diff --git a/codegen/sdk-codegen/aws-models/customer-profiles.json b/codegen/sdk-codegen/aws-models/customer-profiles.json
index 47768919795..3c6672f0a15 100644
--- a/codegen/sdk-codegen/aws-models/customer-profiles.json
+++ b/codegen/sdk-codegen/aws-models/customer-profiles.json
@@ -1624,7 +1624,7 @@
"name": "profile"
},
"aws.protocols#restJson1": {},
- "smithy.api#documentation": "
Amazon Connect Customer Profiles is a unified customer profile for your contact\n center that has pre-built connectors powered by AppFlow that make it easy to combine\n customer information from third party applications, such as Salesforce (CRM), ServiceNow\n (ITSM), and your enterprise resource planning (ERP), with contact history from your Amazon Connect contact center.
\nFor more information about the Amazon Connect Customer Profiles feature, see Use Customer\n Profiles in the Amazon Connect Administrator's Guide.
", + "smithy.api#documentation": "Amazon Connect Customer Profiles is a unified customer profile for your contact\n center that has pre-built connectors powered by AppFlow that make it easy to combine\n customer information from third party applications, such as Salesforce (CRM), ServiceNow\n (ITSM), and your enterprise resource planning (ERP), with contact history from your Amazon Connect contact center.
\nFor more information about the Amazon Connect Customer Profiles feature, see Use Customer\n Profiles in the Amazon Connect Administrator's Guide.
", "smithy.api#title": "Amazon Connect Customer Profiles", "smithy.rules#endpointRuleSet": { "version": "1.0", @@ -4524,6 +4524,12 @@ "traits": { "smithy.api#documentation": "Boolean that shows if the Flow that's associated with the Integration is created in\n Amazon Appflow, or with ObjectTypeName equals _unstructured via API/CLI in\n flowDefinition.
" } + }, + "RoleArn": { + "target": "com.amazonaws.customerprofiles#RoleArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make\n Customer Profiles requests on your behalf.
" + } } }, "traits": { @@ -6200,6 +6206,12 @@ "traits": { "smithy.api#documentation": "Boolean that shows if the Flow that's associated with the Integration is created in\n Amazon Appflow, or with ObjectTypeName equals _unstructured via API/CLI in\n flowDefinition.
" } + }, + "RoleArn": { + "target": "com.amazonaws.customerprofiles#RoleArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make\n Customer Profiles requests on your behalf.
" + } } }, "traits": { @@ -7922,6 +7934,12 @@ "traits": { "smithy.api#documentation": "A map in which each key is an event type from an external application such as Segment or Shopify, and each value is an ObjectTypeName
(template) used to ingest the event.\nIt supports the following event types: SegmentIdentify
, ShopifyCreateCustomers
, ShopifyUpdateCustomers
, ShopifyCreateDraftOrders
, \nShopifyUpdateDraftOrders
, ShopifyCreateOrders
, and ShopifyUpdatedOrders
.
The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make\n Customer Profiles requests on your behalf.
" + } } }, "traits": { @@ -7988,6 +8006,12 @@ "traits": { "smithy.api#documentation": "Boolean that shows if the Flow that's associated with the Integration is created in\n Amazon Appflow, or with ObjectTypeName equals _unstructured via API/CLI in\n flowDefinition.
" } + }, + "RoleArn": { + "target": "com.amazonaws.customerprofiles#RoleArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make\n Customer Profiles requests on your behalf.
" + } } }, "traits": { diff --git a/codegen/sdk-codegen/aws-models/quicksight.json b/codegen/sdk-codegen/aws-models/quicksight.json index 2a69f098a82..a90b562f5b4 100644 --- a/codegen/sdk-codegen/aws-models/quicksight.json +++ b/codegen/sdk-codegen/aws-models/quicksight.json @@ -20450,6 +20450,87 @@ "smithy.api#output": {} } }, + "com.amazonaws.quicksight#DescribeQPersonalizationConfiguration": { + "type": "operation", + "input": { + "target": "com.amazonaws.quicksight#DescribeQPersonalizationConfigurationRequest" + }, + "output": { + "target": "com.amazonaws.quicksight#DescribeQPersonalizationConfigurationResponse" + }, + "errors": [ + { + "target": "com.amazonaws.quicksight#AccessDeniedException" + }, + { + "target": "com.amazonaws.quicksight#ConflictException" + }, + { + "target": "com.amazonaws.quicksight#InternalFailureException" + }, + { + "target": "com.amazonaws.quicksight#InvalidParameterValueException" + }, + { + "target": "com.amazonaws.quicksight#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.quicksight#ThrottlingException" + } + ], + "traits": { + "smithy.api#documentation": "Describes a personalization configuration.
", + "smithy.api#http": { + "method": "GET", + "uri": "/accounts/{AwsAccountId}/q-personalization-configuration", + "code": 200 + } + } + }, + "com.amazonaws.quicksight#DescribeQPersonalizationConfigurationRequest": { + "type": "structure", + "members": { + "AwsAccountId": { + "target": "com.amazonaws.quicksight#AwsAccountId", + "traits": { + "smithy.api#documentation": "The ID of the Amazon Web Services account that contains the personalization configuration that the user wants described.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.quicksight#DescribeQPersonalizationConfigurationResponse": { + "type": "structure", + "members": { + "PersonalizationMode": { + "target": "com.amazonaws.quicksight#PersonalizationMode", + "traits": { + "smithy.api#documentation": "A value that indicates whether personalization is enabled or not.
" + } + }, + "RequestId": { + "target": "com.amazonaws.quicksight#String", + "traits": { + "smithy.api#documentation": "The Amazon Web Services request ID for this operation.
" + } + }, + "Status": { + "target": "com.amazonaws.quicksight#StatusCode", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "The HTTP status of the request.
", + "smithy.api#httpResponseCode": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.quicksight#DescribeRefreshSchedule": { "type": "operation", "input": { @@ -36483,6 +36564,23 @@ } } }, + "com.amazonaws.quicksight#PersonalizationMode": { + "type": "enum", + "members": { + "ENABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ENABLED" + } + }, + "DISABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DISABLED" + } + } + } + }, "com.amazonaws.quicksight#PhysicalTable": { "type": "union", "members": { @@ -38319,6 +38417,9 @@ { "target": "com.amazonaws.quicksight#DescribeNamespace" }, + { + "target": "com.amazonaws.quicksight#DescribeQPersonalizationConfiguration" + }, { "target": "com.amazonaws.quicksight#DescribeRefreshSchedule" }, @@ -38574,6 +38675,9 @@ { "target": "com.amazonaws.quicksight#UpdatePublicSharingSettings" }, + { + "target": "com.amazonaws.quicksight#UpdateQPersonalizationConfiguration" + }, { "target": "com.amazonaws.quicksight#UpdateRefreshSchedule" }, @@ -53441,6 +53545,97 @@ "smithy.api#output": {} } }, + "com.amazonaws.quicksight#UpdateQPersonalizationConfiguration": { + "type": "operation", + "input": { + "target": "com.amazonaws.quicksight#UpdateQPersonalizationConfigurationRequest" + }, + "output": { + "target": "com.amazonaws.quicksight#UpdateQPersonalizationConfigurationResponse" + }, + "errors": [ + { + "target": "com.amazonaws.quicksight#AccessDeniedException" + }, + { + "target": "com.amazonaws.quicksight#ConflictException" + }, + { + "target": "com.amazonaws.quicksight#InternalFailureException" + }, + { + "target": "com.amazonaws.quicksight#InvalidParameterValueException" + }, + { + "target": "com.amazonaws.quicksight#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.quicksight#ResourceUnavailableException" + }, + { + "target": "com.amazonaws.quicksight#ThrottlingException" + } + ], + "traits": { + "smithy.api#documentation": "Updates a personalization configuration.
", + "smithy.api#http": { + "method": "PUT", + "uri": "/accounts/{AwsAccountId}/q-personalization-configuration", + "code": 200 + } + } + }, + "com.amazonaws.quicksight#UpdateQPersonalizationConfigurationRequest": { + "type": "structure", + "members": { + "AwsAccountId": { + "target": "com.amazonaws.quicksight#AwsAccountId", + "traits": { + "smithy.api#documentation": "The ID of the Amazon Web Services account account that contains the personalization configuration that the user wants to update.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "PersonalizationMode": { + "target": "com.amazonaws.quicksight#PersonalizationMode", + "traits": { + "smithy.api#documentation": "An option to allow Amazon QuickSight to customize data stories with user specific metadata, specifically location and job information, in your IAM Identity Center instance.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.quicksight#UpdateQPersonalizationConfigurationResponse": { + "type": "structure", + "members": { + "PersonalizationMode": { + "target": "com.amazonaws.quicksight#PersonalizationMode", + "traits": { + "smithy.api#documentation": "The personalization mode that is used for the personalization configuration.
" + } + }, + "RequestId": { + "target": "com.amazonaws.quicksight#String", + "traits": { + "smithy.api#documentation": "The Amazon Web Services request ID for this operation.
" + } + }, + "Status": { + "target": "com.amazonaws.quicksight#StatusCode", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "The HTTP status of the request.
", + "smithy.api#httpResponseCode": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.quicksight#UpdateRefreshSchedule": { "type": "operation", "input": { diff --git a/codegen/sdk-codegen/aws-models/securityhub.json b/codegen/sdk-codegen/aws-models/securityhub.json index e431233ae1d..ea5821d1a02 100644 --- a/codegen/sdk-codegen/aws-models/securityhub.json +++ b/codegen/sdk-codegen/aws-models/securityhub.json @@ -55,7 +55,7 @@ } ], "traits": { - "smithy.api#documentation": "Accepts the invitation to be a member account and be monitored by the Security Hub administrator\n account that the invitation was sent from.
\nThis operation is only used by member accounts that are not added through\n Organizations.
\nWhen the member account accepts the invitation, permission is granted to the administrator\n account to view findings generated in the member account.
", + "smithy.api#documentation": "We recommend using Organizations instead of Security Hub invitations to manage your member accounts. \n For information, see Managing Security Hub administrator and member accounts with Organizations \n in the Security Hub User Guide.
\nAccepts the invitation to be a member account and be monitored by the Security Hub administrator\n account that the invitation was sent from.
\nThis operation is only used by member accounts that are not added through\n Organizations.
\nWhen the member account accepts the invitation, permission is granted to the administrator\n account to view findings generated in the member account.
", "smithy.api#examples": [ { "title": "To accept an invitation be a member account", @@ -674,7 +674,7 @@ "Type": { "target": "com.amazonaws.securityhub#AutomationRulesActionType", "traits": { - "smithy.api#documentation": "\n Specifies that the rule action should update the Types
finding field. The Types
\n finding field classifies findings in the format of namespace/category/classifier. For more information, see\n Types taxonomy for ASFF in \n the Security Hub User Guide.\n
\n Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.\n
" } }, "FindingFieldsUpdate": { @@ -685,7 +685,7 @@ } }, "traits": { - "smithy.api#documentation": "\n One or more actions to update finding fields if a finding matches the defined criteria \n of the rule.\n
" + "smithy.api#documentation": "\n One or more actions that Security Hub takes when a finding matches the defined criteria \n of a rule.\n
" } }, "com.amazonaws.securityhub#AutomationRulesActionType": { @@ -958,7 +958,7 @@ "ResourceId": { "target": "com.amazonaws.securityhub#StringFilterList", "traits": { - "smithy.api#documentation": "\n The identifier for the given resource type. For Amazon Web Services resources that are identified by \n Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, \n this is the identifier as defined by the Amazon Web Servicesservice that created the resource. \n For non-Amazon Web Services resources, this is a unique identifier that is associated with the \n resource.\n
\n\n \t\tArray Members: Minimum number of 1 item. Maximum number of 100 items.\n \t
" + "smithy.api#documentation": "\n The identifier for the given resource type. For Amazon Web Services resources that are identified by \n Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, \n this is the identifier as defined by the Amazon Web Services service that created the resource. \n For non-Amazon Web Services resources, this is a unique identifier that is associated with the \n resource.\n
\n\n \t\tArray Members: Minimum number of 1 item. Maximum number of 100 items.\n \t
" } }, "ResourcePartition": { @@ -2986,7 +2986,7 @@ "Lifecycle": { "target": "com.amazonaws.securityhub#AwsBackupBackupPlanLifecycleDetails", "traits": { - "smithy.api#documentation": "Defines when a protected resource is transitioned to cold storage and when it expires.\n Backup transitions and expires backups automatically according to the\n lifecycle that you define. If you do not specify a lifecycle, Backup applies\n the lifecycle policy of the source backup to the destination backup.
\nBackups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.
" + "smithy.api#documentation": "Defines when a protected resource is transitioned to cold storage and when it expires.\n Backup transitions and expires backups automatically according to the\n lifecycle that you define. If you don't specify a lifecycle, Backup applies\n the lifecycle policy of the source backup to the destination backup.
\nBackups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.
" } } }, @@ -3054,7 +3054,7 @@ "Lifecycle": { "target": "com.amazonaws.securityhub#AwsBackupBackupPlanLifecycleDetails", "traits": { - "smithy.api#documentation": "Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you do not specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.
\nBackups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.
" + "smithy.api#documentation": "Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you don't specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.
\nBackups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.
" } } }, @@ -3086,7 +3086,7 @@ "EncryptionKeyArn": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "The unique ARN associated with the server-side encryption key. You can specify a key to encrypt your backups from services that support \nfull Backup management. If you do not specify a key, Backup creates an KMS key for you by default.\n
" + "smithy.api#documentation": "The unique ARN associated with the server-side encryption key. You can specify a key to encrypt your backups from services that support \nfull Backup management. If you don't specify a key, Backup creates an KMS key for you by default.\n
" } }, "Notifications": { @@ -9342,7 +9342,7 @@ "SchedulingStrategy": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "The scheduling strategy to use for the service.
\nThe REPLICA
scheduling strategy places and maintains the desired number of tasks across the cluster. By default, the service scheduler spreads tasks across Availability Zones. Task placement strategies and constraints are used to customize task placement decisions.
The DAEMON
scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that are specified in the cluster. The service scheduler also evaluates the task placement constraints for running tasks and stops tasks that do not meet the placement constraints.
Valid values: REPLICA
| DAEMON
\n
The scheduling strategy to use for the service.
\nThe REPLICA
scheduling strategy places and maintains the desired number of tasks across the cluster. By default, the service scheduler spreads tasks across Availability Zones. Task placement strategies and constraints are used to customize task placement decisions.
The DAEMON
scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that are specified in the cluster. The service scheduler also evaluates the task placement constraints for running tasks and stops tasks that don't meet the placement constraints.
Valid values: REPLICA
| DAEMON
\n
The meaning of this parameter differs according to the database engine you use.
\n\n MySQL, MariaDB, SQL Server, PostgreSQL\n
\nContains the name of the initial database of this instance that was provided at create\n time, if one was specified when the DB instance was created. This same name is returned for\n the life of the DB instance.
\n\n Oracle\n
\nContains the Oracle System ID (SID) of the created DB instance. Not shown when the\n returned parameters do not apply to an Oracle DB instance.
" + "smithy.api#documentation": "The meaning of this parameter differs according to the database engine you use.
\n\n MySQL, MariaDB, SQL Server, PostgreSQL\n
\nContains the name of the initial database of this instance that was provided at create\n time, if one was specified when the DB instance was created. This same name is returned for\n the life of the DB instance.
\n\n Oracle\n
\nContains the Oracle System ID (SID) of the created DB instance. Not shown when the\n returned parameters don't apply to an Oracle DB instance.
" } }, "DeletionProtection": { @@ -18983,7 +18983,7 @@ "WorkflowStatus": { "target": "com.amazonaws.securityhub#StringFilterList", "traits": { - "smithy.api#documentation": "The status of the investigation into a finding. Allowed values are the following.
\n\n NEW
- The initial state of a finding, before it is reviewed.
Security Hub also resets the workflow status from NOTIFIED
or\n RESOLVED
to NEW
in the following cases:
\n RecordState
changes from ARCHIVED
to ACTIVE
.
\n Compliance.Status
changes from PASSED
to either WARNING
,\n FAILED
, or NOT_AVAILABLE
.
\n NOTIFIED
- Indicates that the resource owner has been notified about\n the security issue. Used when the initial reviewer is not the resource owner, and\n needs intervention from the resource owner.
If one of the following occurs, the workflow status is changed automatically from\n NOTIFIED
to NEW
:
\n RecordState
changes from ARCHIVED
to\n ACTIVE
.
\n Compliance.Status
changes from PASSED
to FAILED
,\n WARNING
, or NOT_AVAILABLE
.
\n SUPPRESSED
- Indicates that you reviewed the finding and do not believe that any action is\n needed.
The workflow status of a SUPPRESSED
finding does not change if\n RecordState
changes from ARCHIVED
to\n ACTIVE
.
\n RESOLVED
- The finding was reviewed and remediated and is now\n considered resolved.
The finding remains RESOLVED
unless one of the following occurs:
\n RecordState
changes from ARCHIVED
to\n ACTIVE
.
\n Compliance.Status
changes from PASSED
to FAILED
,\n WARNING
, or NOT_AVAILABLE
.
In those cases, the workflow status is automatically reset to NEW
.
For findings from controls, if Compliance.Status
is PASSED
,\n then Security Hub automatically sets the workflow status to RESOLVED
.
The status of the investigation into a finding. Allowed values are the following.
\n\n NEW
- The initial state of a finding, before it is reviewed.
Security Hub also resets the workflow status from NOTIFIED
or\n RESOLVED
to NEW
in the following cases:
\n RecordState
changes from ARCHIVED
to ACTIVE
.
\n Compliance.Status
changes from PASSED
to either WARNING
,\n FAILED
, or NOT_AVAILABLE
.
\n NOTIFIED
- Indicates that the resource owner has been notified about\n the security issue. Used when the initial reviewer is not the resource owner, and\n needs intervention from the resource owner.
If one of the following occurs, the workflow status is changed automatically from\n NOTIFIED
to NEW
:
\n RecordState
changes from ARCHIVED
to\n ACTIVE
.
\n Compliance.Status
changes from PASSED
to FAILED
,\n WARNING
, or NOT_AVAILABLE
.
\n SUPPRESSED
- Indicates that you reviewed the finding and don't believe that any action is\n needed.
The workflow status of a SUPPRESSED
finding does not change if\n RecordState
changes from ARCHIVED
to\n ACTIVE
.
\n RESOLVED
- The finding was reviewed and remediated and is now\n considered resolved.
The finding remains RESOLVED
unless one of the following occurs:
\n RecordState
changes from ARCHIVED
to\n ACTIVE
.
\n Compliance.Status
changes from PASSED
to FAILED
,\n WARNING
, or NOT_AVAILABLE
.
In those cases, the workflow status is automatically reset to NEW
.
For findings from controls, if Compliance.Status
is PASSED
,\n then Security Hub automatically sets the workflow status to RESOLVED
.
\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5.\n
" + "smithy.api#documentation": "\n The unique identifier of a control across standards. Values for this field typically consist of an \n Amazon Web Services service and a number, such as APIGateway.5.\n
" } }, "ComplianceAssociatedStandardsId": { @@ -20188,13 +20188,13 @@ "OverrideAction": { "target": "com.amazonaws.securityhub#WafOverrideAction", "traits": { - "smithy.api#documentation": "Use the OverrideAction
to test your RuleGroup
.
Any rule in a RuleGroup
can potentially block a request. If you set the OverrideAction
to\n None
, the RuleGroup
blocks a request if any individual rule in the RuleGroup
\n matches the request and is configured to block that request.
However, if you first want to test the RuleGroup
,\n set the OverrideAction
to Count
. The RuleGroup
\n then overrides any block action specified by individual rules contained within the group.\n Instead of blocking matching requests, those requests are counted.
\n ActivatedRule
|OverrideAction
applies only when updating or\n adding a RuleGroup
\n to a web ACL. In this case you do not use ActivatedRule
\n Action
. For all other update requests,\n ActivatedRule
\n Action
is used instead of ActivatedRule
\n OverrideAction
.
Use the OverrideAction
to test your RuleGroup
.
Any rule in a RuleGroup
can potentially block a request. If you set the OverrideAction
to\n None
, the RuleGroup
blocks a request if any individual rule in the RuleGroup
\n matches the request and is configured to block that request.
However, if you first want to test the RuleGroup
,\n set the OverrideAction
to Count
. The RuleGroup
\n then overrides any block action specified by individual rules contained within the group.\n Instead of blocking matching requests, those requests are counted.
\n ActivatedRule
|OverrideAction
applies only when updating or\n adding a RuleGroup
\n to a web ACL. In this case you don't use ActivatedRule
\n Action
. For all other update requests,\n ActivatedRule
\n Action
is used instead of ActivatedRule
\n OverrideAction
.
Specifies the order in which the rules in a web\n ACL are evaluated. Rules with a lower value for Priority
are\n evaluated before rules with a higher value. The value must be a unique integer. If you add\n multiple rules to a web ACL, the values do not need to be consecutive.
Specifies the order in which the rules in a web\n ACL are evaluated. Rules with a lower value for Priority
are\n evaluated before rules with a higher value. The value must be a unique integer. If you add\n multiple rules to a web ACL, the values don't need to be consecutive.
Used by Security Hub customers to update information about their investigation into a finding.\n Requested by administrator accounts or member accounts. Administrator accounts can update findings for\n their account and their member accounts. Member accounts can update findings for their\n account.
\nUpdates from BatchUpdateFindings
do not affect the value of\n UpdatedAt
for a finding.
Administrator and member accounts can use BatchUpdateFindings
to update the\n following finding fields and objects.
\n Confidence
\n
\n Criticality
\n
\n Note
\n
\n RelatedFindings
\n
\n Severity
\n
\n Types
\n
\n UserDefinedFields
\n
\n VerificationState
\n
\n Workflow
\n
You can configure IAM policies to restrict access to fields and field values. For\n example, you might not want member accounts to be able to suppress findings or change the\n finding severity. See Configuring access to BatchUpdateFindings in the\n Security Hub User Guide.
", + "smithy.api#documentation": "Used by Security Hub customers to update information about their investigation into a finding.\n Requested by administrator accounts or member accounts. Administrator accounts can update findings for\n their account and their member accounts. Member accounts can update findings for their\n account.
\nUpdates from BatchUpdateFindings
don't affect the value of\n UpdatedAt
for a finding.
Administrator and member accounts can use BatchUpdateFindings
to update the\n following finding fields and objects.
\n Confidence
\n
\n Criticality
\n
\n Note
\n
\n RelatedFindings
\n
\n Severity
\n
\n Types
\n
\n UserDefinedFields
\n
\n VerificationState
\n
\n Workflow
\n
You can configure IAM policies to restrict access to fields and field values. For\n example, you might not want member accounts to be able to suppress findings or change the\n finding severity. See Configuring access to BatchUpdateFindings in the\n Security Hub User Guide.
", "smithy.api#examples": [ { "title": "To update Security Hub findings", @@ -22198,7 +22198,7 @@ "SecurityControlId": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "\n Typically provides the unique identifier of a control across standards. For Security Hub controls, this field consists of an \n Amazon Web Servicesservice and a unique number, such as APIGateway.5
.\n
\n Typically provides the unique identifier of a control across standards. For Security Hub controls, this field consists of an \n Amazon Web Services service and a unique number, such as APIGateway.5
.\n
Used to enable finding aggregation. Must be called from the aggregation Region.
\nFor more details about cross-Region replication, see Configuring finding aggregation in the Security Hub User Guide.\n
", + "smithy.api#documentation": "The aggregation Region is now called the home Region.
\nUsed to enable cross-Region aggregation. This operation can be invoked from the home Region only.
\nFor information about how cross-Region aggregation works, see Understanding cross-Region aggregation in Security Hub in the Security Hub User Guide.\n
", "smithy.api#examples": [ { "title": "To enable cross-Region aggregation", @@ -23102,7 +23102,7 @@ "Regions": { "target": "com.amazonaws.securityhub#StringList", "traits": { - "smithy.api#documentation": "If RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.\n
An InvalidInputException
error results if you populate this field while RegionLinkingMode
is \n NO_REGIONS
.
If RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.
If RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do replicate and send findings to the home Region.\n
An InvalidInputException
error results if you populate this field while RegionLinkingMode
is \n NO_REGIONS
.
The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop finding aggregation.
" + "smithy.api#documentation": "The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop cross-Region aggregation.
" } }, "FindingAggregationRegion": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "The aggregation Region.
" + "smithy.api#documentation": "The home Region. Findings generated in linked Regions are replicated and sent to the home Region.
" } }, "RegionLinkingMode": { @@ -23280,7 +23280,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a member association in Security Hub between the specified accounts and the account\n used to make the request, which is the administrator account. If you are integrated with\n Organizations, then the administrator account is designated by the organization management account.
\n\n CreateMembers
is always used to add accounts that are not organization\n members.
For accounts that are managed using Organizations, CreateMembers
is only used\n in the following cases:
Security Hub is not configured to automatically add new organization accounts.
\nThe account was disassociated or deleted in Security Hub.
\nThis action can only be used by an account that has Security Hub enabled. To enable Security Hub, you\n can use the EnableSecurityHub
operation.
For accounts that are not organization members, you create the account association and\n then send an invitation to the member account. To send the invitation, you use the\n InviteMembers
operation. If the account owner accepts\n the invitation, the account becomes a member account in Security Hub.
Accounts that are managed using Organizations do not receive an invitation. They\n automatically become a member account in Security Hub.
\nIf the organization account does not have Security Hub enabled, then Security Hub and the default standards are automatically enabled. Note that Security Hub cannot be enabled automatically for the organization management account. The organization management account must enable Security Hub before the administrator account enables it as a member account.
\nFor organization accounts that already have Security Hub enabled, Security Hub does not make any other changes to those accounts. It does not change their enabled standards or controls.
\nA permissions policy is added that permits the administrator account to view the findings\n generated in the member account.
\nTo remove the association between the administrator and member accounts, use the DisassociateFromMasterAccount
or DisassociateMembers
operation.
Creates a member association in Security Hub between the specified accounts and the account\n used to make the request, which is the administrator account. If you are integrated with\n Organizations, then the administrator account is designated by the organization management account.
\n\n CreateMembers
is always used to add accounts that are not organization\n members.
For accounts that are managed using Organizations, CreateMembers
is only used\n in the following cases:
Security Hub is not configured to automatically add new organization accounts.
\nThe account was disassociated or deleted in Security Hub.
\nThis action can only be used by an account that has Security Hub enabled. To enable Security Hub, you\n can use the EnableSecurityHub
operation.
For accounts that are not organization members, you create the account association and\n then send an invitation to the member account. To send the invitation, you use the\n InviteMembers
operation. If the account owner accepts\n the invitation, the account becomes a member account in Security Hub.
Accounts that are managed using Organizations don't receive an invitation. They\n automatically become a member account in Security Hub.
\nIf the organization account does not have Security Hub enabled, then Security Hub and the default standards are automatically enabled. Note that Security Hub cannot be enabled automatically for the organization management account. The organization management account must enable Security Hub before the administrator account enables it as a member account.
\nFor organization accounts that already have Security Hub enabled, Security Hub does not make any other changes to those accounts. It does not change their enabled standards or controls.
\nA permissions policy is added that permits the administrator account to view the findings\n generated in the member account.
\nTo remove the association between the administrator and member accounts, use the DisassociateFromMasterAccount
or DisassociateMembers
operation.
Declines invitations to become a member account.
\nA prospective member account uses this operation to decline an invitation to become a member.
\nThis operation is only called by member accounts that aren't part of an organization.\n Organization accounts don't receive invitations.
", + "smithy.api#documentation": "We recommend using Organizations instead of Security Hub invitations to manage your member accounts. \n For information, see Managing Security Hub administrator and member accounts with Organizations \n in the Security Hub User Guide.
\nDeclines invitations to become a Security Hub member account.
\nA prospective member account uses this operation to decline an invitation to become a member.
\nOnly member accounts that aren't part of an Amazon Web Services organization should use this operation.\n Organization accounts don't receive invitations.
", "smithy.api#examples": [ { "title": "To decline invitation to become a member account", @@ -23789,7 +23789,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes a finding aggregator. When you delete the finding aggregator, you stop finding aggregation.
\nWhen you stop finding aggregation, findings that were already aggregated to the aggregation Region are still visible from the aggregation Region. New findings and finding updates are not aggregated.\n
", + "smithy.api#documentation": "The aggregation Region is now called the home Region.
\nDeletes a finding aggregator. When you delete the finding aggregator, you stop cross-Region aggregation. Finding replication stops \noccurring from the linked Regions to the home Region.
\nWhen you stop cross-Region aggregation, findings that were already replicated and sent to the home Region are still visible from \n the home Region. However, new findings and finding updates are no longer replicated and sent to the home Region.\n
", "smithy.api#examples": [ { "title": "To delete a finding aggregator", @@ -23933,7 +23933,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes invitations received by the Amazon Web Services account to become a member account.
\nA Security Hub administrator account can use this operation to delete invitations sent to one or more member accounts.
\nThis operation is only used to delete invitations that are sent to member accounts that aren't part of an organization.\n Organization accounts don't receive invitations.
", + "smithy.api#documentation": "We recommend using Organizations instead of Security Hub invitations to manage your member accounts. \n For information, see Managing Security Hub administrator and member accounts with Organizations \n in the Security Hub User Guide.
\nDeletes invitations to become a Security Hub member account.
\nA Security Hub administrator account can use this operation to delete invitations sent to one or more prospective member accounts.
\nThis operation is only used to delete invitations that are sent to prospective member accounts that aren't part of an Amazon Web Services organization.\n Organization accounts don't receive invitations.
", "smithy.api#examples": [ { "title": "To delete a custom insight", @@ -24370,7 +24370,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns information about product integrations in Security Hub.
\nYou can optionally provide an integration ARN. If you provide an integration ARN, then\n the results only include that integration.
\nIf you do not provide an integration ARN, then the results include all of the available\n product integrations.
", + "smithy.api#documentation": "Returns information about product integrations in Security Hub.
\nYou can optionally provide an integration ARN. If you provide an integration ARN, then\n the results only include that integration.
\nIf you don't provide an integration ARN, then the results include all of the available\n product integrations.
", "smithy.api#examples": [ { "title": "To get information about Security Hub integrations", @@ -25291,7 +25291,7 @@ "EnableDefaultStandards": { "target": "com.amazonaws.securityhub#Boolean", "traits": { - "smithy.api#documentation": "Whether to enable the security standards that Security Hub has designated as automatically\n enabled. If you do not provide a value for EnableDefaultStandards
, it is set\n to true
. To not enable the automatically enabled standards, set\n EnableDefaultStandards
to false
.
Whether to enable the security standards that Security Hub has designated as automatically\n enabled. If you don't provide a value for EnableDefaultStandards
, it is set\n to true
. To not enable the automatically enabled standards, set\n EnableDefaultStandards
to false
.
A finding aggregator. A finding aggregator contains the configuration for finding aggregation.
" + "smithy.api#documentation": "A finding aggregator is a Security Hub resource that specifies cross-Region aggregation settings, including the \nhome Region and any linked Regions.
" } }, "com.amazonaws.securityhub#FindingAggregatorList": { @@ -25458,7 +25458,7 @@ "UpdateSource": { "target": "com.amazonaws.securityhub#FindingHistoryUpdateSource", "traits": { - "smithy.api#documentation": " Identifies the source of the event that changed the finding. For example, an integrated\n Amazon Web Servicesservice or third-party partner integration may call \n BatchImportFindings
\n , or an Security Hub customer\n may call \n BatchUpdateFindings
\n .
Identifies the source of the event that changed the finding. For example, an integrated\n Amazon Web Services service or third-party partner integration may call \n BatchImportFindings
\n , or an Security Hub customer\n may call \n BatchUpdateFindings
\n .
\n Describes the type of finding change event, such as a call to \n BatchImportFindings
\n (by an integrated Amazon Web Servicesservice or third party partner integration) or \n BatchUpdateFindings
\n (by a Security Hub customer). \n
\n Describes the type of finding change event, such as a call to \n BatchImportFindings
\n (by an integrated Amazon Web Services service or third party partner integration) or \n BatchUpdateFindings
\n (by a Security Hub customer). \n
Returns the current finding aggregation configuration.
", + "smithy.api#documentation": "The aggregation Region is now called the home Region.
\nReturns the current configuration in the calling account for cross-Region aggregation. A finding aggregator is a resource that establishes \nthe home Region and any linked Regions.
", "smithy.api#examples": [ { "title": "To get cross-Region aggregation details", @@ -26276,7 +26276,7 @@ "FindingAggregationRegion": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "The aggregation Region.
" + "smithy.api#documentation": "The home Region. Findings generated in linked Regions are replicated and sent to the home Region.
" } }, "RegionLinkingMode": { @@ -26415,7 +26415,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns a list of findings that match the specified criteria.
\nIf finding aggregation is enabled, then when you call GetFindings
from the aggregation Region, the results include all of the matching findings from both the aggregation Region and the linked Regions.
Returns a list of findings that match the specified criteria.
\nIf cross-Region aggregation is enabled, then when you call GetFindings
from the home Region, the results include all of the matching findings from both the home Region and linked Regions.
The ARNs of the insights to describe. If you do not provide any insight ARNs, then\n GetInsights
returns all of your custom insights. It does not return any\n managed insights.
The ARNs of the insights to describe. If you don't provide any insight ARNs, then\n GetInsights
returns all of your custom insights. It does not return any\n managed insights.
Returns the count of all Security Hub membership invitations that were sent to the\n current member account, not including the currently accepted invitation.
", + "smithy.api#documentation": "We recommend using Organizations instead of Security Hub invitations to manage your member accounts. \n For information, see Managing Security Hub administrator and member accounts with Organizations \n in the Security Hub User Guide.
\nReturns the count of all Security Hub membership invitations that were sent to the\n calling member account, not including the currently accepted invitation.
", "smithy.api#examples": [ { "title": "To get a count of membership invitations", @@ -27463,7 +27463,7 @@ } ], "traits": { - "smithy.api#documentation": "Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that\n the invitation is sent from.
\nThis operation is only used to invite accounts that do not belong to an organization.\n Organization accounts do not receive invitations.
\nBefore you can use this action to invite a member, you must first use the CreateMembers
action to create the member account in Security Hub.
When the account owner enables Security Hub and accepts the invitation to become a member\n account, the administrator account can view the findings generated from the member account.
", + "smithy.api#documentation": "We recommend using Organizations instead of Security Hub invitations to manage your member accounts. \n For information, see Managing Security Hub administrator and member accounts with Organizations \n in the Security Hub User Guide.
\nInvites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that\n the invitation is sent from.
\nThis operation is only used to invite accounts that don't belong to an Amazon Web Services organization.\n Organization accounts don't receive invitations.
\nBefore you can use this action to invite a member, you must first use the CreateMembers
action to create the member account in Security Hub.
When the account owner enables Security Hub and accepts the invitation to become a member\n account, the administrator account can view the findings generated in the member account.
", "smithy.api#examples": [ { "title": "To invite accounts to become members", @@ -28078,7 +28078,7 @@ } ], "traits": { - "smithy.api#documentation": "If finding aggregation is enabled, then ListFindingAggregators
returns the ARN of the finding aggregator. You can run this operation from any Region.
If cross-Region aggregation is enabled, then ListFindingAggregators
returns the Amazon Resource Name (ARN) \nof the finding aggregator. You can run this operation from any Amazon Web Services Region.
Lists all Security Hub membership invitations that were sent to the current Amazon Web Services account.
\nThis operation is only used by accounts that are managed by invitation.\n Accounts that are managed using the integration with Organizations do not receive invitations.
", + "smithy.api#documentation": "We recommend using Organizations instead of Security Hub invitations to manage your member accounts. \n For information, see Managing Security Hub administrator and member accounts with Organizations \n in the Security Hub User Guide.
\nLists all Security Hub membership invitations that were sent to the calling account.
\nOnly accounts that are managed by invitation can use this operation.\n Accounts that are managed using the integration with Organizations don't receive invitations.
", "smithy.api#http": { "method": "GET", "uri": "/invitations", @@ -29732,7 +29732,7 @@ "SecurityHub": { "target": "com.amazonaws.securityhub#SecurityHubPolicy", "traits": { - "smithy.api#documentation": "\n The Amazon Web Servicesservice that the configuration policy applies to.\n
" + "smithy.api#documentation": "\n The Amazon Web Services service that the configuration policy applies to.\n
" } } }, @@ -30927,7 +30927,7 @@ "DestinationPrefixListId": { "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { - "smithy.api#documentation": "\n The prefix of the destination Amazon Web Servicesservice.\n
" + "smithy.api#documentation": "\n The prefix of the destination Amazon Web Services service.\n
" } }, "EgressOnlyInternetGatewayId": { @@ -31534,7 +31534,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a \n number, such as APIGateway.3.\n
", + "smithy.api#documentation": "\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a \n number, such as APIGateway.3.\n
", "smithy.api#required": {} } }, @@ -31642,7 +31642,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "\n The unique identifier of a security control across standards. Values for this field typically consist of an \n Amazon Web Servicesservice name and a number (for example, APIGateway.3). This parameter differs from \n SecurityControlArn
, which is a unique Amazon Resource Name (ARN) assigned to a control. The \n ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).\n
\n The unique identifier of a security control across standards. Values for this field typically consist of an \n Amazon Web Services service name and a number (for example, APIGateway.3). This parameter differs from \n SecurityControlArn
, which is a unique Amazon Resource Name (ARN) assigned to a control. The \n ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).\n
Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps \n you assess your Amazon Web Services environment against security industry standards and best practices.
\nSecurity Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and \n supported third-party products and helps you analyze your security trends and identify the highest priority security \n issues.
\nTo help you manage the security state of your organization, Security Hub supports multiple security standards. \n These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, \n and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data \n Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes \n several security controls, each of which represents a security best practice. Security Hub runs checks against \n security controls and generates control findings to help you assess your compliance against security best practices.
\nIn addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, \n such as Amazon GuardDuty and Amazon Inspector, and \n supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You \n can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products.
\nSecurity Hub offers automation features that help you triage and remediate security issues. For example, \n you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with \n Amazon EventBridge to trigger automatic responses to specific findings.
\nThis guide, the Security Hub API Reference, provides\n information about the Security Hub API. This includes supported resources, HTTP methods, parameters,\n and schemas. If you're new to Security Hub, you might find it helpful to also review the \n Security Hub User Guide\n . The\n user guide explains key concepts and provides procedures\n that demonstrate how to use Security Hub features. It also provides information about topics such as\n integrating Security Hub with other Amazon Web Servicesservices.
\nIn addition to interacting with Security Hub by making calls to the Security Hub API, you can\n use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools \n and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell,\n Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to\n Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, \n managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools\n and SDKs, see Tools to Build on Amazon Web Services.
\nWith the exception of operations that are related to central configuration, Security Hub API requests are executed only in\n the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change\n that results from the operation is applied only to that Region. To make the same change in\n other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, \nAPI requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of \ncentral configuration operations, see the Central configuration \nterms and concepts section of the Security Hub User Guide.
\nThe following throttling limits apply to Security Hub API operations.
\n\n BatchEnableStandards
- RateLimit
of 1 request per\n second. BurstLimit
of 1 request per second.
\n GetFindings
- RateLimit
of 3 requests per second.\n BurstLimit
of 6 requests per second.
\n BatchImportFindings
- RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.
\n BatchUpdateFindings
- RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.
\n UpdateStandardsControl
- RateLimit
of 1 request per\n second. BurstLimit
of 5 requests per second.
All other operations - RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.
Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps \n you assess your Amazon Web Services environment against security industry standards and best practices.
\nSecurity Hub collects security data across Amazon Web Services accounts, Amazon Web Services services, and \n supported third-party products and helps you analyze your security trends and identify the highest priority security \n issues.
\nTo help you manage the security state of your organization, Security Hub supports multiple security standards. \n These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, \n and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data \n Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes \n several security controls, each of which represents a security best practice. Security Hub runs checks against \n security controls and generates control findings to help you assess your compliance against security best practices.
\nIn addition to generating control findings, Security Hub also receives findings from other Amazon Web Services services, \n such as Amazon GuardDuty and Amazon Inspector, and \n supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You \n can also send Security Hub findings to other Amazon Web Services services and supported third-party products.
\nSecurity Hub offers automation features that help you triage and remediate security issues. For example, \n you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with \n Amazon EventBridge to trigger automatic responses to specific findings.
\nThis guide, the Security Hub API Reference, provides\n information about the Security Hub API. This includes supported resources, HTTP methods, parameters,\n and schemas. If you're new to Security Hub, you might find it helpful to also review the \n Security Hub User Guide\n . The\n user guide explains key concepts and provides procedures\n that demonstrate how to use Security Hub features. It also provides information about topics such as\n integrating Security Hub with other Amazon Web Services services.
\nIn addition to interacting with Security Hub by making calls to the Security Hub API, you can\n use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools \n and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell,\n Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to\n Security Hub and other Amazon Web Services services . They also handle tasks such as signing requests, \n managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools\n and SDKs, see Tools to Build on Amazon Web Services.
\nWith the exception of operations that are related to central configuration, Security Hub API requests are executed only in\n the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change\n that results from the operation is applied only to that Region. To make the same change in\n other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, \nAPI requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of \ncentral configuration operations, see the Central configuration \nterms and concepts section of the Security Hub User Guide.
\nThe following throttling limits apply to Security Hub API operations.
\n\n BatchEnableStandards
- RateLimit
of 1 request per\n second. BurstLimit
of 1 request per second.
\n GetFindings
- RateLimit
of 3 requests per second.\n BurstLimit
of 6 requests per second.
\n BatchImportFindings
- RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.
\n BatchUpdateFindings
- RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.
\n UpdateStandardsControl
- RateLimit
of 1 request per\n second. BurstLimit
of 5 requests per second.
All other operations - RateLimit
of 10 requests per second.\n BurstLimit
of 30 requests per second.
The severity value of the finding. The allowed values are the following.
\n\n INFORMATIONAL
- No issue was found.
\n LOW
- The issue does not require action on its own.
\n MEDIUM
- The issue must be addressed but not urgently.
\n HIGH
- The issue must be addressed as a priority.
\n CRITICAL
- The issue must be remediated immediately to avoid it\n escalating.
If you provide Normalized
and do not provide Label
, then\n Label
is set automatically as follows.
0 - INFORMATIONAL
\n
1–39 - LOW
\n
40–69 - MEDIUM
\n
70–89 - HIGH
\n
90–100 - CRITICAL
\n
The severity value of the finding. The allowed values are the following.
\n\n INFORMATIONAL
- No issue was found.
\n LOW
- The issue does not require action on its own.
\n MEDIUM
- The issue must be addressed but not urgently.
\n HIGH
- The issue must be addressed as a priority.
\n CRITICAL
- The issue must be remediated immediately to avoid it\n escalating.
If you provide Normalized
and don't provide Label
, then\n Label
is set automatically as follows.
0 - INFORMATIONAL
\n
1–39 - LOW
\n
40–69 - MEDIUM
\n
70–89 - HIGH
\n
90–100 - CRITICAL
\n
Deprecated. The normalized severity of a finding.\n Instead of providing Normalized
, provide Label
.
The value of Normalized
can be an integer between 0
and 100
.
If you provide Label
and do not provide Normalized
, then\n Normalized
is set automatically as follows.
\n INFORMATIONAL
- 0
\n LOW
- 1
\n MEDIUM
- 40
\n HIGH
- 70
\n CRITICAL
- 90
Deprecated. The normalized severity of a finding.\n Instead of providing Normalized
, provide Label
.
The value of Normalized
can be an integer between 0
and 100
.
If you provide Label
and don't provide Normalized
, then\n Normalized
is set automatically as follows.
\n INFORMATIONAL
- 0
\n LOW
- 1
\n MEDIUM
- 40
\n HIGH
- 70
\n CRITICAL
- 90
The normalized severity for the finding. This attribute is to be deprecated in favor of\n Label
.
If you provide Normalized
and do not provide Label
,\n Label
is set automatically as follows.
0 - INFORMATIONAL
\n
1–39 - LOW
\n
40–69 - MEDIUM
\n
70–89 - HIGH
\n
90–100 - CRITICAL
\n
The normalized severity for the finding. This attribute is to be deprecated in favor of\n Label
.
If you provide Normalized
and don't provide Label
,\n Label
is set automatically as follows.
0 - INFORMATIONAL
\n
1–39 - LOW
\n
40–69 - MEDIUM
\n
70–89 - HIGH
\n
90–100 - CRITICAL
\n
\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice \n name and a number, such as APIGateway.3.\n
", + "smithy.api#documentation": "\n The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service \n name and a number, such as APIGateway.3.\n
", "smithy.api#required": {} } }, @@ -33610,7 +33610,7 @@ "target": "com.amazonaws.securityhub#NonEmptyString", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "\n A unique standard-agnostic identifier for a control. Values for this field typically consist of an \n Amazon Web Servicesservice and a number, such as APIGateway.5. This field doesn't reference a specific standard.\n
", + "smithy.api#documentation": "\n A unique standard-agnostic identifier for a control. Values for this field typically consist of an \n Amazon Web Services service and a number, such as APIGateway.5. This field doesn't reference a specific standard.\n
", "smithy.api#required": {} } }, @@ -35361,7 +35361,7 @@ } ], "traits": { - "smithy.api#documentation": "Updates the finding aggregation configuration. Used to update the Region linking mode and the list of included or excluded Regions. You cannot use UpdateFindingAggregator
to change the aggregation Region.
You must run UpdateFindingAggregator
from the current aggregation Region.\n
The aggregation Region is now called the home Region.
\nUpdates cross-Region aggregation settings. You can use this operation to update the Region linking mode and the list \n of included or excluded Amazon Web Services Regions. However, you can't use this operation to change the home Region.
\nYou can invoke this operation from the current home Region only.\n
", "smithy.api#examples": [ { "title": "To update cross-Region aggregation settings", @@ -35414,7 +35414,7 @@ "Regions": { "target": "com.amazonaws.securityhub#StringList", "traits": { - "smithy.api#documentation": "If RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
An InvalidInputException
error results if you populate this field while RegionLinkingMode
is \n NO_REGIONS
.
If RegionLinkingMode
is ALL_REGIONS_EXCEPT_SPECIFIED
, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.
If RegionLinkingMode
is SPECIFIED_REGIONS
, then this is a space-separated list of Regions that do replicate and send findings to the home Region.
An InvalidInputException
error results if you populate this field while RegionLinkingMode
is \n NO_REGIONS
.
The aggregation Region.
" + "smithy.api#documentation": "The home Region. Findings generated in linked Regions are replicated and sent to the home Region.
" } }, "RegionLinkingMode": { @@ -36343,7 +36343,7 @@ "Status": { "target": "com.amazonaws.securityhub#WorkflowStatus", "traits": { - "smithy.api#documentation": "The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED
or RESOLVED
does not prevent a new finding for the same issue.
The allowed values are the following.
\n\n NEW
- The initial state of a finding, before it is reviewed.
Security Hub also resets the workflow status from NOTIFIED
or\n RESOLVED
to NEW
in the following cases:
\n RecordState
changes from ARCHIVED
to\n ACTIVE
.
\n ComplianceStatus
changes from PASSED
to either\n WARNING
, FAILED
, or\n NOT_AVAILABLE
.
\n NOTIFIED
- Indicates that you notified the resource owner about the\n security issue. Used when the initial reviewer is not the resource owner, and needs\n intervention from the resource owner.
\n SUPPRESSED
- Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
\n RESOLVED
- The finding was reviewed and remediated and is now\n considered resolved.
The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED
or RESOLVED
does not prevent a new finding for the same issue.
The allowed values are the following.
\n\n NEW
- The initial state of a finding, before it is reviewed.
Security Hub also resets the workflow status from NOTIFIED
or\n RESOLVED
to NEW
in the following cases:
\n RecordState
changes from ARCHIVED
to\n ACTIVE
.
\n ComplianceStatus
changes from PASSED
to either\n WARNING
, FAILED
, or\n NOT_AVAILABLE
.
\n NOTIFIED
- Indicates that you notified the resource owner about the\n security issue. Used when the initial reviewer is not the resource owner, and needs\n intervention from the resource owner.
\n SUPPRESSED
- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
\n RESOLVED
- The finding was reviewed and remediated and is now\n considered resolved.
The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED
or RESOLVED
does not prevent a new finding for the same issue.
The allowed values are the following.
\n\n NEW
- The initial state of a finding, before it is reviewed.
Security Hub also resets WorkFlowStatus
from NOTIFIED
or\n RESOLVED
to NEW
in the following cases:
The record state changes from ARCHIVED
to\n ACTIVE
.
The compliance status changes from PASSED
to either\n WARNING
, FAILED
, or\n NOT_AVAILABLE
.
\n NOTIFIED
- Indicates that you notified the resource owner about the\n security issue. Used when the initial reviewer is not the resource owner, and needs\n intervention from the resource owner.
\n RESOLVED
- The finding was reviewed and remediated and is now\n considered resolved.
\n SUPPRESSED
- Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED
or RESOLVED
does not prevent a new finding for the same issue.
The allowed values are the following.
\n\n NEW
- The initial state of a finding, before it is reviewed.
Security Hub also resets WorkFlowStatus
from NOTIFIED
or\n RESOLVED
to NEW
in the following cases:
The record state changes from ARCHIVED
to\n ACTIVE
.
The compliance status changes from PASSED
to either\n WARNING
, FAILED
, or\n NOT_AVAILABLE
.
\n NOTIFIED
- Indicates that you notified the resource owner about the\n security issue. Used when the initial reviewer is not the resource owner, and needs\n intervention from the resource owner.
\n RESOLVED
- The finding was reviewed and remediated and is now\n considered resolved.
\n SUPPRESSED
- Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
An object containing additional settings for your VDM configuration as applicable to\n the Guardian.
" } }, + "com.amazonaws.sesv2#HttpsPolicy": { + "type": "enum", + "members": { + "REQUIRE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "REQUIRE" + } + }, + "REQUIRE_OPEN_ONLY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "REQUIRE_OPEN_ONLY" + } + }, + "OPTIONAL": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "OPTIONAL" + } + } + }, + "traits": { + "smithy.api#documentation": "The https policy to use for tracking open and click events. If the value is OPTIONAL or HttpsPolicy is not\n specified, the open trackers use HTTP and click tracker use the original protocol of the link.\n If the value is REQUIRE, both open and click tracker uses HTTPS and if the value is REQUIRE_OPEN_ONLY\n open tracker uses HTTPS and link tracker is same as original protocol of the link.\n
" + } + }, "com.amazonaws.sesv2#Identity": { "type": "string", "traits": { @@ -8693,6 +8719,9 @@ "traits": { "smithy.api#documentation": "The domain to use to track open and click events.
" } + }, + "HttpsPolicy": { + "target": "com.amazonaws.sesv2#HttpsPolicy" } }, "traits": { @@ -11953,6 +11982,12 @@ "smithy.api#documentation": "The domain to use for tracking open and click events.
", "smithy.api#required": {} } + }, + "HttpsPolicy": { + "target": "com.amazonaws.sesv2#HttpsPolicy", + "traits": { + "smithy.api#documentation": "The https policy to use for tracking open and click events.
" + } } }, "traits": {