` - Standard is in the process of being enabled. # # * `READY` - Standard is enabled. # # * `INCOMPLETE` - Standard could not be enabled completely. Some # controls may not be available. # # * `DELETING` - Standard is in the process of being disabled. # # * `FAILED` - Standard could not be disabled. # @return [String] # # @!attribute [rw] standards_status_reason # The reason for the current status. # @return [Types::StandardsStatusReason] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsSubscription AWS API Documentation # class StandardsSubscription < Struct.new( :standards_subscription_arn, :standards_arn, :standards_input, :standards_status, :standards_status_reason) SENSITIVE = [] include Aws::Structure end # The standard that you want to enable. # # @note When making an API call, you may pass StandardsSubscriptionRequest # data as a hash: # # { # standards_arn: "NonEmptyString", # required # standards_input: { # "NonEmptyString" => "NonEmptyString", # }, # } # # @!attribute [rw] standards_arn # The ARN of the standard that you want to enable. To view the list of # available standards and their ARNs, use the `DescribeStandards` # operation. # @return [String] # # @!attribute [rw] standards_input # A key-value pair of input for the standard. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StandardsSubscriptionRequest AWS API Documentation # class StandardsSubscriptionRequest < Struct.new( :standards_arn, :standards_input) SENSITIVE = [] include Aws::Structure end # The definition of a custom action that can be used for stateless # packet handling. # # @note When making an API call, you may pass StatelessCustomActionDefinition # data as a hash: # # { # publish_metric_action: { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # }, # } # # @!attribute [rw] publish_metric_action # Information about metrics to publish to CloudWatch. # @return [Types::StatelessCustomPublishMetricAction] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomActionDefinition AWS API Documentation # class StatelessCustomActionDefinition < Struct.new( :publish_metric_action) SENSITIVE = [] include Aws::Structure end # Information about metrics to publish to CloudWatch. # # @note When making an API call, you may pass StatelessCustomPublishMetricAction # data as a hash: # # { # dimensions: [ # { # value: "NonEmptyString", # }, # ], # } # # @!attribute [rw] dimensions # Defines CloudWatch dimension values to publish. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomPublishMetricAction AWS API Documentation # class StatelessCustomPublishMetricAction < Struct.new( :dimensions) SENSITIVE = [] include Aws::Structure end # Defines a CloudWatch dimension value to publish. # # @note When making an API call, you may pass StatelessCustomPublishMetricActionDimension # data as a hash: # # { # value: "NonEmptyString", # } # # @!attribute [rw] value # The value to use for the custom metric dimension. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatelessCustomPublishMetricActionDimension AWS API Documentation # class StatelessCustomPublishMetricActionDimension < Struct.new( :value) SENSITIVE = [] include Aws::Structure end # Provides additional context for the value of `Compliance.Status`. # # @note When making an API call, you may pass StatusReason # data as a hash: # # { # reason_code: "NonEmptyString", # required # description: "NonEmptyString", # } # # @!attribute [rw] reason_code # A code that represents a reason for the control status. For the list # of status reason codes and their meanings, see [Standards-related # information in the ASFF][1] in the *Security Hub User Guide*. # # # # [1]: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-results.html#securityhub-standards-results-asff # @return [String] # # @!attribute [rw] description # The corresponding description for the status reason code. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StatusReason AWS API Documentation # class StatusReason < Struct.new( :reason_code, :description) SENSITIVE = [] include Aws::Structure end # A string filter for querying findings. # # @note When making an API call, you may pass StringFilter # data as a hash: # # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # } # # @!attribute [rw] value # The string filter value. Filter values are case sensitive. For # example, the product name for control-based findings is `Security # Hub`. If you provide `security hub` as the filter text, then there # is no match. # @return [String] # # @!attribute [rw] comparison # The condition to apply to a string value when querying for findings. # To search for values that contain the filter criteria value, use one # of the following comparison operators: # # * To search for values that exactly match the filter value, use # `EQUALS`. # # For example, the filter `ResourceType EQUALS AwsEc2SecurityGroup` # only matches findings that have a resource type of # `AwsEc2SecurityGroup`. # # * To search for values that start with the filter value, use # `PREFIX`. # # For example, the filter `ResourceType PREFIX AwsIam` matches # findings that have a resource type that starts with `AwsIam`. # Findings with a resource type of `AwsIamPolicy`, `AwsIamRole`, or # `AwsIamUser` would all match. # # `EQUALS` and `PREFIX` filters on the same field are joined by `OR`. # A finding matches if it matches any one of those filters. # # To search for values that do not contain the filter criteria value, # use one of the following comparison operators: # # * To search for values that do not exactly match the filter value, # use `NOT_EQUALS`. # # For example, the filter `ResourceType NOT_EQUALS AwsIamPolicy` # matches findings that have a resource type other than # `AwsIamPolicy`. # # * To search for values that do not start with the filter value, use # `PREFIX_NOT_EQUALS`. # # For example, the filter `ResourceType PREFIX_NOT_EQUALS AwsIam` # matches findings that have a resource type that does not start # with `AwsIam`. Findings with a resource type of `AwsIamPolicy`, # `AwsIamRole`, or `AwsIamUser` would all be excluded from the # results. # # `NOT_EQUALS` and `PREFIX_NOT_EQUALS` filters on the same field are # joined by `AND`. A finding matches only if it matches all of those # filters. # # For filters on the same field, you cannot provide both an `EQUALS` # filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter. Combining # filters in this way always returns an error, even if the provided # filter values would return valid results. # # You can combine `PREFIX` filters with `NOT_EQUALS` or # `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first # processes the `PREFIX` filters, then the `NOT_EQUALS` or # `PREFIX_NOT_EQUALS` filters. # # For example, for the following filter, Security Hub first identifies # findings that have resource types that start with either `AwsIAM` or # `AwsEc2`. It then excludes findings that have a resource type of # `AwsIamPolicy` and findings that have a resource type of # `AwsEc2NetworkInterface`. # # * `ResourceType PREFIX AwsIam` # # * `ResourceType PREFIX AwsEc2` # # * `ResourceType NOT_EQUALS AwsIamPolicy` # # * `ResourceType NOT_EQUALS AwsEc2NetworkInterface` # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/StringFilter AWS API Documentation # class StringFilter < Struct.new( :value, :comparison) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass TagResourceRequest # data as a hash: # # { # resource_arn: "ResourceArn", # required # tags: { # required # "TagKey" => "TagValue", # }, # } # # @!attribute [rw] resource_arn # The ARN of the resource to apply the tags to. # @return [String] # # @!attribute [rw] tags # The tags to add to the resource. You can add up to 50 tags at a # time. The tag keys can be no longer than 128 characters. The tag # values can be no longer than 256 characters. # @return [Hash] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/TagResourceRequest AWS API Documentation # class TagResourceRequest < Struct.new( :resource_arn, :tags) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/TagResourceResponse AWS API Documentation # class TagResourceResponse < Aws::EmptyStructure; end # Details about the threat intelligence related to a finding. # # @note When making an API call, you may pass ThreatIntelIndicator # data as a hash: # # { # type: "DOMAIN", # accepts DOMAIN, EMAIL_ADDRESS, HASH_MD5, HASH_SHA1, HASH_SHA256, HASH_SHA512, IPV4_ADDRESS, IPV6_ADDRESS, MUTEX, PROCESS, URL # value: "NonEmptyString", # category: "BACKDOOR", # accepts BACKDOOR, CARD_STEALER, COMMAND_AND_CONTROL, DROP_SITE, EXPLOIT_SITE, KEYLOGGER # last_observed_at: "NonEmptyString", # source: "NonEmptyString", # source_url: "NonEmptyString", # } # # @!attribute [rw] type # The type of threat intelligence indicator. # @return [String] # # @!attribute [rw] value # The value of a threat intelligence indicator. # @return [String] # # @!attribute [rw] category # The category of a threat intelligence indicator. # @return [String] # # @!attribute [rw] last_observed_at # Indicates when the most recent instance of a threat intelligence # indicator was observed. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] source # The source of the threat intelligence indicator. # @return [String] # # @!attribute [rw] source_url # The URL to the page or site where you can get more information about # the threat intelligence indicator. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ThreatIntelIndicator AWS API Documentation # class ThreatIntelIndicator < Struct.new( :type, :value, :category, :last_observed_at, :source, :source_url) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass UntagResourceRequest # data as a hash: # # { # resource_arn: "ResourceArn", # required # tag_keys: ["TagKey"], # required # } # # @!attribute [rw] resource_arn # The ARN of the resource to remove the tags from. # @return [String] # # @!attribute [rw] tag_keys # The tag keys associated with the tags to remove from the resource. # You can remove up to 50 tags at a time. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UntagResourceRequest AWS API Documentation # class UntagResourceRequest < Struct.new( :resource_arn, :tag_keys) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UntagResourceResponse AWS API Documentation # class UntagResourceResponse < Aws::EmptyStructure; end # @note When making an API call, you may pass UpdateActionTargetRequest # data as a hash: # # { # action_target_arn: "NonEmptyString", # required # name: "NonEmptyString", # description: "NonEmptyString", # } # # @!attribute [rw] action_target_arn # The ARN of the custom action target to update. # @return [String] # # @!attribute [rw] name # The updated name of the custom action target. # @return [String] # # @!attribute [rw] description # The updated description for the custom action target. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateActionTargetRequest AWS API Documentation # class UpdateActionTargetRequest < Struct.new( :action_target_arn, :name, :description) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateActionTargetResponse AWS API Documentation # class UpdateActionTargetResponse < Aws::EmptyStructure; end # @note When making an API call, you may pass UpdateFindingAggregatorRequest # data as a hash: # # { # finding_aggregator_arn: "NonEmptyString", # required # region_linking_mode: "NonEmptyString", # required # regions: ["NonEmptyString"], # } # # @!attribute [rw] finding_aggregator_arn # The ARN of the finding aggregator. To obtain the ARN, use # `ListFindingAggregators`. # @return [String] # # @!attribute [rw] region_linking_mode # Indicates whether to aggregate findings from all of the available # Regions in the current partition. Also determines whether to # automatically aggregate findings from new Regions as Security Hub # supports them and you opt into them. # # The selected option also determines how to use the Regions provided # in the Regions list. # # The options are as follows: # # * `ALL_REGIONS` - Indicates to aggregate findings from all of the # Regions where Security Hub is enabled. When you choose this # option, Security Hub also automatically aggregates findings from # new Regions as Security Hub supports them and you opt into them. # # * `ALL_REGIONS_EXCEPT_SPECIFIED` - Indicates to aggregate findings # from all of the Regions where Security Hub is enabled, except for # the Regions listed in the `Regions` parameter. When you choose # this option, Security Hub also automatically aggregates findings # from new Regions as Security Hub supports them and you opt into # them. # # * `SPECIFIED_REGIONS` - Indicates to aggregate findings only from # the Regions listed in the `Regions` parameter. Security Hub does # not automatically aggregate findings from new Regions. # @return [String] # # @!attribute [rw] regions # If `RegionLinkingMode` is `ALL_REGIONS_EXCEPT_SPECIFIED`, then this # is a comma-separated list of Regions that do not aggregate findings # to the aggregation Region. # # If `RegionLinkingMode` is `SPECIFIED_REGIONS`, then this is a # comma-separated list of Regions that do aggregate findings to the # aggregation Region. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateFindingAggregatorRequest AWS API Documentation # class UpdateFindingAggregatorRequest < Struct.new( :finding_aggregator_arn, :region_linking_mode, :regions) SENSITIVE = [] include Aws::Structure end # @!attribute [rw] finding_aggregator_arn # The ARN of the finding aggregator. # @return [String] # # @!attribute [rw] finding_aggregation_region # The aggregation Region. # @return [String] # # @!attribute [rw] region_linking_mode # Indicates whether to link all Regions, all Regions except for a list # of excluded Regions, or a list of included Regions. # @return [String] # # @!attribute [rw] regions # The list of excluded Regions or included Regions. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateFindingAggregatorResponse AWS API Documentation # class UpdateFindingAggregatorResponse < Struct.new( :finding_aggregator_arn, :finding_aggregation_region, :region_linking_mode, :regions) SENSITIVE = [] include Aws::Structure end # @note When making an API call, you may pass UpdateFindingsRequest # data as a hash: # # { # filters: { # required # product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # aws_account_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # generator_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # region: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # first_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # last_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # created_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # updated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # severity_product: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # severity_normalized: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # severity_label: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # title: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # description: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # recommendation_text: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # source_url: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # product_fields: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # product_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # company_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # user_defined_fields: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # malware_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_path: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_direction: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_protocol: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_source_ip_v4: [ # { # cidr: "NonEmptyString", # }, # ], # network_source_ip_v6: [ # { # cidr: "NonEmptyString", # }, # ], # network_source_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # network_source_domain: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_source_mac: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_destination_ip_v4: [ # { # cidr: "NonEmptyString", # }, # ], # network_destination_ip_v6: [ # { # cidr: "NonEmptyString", # }, # ], # network_destination_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # network_destination_domain: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_path: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # process_parent_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # process_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # process_terminated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # threat_intel_indicator_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_value: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_category: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_last_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # threat_intel_indicator_source: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_source_url: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_partition: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_region: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_tags: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # resource_aws_ec2_instance_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_image_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_ip_v4_addresses: [ # { # cidr: "NonEmptyString", # }, # ], # resource_aws_ec2_instance_ip_v6_addresses: [ # { # cidr: "NonEmptyString", # }, # ], # resource_aws_ec2_instance_key_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_iam_instance_profile_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_vpc_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_subnet_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_aws_s3_bucket_owner_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_s3_bucket_owner_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_user_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_principal_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_created_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_aws_iam_user_user_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_image_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_image_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_details_other: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # compliance_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # verification_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # workflow_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # workflow_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # record_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # related_findings_product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # related_findings_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # note_text: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # note_updated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # note_updated_by: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # keyword: [ # { # value: "NonEmptyString", # }, # ], # finding_provider_fields_confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # finding_provider_fields_criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # finding_provider_fields_related_findings_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_related_findings_product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_severity_label: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_severity_original: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_types: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # sample: [ # { # value: false, # }, # ], # }, # note: { # text: "NonEmptyString", # required # updated_by: "NonEmptyString", # required # }, # record_state: "ACTIVE", # accepts ACTIVE, ARCHIVED # } # # @!attribute [rw] filters # A collection of attributes that specify which findings you want to # update. # @return [Types::AwsSecurityFindingFilters] # # @!attribute [rw] note # The updated note for the finding. # @return [Types::NoteUpdate] # # @!attribute [rw] record_state # The updated record state for the finding. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateFindingsRequest AWS API Documentation # class UpdateFindingsRequest < Struct.new( :filters, :note, :record_state) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateFindingsResponse AWS API Documentation # class UpdateFindingsResponse < Aws::EmptyStructure; end # @note When making an API call, you may pass UpdateInsightRequest # data as a hash: # # { # insight_arn: "NonEmptyString", # required # name: "NonEmptyString", # filters: { # product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # aws_account_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # generator_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # region: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # first_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # last_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # created_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # updated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # severity_product: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # severity_normalized: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # severity_label: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # title: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # description: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # recommendation_text: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # source_url: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # product_fields: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # product_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # company_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # user_defined_fields: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # malware_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_path: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # malware_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_direction: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_protocol: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_source_ip_v4: [ # { # cidr: "NonEmptyString", # }, # ], # network_source_ip_v6: [ # { # cidr: "NonEmptyString", # }, # ], # network_source_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # network_source_domain: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_source_mac: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # network_destination_ip_v4: [ # { # cidr: "NonEmptyString", # }, # ], # network_destination_ip_v6: [ # { # cidr: "NonEmptyString", # }, # ], # network_destination_port: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # network_destination_domain: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_path: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # process_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # process_parent_pid: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # process_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # process_terminated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # threat_intel_indicator_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_value: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_category: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_last_observed_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # threat_intel_indicator_source: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # threat_intel_indicator_source_url: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_partition: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_region: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_tags: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # resource_aws_ec2_instance_type: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_image_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_ip_v4_addresses: [ # { # cidr: "NonEmptyString", # }, # ], # resource_aws_ec2_instance_ip_v6_addresses: [ # { # cidr: "NonEmptyString", # }, # ], # resource_aws_ec2_instance_key_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_iam_instance_profile_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_vpc_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_subnet_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_ec2_instance_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_aws_s3_bucket_owner_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_s3_bucket_owner_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_user_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_principal_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_aws_iam_access_key_created_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_aws_iam_user_user_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_image_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_image_name: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # resource_container_launched_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # resource_details_other: [ # { # key: "NonEmptyString", # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, NOT_EQUALS # }, # ], # compliance_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # verification_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # workflow_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # workflow_status: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # record_state: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # related_findings_product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # related_findings_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # note_text: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # note_updated_at: [ # { # start: "NonEmptyString", # end: "NonEmptyString", # date_range: { # value: 1, # unit: "DAYS", # accepts DAYS # }, # }, # ], # note_updated_by: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # keyword: [ # { # value: "NonEmptyString", # }, # ], # finding_provider_fields_confidence: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # finding_provider_fields_criticality: [ # { # gte: 1.0, # lte: 1.0, # eq: 1.0, # }, # ], # finding_provider_fields_related_findings_id: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_related_findings_product_arn: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_severity_label: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_severity_original: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # finding_provider_fields_types: [ # { # value: "NonEmptyString", # comparison: "EQUALS", # accepts EQUALS, PREFIX, NOT_EQUALS, PREFIX_NOT_EQUALS # }, # ], # sample: [ # { # value: false, # }, # ], # }, # group_by_attribute: "NonEmptyString", # } # # @!attribute [rw] insight_arn # The ARN of the insight that you want to update. # @return [String] # # @!attribute [rw] name # The updated name for the insight. # @return [String] # # @!attribute [rw] filters # The updated filters that define this insight. # @return [Types::AwsSecurityFindingFilters] # # @!attribute [rw] group_by_attribute # The updated `GroupBy` attribute that defines this insight. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateInsightRequest AWS API Documentation # class UpdateInsightRequest < Struct.new( :insight_arn, :name, :filters, :group_by_attribute) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateInsightResponse AWS API Documentation # class UpdateInsightResponse < Aws::EmptyStructure; end # @note When making an API call, you may pass UpdateOrganizationConfigurationRequest # data as a hash: # # { # auto_enable: false, # required # } # # @!attribute [rw] auto_enable # Whether to automatically enable Security Hub for new accounts in the # organization. # # By default, this is `false`, and new accounts are not added # automatically. # # To automatically enable Security Hub for new accounts, set this to # `true`. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationRequest AWS API Documentation # class UpdateOrganizationConfigurationRequest < Struct.new( :auto_enable) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateOrganizationConfigurationResponse AWS API Documentation # class UpdateOrganizationConfigurationResponse < Aws::EmptyStructure; end # @note When making an API call, you may pass UpdateSecurityHubConfigurationRequest # data as a hash: # # { # auto_enable_controls: false, # } # # @!attribute [rw] auto_enable_controls # Whether to automatically enable new controls when they are added to # standards that are enabled. # # By default, this is set to `true`, and new controls are enabled # automatically. To not automatically enable new controls, set this to # `false`. # @return [Boolean] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityHubConfigurationRequest AWS API Documentation # class UpdateSecurityHubConfigurationRequest < Struct.new( :auto_enable_controls) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityHubConfigurationResponse AWS API Documentation # class UpdateSecurityHubConfigurationResponse < Aws::EmptyStructure; end # @note When making an API call, you may pass UpdateStandardsControlRequest # data as a hash: # # { # standards_control_arn: "NonEmptyString", # required # control_status: "ENABLED", # accepts ENABLED, DISABLED # disabled_reason: "NonEmptyString", # } # # @!attribute [rw] standards_control_arn # The ARN of the security standard control to enable or disable. # @return [String] # # @!attribute [rw] control_status # The updated status of the security standard control. # @return [String] # # @!attribute [rw] disabled_reason # A description of the reason why you are disabling a security # standard control. If you are disabling a control, then this is # required. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateStandardsControlRequest AWS API Documentation # class UpdateStandardsControlRequest < Struct.new( :standards_control_arn, :control_status, :disabled_reason) SENSITIVE = [] include Aws::Structure end # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateStandardsControlResponse AWS API Documentation # class UpdateStandardsControlResponse < Aws::EmptyStructure; end # A vulnerability associated with a finding. # # @note When making an API call, you may pass Vulnerability # data as a hash: # # { # id: "NonEmptyString", # required # vulnerable_packages: [ # { # name: "NonEmptyString", # version: "NonEmptyString", # epoch: "NonEmptyString", # release: "NonEmptyString", # architecture: "NonEmptyString", # package_manager: "NonEmptyString", # file_path: "NonEmptyString", # }, # ], # cvss: [ # { # version: "NonEmptyString", # base_score: 1.0, # base_vector: "NonEmptyString", # source: "NonEmptyString", # adjustments: [ # { # metric: "NonEmptyString", # reason: "NonEmptyString", # }, # ], # }, # ], # related_vulnerabilities: ["NonEmptyString"], # vendor: { # name: "NonEmptyString", # required # url: "NonEmptyString", # vendor_severity: "NonEmptyString", # vendor_created_at: "NonEmptyString", # vendor_updated_at: "NonEmptyString", # }, # reference_urls: ["NonEmptyString"], # } # # @!attribute [rw] id # The identifier of the vulnerability. # @return [String] # # @!attribute [rw] vulnerable_packages # List of software packages that have the vulnerability. # @return [Array] # # @!attribute [rw] cvss # CVSS scores from the advisory related to the vulnerability. # @return [Array] # # @!attribute [rw] related_vulnerabilities # List of vulnerabilities that are related to this vulnerability. # @return [Array] # # @!attribute [rw] vendor # Information about the vendor that generates the vulnerability # report. # @return [Types::VulnerabilityVendor] # # @!attribute [rw] reference_urls # A list of URLs that provide additional information about the # vulnerability. # @return [Array] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Vulnerability AWS API Documentation # class Vulnerability < Struct.new( :id, :vulnerable_packages, :cvss, :related_vulnerabilities, :vendor, :reference_urls) SENSITIVE = [] include Aws::Structure end # A vendor that generates a vulnerability report. # # @note When making an API call, you may pass VulnerabilityVendor # data as a hash: # # { # name: "NonEmptyString", # required # url: "NonEmptyString", # vendor_severity: "NonEmptyString", # vendor_created_at: "NonEmptyString", # vendor_updated_at: "NonEmptyString", # } # # @!attribute [rw] name # The name of the vendor. # @return [String] # # @!attribute [rw] url # The URL of the vulnerability advisory. # @return [String] # # @!attribute [rw] vendor_severity # The severity that the vendor assigned to the vulnerability. # @return [String] # # @!attribute [rw] vendor_created_at # Indicates when the vulnerability advisory was created. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @!attribute [rw] vendor_updated_at # Indicates when the vulnerability advisory was last updated. # # Uses the `date-time` format specified in [RFC 3339 section 5.6, # Internet Date/Time Format][1]. The value cannot contain spaces. For # example, `2020-03-22T13:22:13.933Z`. # # # # [1]: https://tools.ietf.org/html/rfc3339#section-5.6 # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/VulnerabilityVendor AWS API Documentation # class VulnerabilityVendor < Struct.new( :name, :url, :vendor_severity, :vendor_created_at, :vendor_updated_at) SENSITIVE = [] include Aws::Structure end # Details about the action that CloudFront or WAF takes when a web # request matches the conditions in the rule. # # @note When making an API call, you may pass WafAction # data as a hash: # # { # type: "NonEmptyString", # } # # @!attribute [rw] type # Specifies how you want WAF to respond to requests that match the # settings in a rule. # # Valid settings include the following: # # * `ALLOW` - WAF allows requests # # * `BLOCK` - WAF blocks requests # # * `COUNT` - WAF increments a counter of the requests that match all # of the conditions in the rule. WAF then continues to inspect the # web request based on the remaining rules in the web ACL. You # can't specify `COUNT` for the default action for a WebACL. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/WafAction AWS API Documentation # class WafAction < Struct.new( :type) SENSITIVE = [] include Aws::Structure end # Details about a rule to exclude from a rule group. # # @note When making an API call, you may pass WafExcludedRule # data as a hash: # # { # rule_id: "NonEmptyString", # } # # @!attribute [rw] rule_id # The unique identifier for the rule to exclude from the rule group. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/WafExcludedRule AWS API Documentation # class WafExcludedRule < Struct.new( :rule_id) SENSITIVE = [] include Aws::Structure end # Details about an override action for a rule. # # @note When making an API call, you may pass WafOverrideAction # data as a hash: # # { # type: "NonEmptyString", # } # # @!attribute [rw] type # `COUNT` overrides the action specified by the individual rule within # a `RuleGroup` . # # If set to `NONE`, the rule's action takes place. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/WafOverrideAction AWS API Documentation # class WafOverrideAction < Struct.new( :type) SENSITIVE = [] include Aws::Structure end # Provides information about the status of the investigation into a # finding. # # @note When making an API call, you may pass Workflow # data as a hash: # # { # status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED # } # # @!attribute [rw] status # The status of the investigation into the finding. The workflow # status is specific to an individual finding. It does not affect the # generation of new findings. For example, setting the workflow status # to `SUPPRESSED` or `RESOLVED` does not prevent a new finding for the # same issue. # # The allowed values are the following. # # * `NEW` - The initial state of a finding, before it is reviewed. # # Security Hub also resets the workflow status from `NOTIFIED` or # `RESOLVED` to `NEW` in the following cases: # # * `RecordState` changes from `ARCHIVED` to `ACTIVE`. # # * `ComplianceStatus` changes from `PASSED` to either `WARNING`, # `FAILED`, or `NOT_AVAILABLE`. # # * `NOTIFIED` - Indicates that you notified the resource owner about # the security issue. Used when the initial reviewer is not the # resource owner, and needs intervention from the resource owner. # # * `SUPPRESSED` - Indicates that you reviewed the finding and do not # believe that any action is needed. The finding is no longer # updated. # # * `RESOLVED` - The finding was reviewed and remediated and is now # considered resolved. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/Workflow AWS API Documentation # class Workflow < Struct.new( :status) SENSITIVE = [] include Aws::Structure end # Used to update information about the investigation into the finding. # # @note When making an API call, you may pass WorkflowUpdate # data as a hash: # # { # status: "NEW", # accepts NEW, NOTIFIED, RESOLVED, SUPPRESSED # } # # @!attribute [rw] status # The status of the investigation into the finding. The workflow # status is specific to an individual finding. It does not affect the # generation of new findings. For example, setting the workflow status # to `SUPPRESSED` or `RESOLVED` does not prevent a new finding for the # same issue. # # The allowed values are the following. # # * `NEW` - The initial state of a finding, before it is reviewed. # # Security Hub also resets `WorkFlowStatus` from `NOTIFIED` or # `RESOLVED` to `NEW` in the following cases: # # * The record state changes from `ARCHIVED` to `ACTIVE`. # # * The compliance status changes from `PASSED` to either `WARNING`, # `FAILED`, or `NOT_AVAILABLE`. # # * `NOTIFIED` - Indicates that you notified the resource owner about # the security issue. Used when the initial reviewer is not the # resource owner, and needs intervention from the resource owner. # # * `RESOLVED` - The finding was reviewed and remediated and is now # considered resolved. # # * `SUPPRESSED` - Indicates that you reviewed the finding and do not # believe that any action is needed. The finding is no longer # updated. # @return [String] # # @see http://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/WorkflowUpdate AWS API Documentation # class WorkflowUpdate < Struct.new( :status) SENSITIVE = [] include Aws::Structure end end end