The identifier of the contact. This is the identifier of the contact associated with the first interaction with the contact center.
", "StartOutboundVoiceContactResponse$ContactId": "The identifier of this contact within the Amazon Connect instance.
", "StartTaskContactRequest$PreviousContactId": "The identifier of the previous chat, voice, or task contact.
", + "StartTaskContactRequest$RelatedContactId": "The contactId that is related to this contact.
", "StartTaskContactResponse$ContactId": "The identifier of this contact within the Amazon Connect instance.
", "StopContactRecordingRequest$ContactId": "The identifier of the contact.
", "StopContactRecordingRequest$InitialContactId": "The identifier of the contact. This is the identifier of the contact associated with the first interaction with the contact center.
", diff --git a/models/apis/connect/2017-08-08/endpoint-tests-1.json b/models/apis/connect/2017-08-08/endpoint-tests-1.json index f2e5f6d152a..a89ac1bf0ab 100644 --- a/models/apis/connect/2017-08-08/endpoint-tests-1.json +++ b/models/apis/connect/2017-08-08/endpoint-tests-1.json @@ -8,9 +8,9 @@ } }, "params": { - "Region": "af-south-1", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "af-south-1" } }, { @@ -21,9 +21,9 @@ } }, "params": { - "Region": "ap-northeast-1", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "ap-northeast-1" } }, { @@ -34,9 +34,9 @@ } }, "params": { - "Region": "ap-northeast-2", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "ap-northeast-2" } }, { @@ -47,9 +47,9 @@ } }, "params": { - "Region": "ap-southeast-1", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "ap-southeast-1" } }, { @@ -60,9 +60,9 @@ } }, "params": { - "Region": "ap-southeast-2", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "ap-southeast-2" } }, { @@ -73,9 +73,9 @@ } }, "params": { - "Region": "ca-central-1", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "ca-central-1" } }, { @@ -86,9 +86,9 @@ } }, "params": { - "Region": "eu-central-1", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "eu-central-1" } }, { @@ -99,9 +99,9 @@ } }, "params": { - "Region": "eu-west-2", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "eu-west-2" } }, { @@ -112,9 +112,9 @@ } }, "params": { - "Region": "us-east-1", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "us-east-1" } }, { @@ -125,9 +125,9 @@ } }, "params": { - "Region": "us-west-2", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "us-west-2" } }, { @@ -138,9 +138,9 @@ } }, "params": { - "Region": "us-east-1", + "UseDualStack": true, "UseFIPS": true, - "UseDualStack": true + "Region": "us-east-1" } }, { @@ -151,9 +151,9 @@ } }, "params": { - "Region": "us-east-1", + "UseDualStack": false, "UseFIPS": true, - "UseDualStack": false + "Region": "us-east-1" } }, { @@ -164,9 +164,9 @@ } }, "params": { - "Region": "us-east-1", + "UseDualStack": true, "UseFIPS": false, - "UseDualStack": true + "Region": "us-east-1" } }, { @@ -177,9 +177,9 @@ } }, "params": { - "Region": "cn-north-1", + "UseDualStack": true, "UseFIPS": true, - "UseDualStack": true + "Region": "cn-north-1" } }, { @@ -190,9 +190,9 @@ } }, "params": { - "Region": "cn-north-1", + "UseDualStack": false, "UseFIPS": true, - "UseDualStack": false + "Region": "cn-north-1" } }, { @@ -203,9 +203,9 @@ } }, "params": { - "Region": "cn-north-1", + "UseDualStack": true, "UseFIPS": false, - "UseDualStack": true + "Region": "cn-north-1" } }, { @@ -216,9 +216,9 @@ } }, "params": { - "Region": "cn-north-1", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "cn-north-1" } }, { @@ -229,9 +229,9 @@ } }, "params": { - "Region": "us-gov-west-1", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "us-gov-west-1" } }, { @@ -242,9 +242,9 @@ } }, "params": { - "Region": "us-gov-west-1", + "UseDualStack": false, "UseFIPS": true, - "UseDualStack": false + "Region": "us-gov-west-1" } }, { @@ -255,9 +255,9 @@ } }, "params": { - "Region": "us-gov-east-1", + "UseDualStack": true, "UseFIPS": true, - "UseDualStack": true + "Region": "us-gov-east-1" } }, { @@ -268,9 +268,9 @@ } }, "params": { - "Region": "us-gov-east-1", + "UseDualStack": false, "UseFIPS": true, - "UseDualStack": false + "Region": "us-gov-east-1" } }, { @@ -281,9 +281,9 @@ } }, "params": { - "Region": "us-gov-east-1", + "UseDualStack": true, "UseFIPS": false, - "UseDualStack": true + "Region": "us-gov-east-1" } }, { @@ -294,9 +294,9 @@ } }, "params": { - "Region": "us-gov-east-1", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "us-gov-east-1" } }, { @@ -307,9 +307,9 @@ } }, "params": { - "Region": "us-iso-east-1", + "UseDualStack": false, "UseFIPS": true, - "UseDualStack": false + "Region": "us-iso-east-1" } }, { @@ -320,9 +320,9 @@ } }, "params": { - "Region": "us-iso-east-1", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "us-iso-east-1" } }, { @@ -333,9 +333,9 @@ } }, "params": { - "Region": "us-isob-east-1", + "UseDualStack": false, "UseFIPS": true, - "UseDualStack": false + "Region": "us-isob-east-1" } }, { @@ -346,9 +346,9 @@ } }, "params": { - "Region": "us-isob-east-1", + "UseDualStack": false, "UseFIPS": false, - "UseDualStack": false + "Region": "us-isob-east-1" } }, { @@ -359,9 +359,9 @@ } }, "params": { - "Region": "us-east-1", - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, + "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -373,8 +373,8 @@ } }, "params": { - "UseFIPS": false, "UseDualStack": false, + "UseFIPS": false, "Endpoint": "https://example.com" } }, @@ -384,9 +384,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "Region": "us-east-1", - "UseFIPS": true, "UseDualStack": false, + "UseFIPS": true, + "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -396,9 +396,9 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "Region": "us-east-1", - "UseFIPS": false, "UseDualStack": true, + "UseFIPS": false, + "Region": "us-east-1", "Endpoint": "https://example.com" } } diff --git a/models/apis/connectcases/2022-10-03/api-2.json b/models/apis/connectcases/2022-10-03/api-2.json index 8d464a33f84..18190a3c98e 100644 --- a/models/apis/connectcases/2022-10-03/api-2.json +++ b/models/apis/connectcases/2022-10-03/api-2.json @@ -165,6 +165,25 @@ ], "idempotent":true }, + "DeleteDomain":{ + "name":"DeleteDomain", + "http":{ + "method":"DELETE", + "requestUri":"/domains/{domainId}", + "responseCode":200 + }, + "input":{"shape":"DeleteDomainRequest"}, + "output":{"shape":"DeleteDomainResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} + ], + "idempotent":true + }, "GetCase":{ "name":"GetCase", "http":{ @@ -967,6 +986,22 @@ "type":"timestamp", "timestampFormat":"iso8601" }, + "DeleteDomainRequest":{ + "type":"structure", + "required":["domainId"], + "members":{ + "domainId":{ + "shape":"DomainId", + "location":"uri", + "locationName":"domainId" + } + } + }, + "DeleteDomainResponse":{ + "type":"structure", + "members":{ + } + }, "DomainArn":{ "type":"string", "max":500, diff --git a/models/apis/connectcases/2022-10-03/docs-2.json b/models/apis/connectcases/2022-10-03/docs-2.json index c57f740d7c9..361cf329227 100644 --- a/models/apis/connectcases/2022-10-03/docs-2.json +++ b/models/apis/connectcases/2022-10-03/docs-2.json @@ -1,15 +1,16 @@ { "version": "2.0", - "service": "Welcome to the Amazon Connect Cases API Reference. This guide provides information about the Amazon Connect Cases API, which you can use to create, update, get, and list Cases domains, fields, field options, layouts, templates, cases, related items, and tags.
<p>For more information about Amazon Connect Cases, see <a href="https://docs.aws.amazon.com/connect/latest/adminguide/cases.html">Amazon Connect Cases</a> in the <i>Amazon Connect Administrator Guide</i>. </p> With Amazon Connect Cases, your agents can track and manage customer issues that require multiple interactions, follow-up tasks, and teams in your contact center. A case represents a customer issue. It records the issue, the steps and interactions taken to resolve the issue, and the outcome. For more information, see Amazon Connect Cases in the Amazon Connect Administrator Guide.
", "operations": { "BatchGetField": "Returns the description for the list of fields in the request parameters.
", "BatchPutFieldOptions": "Creates and updates a set of field options for a single select field in a Cases domain.
", - "CreateCase": "Creates a case in the specified Cases domain. Case system and custom fields are taken as an array id/value pairs with a declared data types.
customer_id is a required field when creating a case.
Creates a domain, which is a container for all case data, such as cases, fields, templates and layouts. Each Amazon Connect instance can be associated with only one Cases domain.
This will not associate your connect instance to Cases domain. Instead, use the Amazon Connect CreateIntegrationAssociation API.
Creates a case in the specified Cases domain. Case system and custom fields are taken as an array id/value pairs with a declared data types.
The following fields are required when creating a case:
<ul> <li> <p> <code>customer_id</code> - You must provide the full customer profile ARN in this format: <code>arn:aws:profile:your AWS Region:your AWS account ID:domains/profiles domain name/profiles/profile ID</code> </p> </li> <li> <p> <code>title</code> </p> </li> </ul> </note> Creates a domain, which is a container for all case data, such as cases, fields, templates and layouts. Each Amazon Connect instance can be associated with only one Cases domain.
This will not associate your connect instance to Cases domain. Instead, use the Amazon Connect CreateIntegrationAssociation API. You need specific IAM permissions to successfully associate the Cases domain. For more information, see Onboard to Cases.
Creates a field in the Cases domain. This field is used to define the case object model (that is, defines what data can be captured on cases) in a Cases domain.
", "CreateLayout": "Creates a layout in the Cases domain. Layouts define the following configuration in the top section and More Info tab of the Cases user interface:
Fields to display to the users
Field ordering
Title and Status fields cannot be part of layouts since they are not configurable.
Creates a related item (comments, tasks, and contacts) and associates it with a case.
A Related Item is a resource that is associated with a case. It may or may not have an external identifier linking it to an external resource (for example, a contactArn). All Related Items have their own internal identifier, the relatedItemArn. Examples of related items include comments and contacts.
Creates a template in the Cases domain. This template is used to define the case object model (that is, to define what data can be captured on cases) in a Cases domain. A template must have a unique name within a domain, and it must reference existing field IDs and layout IDs. Additionally, multiple fields with same IDs are not allowed within the same Template. A template can be either Active or Inactive, as indicated by its status. Inactive templates cannot be used to create cases.
", + "DeleteDomain": "Deletes a domain.
", "GetCase": "Returns information about a specific case if it exists.
", "GetCaseEventConfiguration": "Returns the case event publishing configuration.
", "GetDomain": "Returns information about a specific domain if it exists.
", @@ -23,7 +24,7 @@ "ListTagsForResource": "Lists tags for a resource.
", "ListTemplates": "Lists all of the templates in a Cases domain. Each list item is a condensed summary object of the template.
", "PutCaseEventConfiguration": "API for adding case event publishing configuration
", - "SearchCases": "Searches for cases within their associated Cases domain. Search results are returned as a paginated list of abridged case documents.
", + "SearchCases": "Searches for cases within their associated Cases domain. Search results are returned as a paginated list of abridged case documents.
For customer_id you must provide the full customer profile ARN in this format: arn:aws:profile:your AWS Region:your AWS account ID:domains/profiles domain name/profiles/profile ID.
Searches for related items that are associated with a case.
If no filters are provided, this returns all related items associated with a case.
Adds tags to a resource.
", "UntagResource": "Untags a resource.
", @@ -321,6 +322,16 @@ "GetDomainResponse$createdTime": "The timestamp when the Cases domain was created.
" } }, + "DeleteDomainRequest": { + "base": null, + "refs": { + } + }, + "DeleteDomainResponse": { + "base": null, + "refs": { + } + }, "DomainArn": { "base": null, "refs": { @@ -340,6 +351,7 @@ "CreateLayoutRequest$domainId": "The unique identifier of the Cases domain.
", "CreateRelatedItemRequest$domainId": "The unique identifier of the Cases domain.
", "CreateTemplateRequest$domainId": "The unique identifier of the Cases domain.
", + "DeleteDomainRequest$domainId": "The unique identifier of the Cases domain.
", "DomainSummary$domainId": "The unique identifier of the domain.
", "GetCaseEventConfigurationRequest$domainId": "The unique identifier of the Cases domain.
", "GetCaseRequest$domainId": "The unique identifier of the Cases domain.
", @@ -951,7 +963,7 @@ } }, "SearchCasesRequestSortsList": { - "base": "/@documentation("The templateId")
", + "base": null, "refs": { "SearchCasesRequest$sorts": "A list of sorts where each sort specifies a field and their sort order to be applied to the results.
" } @@ -1127,7 +1139,7 @@ } }, "TemplateStatus": { - "base": "Status of a template
", + "base": null, "refs": { "CreateTemplateRequest$status": "The status of the template.
", "GetTemplateResponse$status": "The status of the template.
", @@ -1137,7 +1149,7 @@ } }, "TemplateStatusFilters": { - "base": "List of filters used on the ListTemplates result set
", + "base": null, "refs": { "ListTemplatesRequest$status": "A list of status values to filter on.
" } diff --git a/models/apis/connectcases/2022-10-03/endpoint-rule-set-1.json b/models/apis/connectcases/2022-10-03/endpoint-rule-set-1.json index da61afd0aca..db1b8a5d690 100644 --- a/models/apis/connectcases/2022-10-03/endpoint-rule-set-1.json +++ b/models/apis/connectcases/2022-10-03/endpoint-rule-set-1.json @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,23 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] - }, - { - "fn": "parseURL", - "argv": [ - { - "ref": "Endpoint" - } - ], - "assign": "url" } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -71,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -140,168 +111,238 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://cases-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://cases-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://cases-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://cases-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://cases.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], - "endpoint": { - "url": "https://cases.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://cases.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "endpoint": { - "url": "https://cases.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/connectcases/2022-10-03/endpoint-tests-1.json b/models/apis/connectcases/2022-10-03/endpoint-tests-1.json index 9e508f597f5..5b806555c80 100644 --- a/models/apis/connectcases/2022-10-03/endpoint-tests-1.json +++ b/models/apis/connectcases/2022-10-03/endpoint-tests-1.json @@ -8,9 +8,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": true } }, { @@ -21,9 +21,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": false } }, { @@ -34,9 +34,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": true } }, { @@ -47,9 +47,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-gov-east-1" + "Region": "us-gov-east-1", + "UseDualStack": false } }, { @@ -60,9 +60,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": true } }, { @@ -73,9 +73,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": false } }, { @@ -86,9 +86,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": true } }, { @@ -99,9 +99,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "cn-north-1" + "Region": "cn-north-1", + "UseDualStack": false } }, { @@ -110,9 +110,9 @@ "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "us-iso-east-1" + "Region": "us-iso-east-1", + "UseDualStack": true } }, { @@ -123,9 +123,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-iso-east-1" + "Region": "us-iso-east-1", + "UseDualStack": false } }, { @@ -134,9 +134,9 @@ "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "us-iso-east-1" + "Region": "us-iso-east-1", + "UseDualStack": true } }, { @@ -147,9 +147,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-iso-east-1" + "Region": "us-iso-east-1", + "UseDualStack": false } }, { @@ -160,9 +160,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": true } }, { @@ -173,9 +173,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": false } }, { @@ -186,9 +186,9 @@ } }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": true } }, { @@ -199,9 +199,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-1" + "Region": "us-east-1", + "UseDualStack": false } }, { @@ -210,9 +210,9 @@ "error": "FIPS and DualStack are enabled, but this partition does not support one or both" }, "params": { - "UseDualStack": true, "UseFIPS": true, - "Region": "us-isob-east-1" + "Region": "us-isob-east-1", + "UseDualStack": true } }, { @@ -223,9 +223,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": true, - "Region": "us-isob-east-1" + "Region": "us-isob-east-1", + "UseDualStack": false } }, { @@ -234,9 +234,9 @@ "error": "DualStack is enabled but this partition does not support DualStack" }, "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "us-isob-east-1" + "Region": "us-isob-east-1", + "UseDualStack": true } }, { @@ -247,9 +247,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, - "Region": "us-isob-east-1" + "Region": "us-isob-east-1", + "UseDualStack": false } }, { @@ -260,9 +260,9 @@ } }, "params": { - "UseDualStack": false, "UseFIPS": false, "Region": "us-east-1", + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -272,9 +272,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "UseDualStack": false, "UseFIPS": true, "Region": "us-east-1", + "UseDualStack": false, "Endpoint": "https://example.com" } }, @@ -284,9 +284,9 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "UseDualStack": true, "UseFIPS": false, "Region": "us-east-1", + "UseDualStack": true, "Endpoint": "https://example.com" } } diff --git a/models/apis/redshift/2012-12-01/docs-2.json b/models/apis/redshift/2012-12-01/docs-2.json index a4d6ce77cd4..2e3e6fe225d 100644 --- a/models/apis/redshift/2012-12-01/docs-2.json +++ b/models/apis/redshift/2012-12-01/docs-2.json @@ -1738,7 +1738,7 @@ "DescribeClusterParameterGroupsMessage$MaxRecords": "The maximum number of response records to return in each call. If the number of remaining response records exceeds the specified MaxRecords value, a value is returned in a marker field of the response. You can retrieve the next set of records by retrying the command with the returned marker value.
Default: 100
Constraints: minimum 20, maximum 100.
", "DescribeClusterParametersMessage$MaxRecords": "The maximum number of response records to return in each call. If the number of remaining response records exceeds the specified MaxRecords value, a value is returned in a marker field of the response. You can retrieve the next set of records by retrying the command with the returned marker value.
Default: 100
Constraints: minimum 20, maximum 100.
", "DescribeClusterSecurityGroupsMessage$MaxRecords": "The maximum number of response records to return in each call. If the number of remaining response records exceeds the specified MaxRecords value, a value is returned in a marker field of the response. You can retrieve the next set of records by retrying the command with the returned marker value.
Default: 100
Constraints: minimum 20, maximum 100.
", - "DescribeClusterSnapshotsMessage$MaxRecords": "The maximum number of response records to return in each call. If the number of remaining response records exceeds the specified MaxRecords value, a value is returned in a marker field of the response. You can retrieve the next set of records by retrying the command with the returned marker value.
Default: 100
Constraints: minimum 20, maximum 100.
", + "DescribeClusterSnapshotsMessage$MaxRecords": "The maximum number of response records to return in each call. If the number of remaining response records exceeds the specified MaxRecords value, a value is returned in a marker field of the response. You can retrieve the next set of records by retrying the command with the returned marker value.
Default: 100
Constraints: minimum 20, maximum 500.
", "DescribeClusterSubnetGroupsMessage$MaxRecords": "The maximum number of response records to return in each call. If the number of remaining response records exceeds the specified MaxRecords value, a value is returned in a marker field of the response. You can retrieve the next set of records by retrying the command with the returned marker value.
Default: 100
Constraints: minimum 20, maximum 100.
", "DescribeClusterTracksMessage$MaxRecords": "An integer value for the maximum number of maintenance tracks to return.
", "DescribeClusterVersionsMessage$MaxRecords": "The maximum number of response records to return in each call. If the number of remaining response records exceeds the specified MaxRecords value, a value is returned in a marker field of the response. You can retrieve the next set of records by retrying the command with the returned marker value.
Default: 100
Constraints: minimum 20, maximum 100.
", @@ -2938,7 +2938,7 @@ "AuthorizeEndpointAccessMessage$Account": "The Amazon Web Services account ID to grant access to.
", "AuthorizeSnapshotAccessMessage$SnapshotIdentifier": "The identifier of the snapshot the account is authorized to restore.
", "AuthorizeSnapshotAccessMessage$SnapshotArn": "The Amazon Resource Name (ARN) of the snapshot to authorize access to.
", - "AuthorizeSnapshotAccessMessage$SnapshotClusterIdentifier": "The identifier of the cluster the snapshot was created from. This parameter is required if your IAM user has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.
", + "AuthorizeSnapshotAccessMessage$SnapshotClusterIdentifier": "The identifier of the cluster the snapshot was created from. This parameter is required if your IAM user or role has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.
", "AuthorizeSnapshotAccessMessage$AccountWithRestoreAccess": "The identifier of the Amazon Web Services account authorized to restore the specified snapshot.
To share a snapshot with Amazon Web Services Support, specify amazon-redshift-support.
", "AvailabilityZone$Name": "The name of the availability zone.
", "CancelResizeMessage$ClusterIdentifier": "The unique identifier for the cluster that you want to cancel a resize operation for.
", @@ -3006,7 +3006,7 @@ "ClusterVersionsMessage$Marker": "A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned marker value in the Marker parameter and retrying the command. If the Marker field is empty, all response records have been retrieved for the request.
A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned marker value in the Marker parameter and retrying the command. If the Marker field is empty, all response records have been retrieved for the request.
The identifier for the source snapshot.
Constraints:
Must be the identifier for a valid automated snapshot whose state is available.
The identifier of the cluster the source snapshot was created from. This parameter is required if your IAM user has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.
Constraints:
Must be the identifier for a valid cluster.
The identifier of the cluster the source snapshot was created from. This parameter is required if your IAM user or role has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.
Constraints:
Must be the identifier for a valid cluster.
The identifier given to the new manual snapshot.
Constraints:
Cannot be null, empty, or blank.
Must contain from 1 to 255 alphanumeric characters or hyphens.
First character must be a letter.
Cannot end with a hyphen or contain two consecutive hyphens.
Must be unique for the Amazon Web Services account that is making the request.
The content of the authentication profile in JSON format. The maximum length of the JSON string is determined by a quota for your account.
", "CreateAuthenticationProfileResult$AuthenticationProfileContent": "The content of the authentication profile in JSON format.
", @@ -3014,8 +3014,8 @@ "CreateClusterMessage$ClusterIdentifier": "A unique identifier for the cluster. You use this identifier to refer to the cluster for any subsequent cluster operations such as deleting or modifying. The identifier also appears in the Amazon Redshift console.
Constraints:
Must contain from 1 to 63 alphanumeric characters or hyphens.
Alphabetic characters must be lowercase.
First character must be a letter.
Cannot end with a hyphen or contain two consecutive hyphens.
Must be unique for all clusters within an Amazon Web Services account.
Example: myexamplecluster
The type of the cluster. When cluster type is specified as
single-node, the NumberOfNodes parameter is not required.
multi-node, the NumberOfNodes parameter is required.
Valid Values: multi-node | single-node
Default: multi-node
The node type to be provisioned for the cluster. For information about node types, go to Working with Clusters in the Amazon Redshift Cluster Management Guide.
Valid Values: ds2.xlarge | ds2.8xlarge | dc1.large | dc1.8xlarge | dc2.large | dc2.8xlarge | ra3.xlplus | ra3.4xlarge | ra3.16xlarge
The user name associated with the admin user account for the cluster that is being created.
Constraints:
Must be 1 - 128 alphanumeric characters or hyphens. The user name can't be PUBLIC.
Must contain only lowercase letters, numbers, underscore, plus sign, period (dot), at symbol (@), or hyphen.
The first character must be a letter.
Must not contain a colon (:) or a slash (/).
Cannot be a reserved word. A list of reserved words can be found in Reserved Words in the Amazon Redshift Database Developer Guide.
The password associated with the admin user account for the cluster that is being created.
Constraints:
Must be between 8 and 64 characters in length.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain one number.
Can be any printable ASCII character (ASCII code 33-126) except ' (single quote), \" (double quote), \\, /, or @.
The user name associated with the admin user for the cluster that is being created.
Constraints:
Must be 1 - 128 alphanumeric characters or hyphens. The user name can't be PUBLIC.
Must contain only lowercase letters, numbers, underscore, plus sign, period (dot), at symbol (@), or hyphen.
The first character must be a letter.
Must not contain a colon (:) or a slash (/).
Cannot be a reserved word. A list of reserved words can be found in Reserved Words in the Amazon Redshift Database Developer Guide.
The password associated with the admin user for the cluster that is being created.
Constraints:
Must be between 8 and 64 characters in length.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain one number.
Can be any printable ASCII character (ASCII code 33-126) except ' (single quote), \" (double quote), \\, /, or @.
The name of a cluster subnet group to be associated with this cluster.
If this parameter is not provided the resulting cluster will be deployed outside virtual private cloud (VPC).
", "CreateClusterMessage$AvailabilityZone": "The EC2 Availability Zone (AZ) in which you want Amazon Redshift to provision the cluster. For example, if you have several EC2 instances running in a specific Availability Zone, then you might want the cluster to be provisioned in the same zone in order to decrease network latency.
Default: A random, system-chosen Availability Zone in the region that is specified by the endpoint.
Example: us-east-2d
Constraint: The specified Availability Zone must be in the same region as the current endpoint.
", "CreateClusterMessage$PreferredMaintenanceWindow": "The weekly time range (in UTC) during which automated cluster maintenance can occur.
Format: ddd:hh24:mi-ddd:hh24:mi
Default: A 30-minute window selected at random from an 8-hour block of time per region, occurring on a random day of the week. For more information about the time blocks for each region, see Maintenance Windows in Amazon Redshift Cluster Management Guide.
Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun
Constraints: Minimum 30-minute window.
", @@ -3081,7 +3081,7 @@ "DeleteClusterParameterGroupMessage$ParameterGroupName": "The name of the parameter group to be deleted.
Constraints:
Must be the name of an existing cluster parameter group.
Cannot delete a default cluster parameter group.
The name of the cluster security group to be deleted.
", "DeleteClusterSnapshotMessage$SnapshotIdentifier": "The unique identifier of the manual snapshot to be deleted.
Constraints: Must be the name of an existing snapshot that is in the available, failed, or cancelled state.
The unique identifier of the cluster the snapshot was created from. This parameter is required if your IAM user has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.
Constraints: Must be the name of valid cluster.
", + "DeleteClusterSnapshotMessage$SnapshotClusterIdentifier": "The unique identifier of the cluster the snapshot was created from. This parameter is required if your IAM user or role has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.
Constraints: Must be the name of valid cluster.
", "DeleteClusterSubnetGroupMessage$ClusterSubnetGroupName": "The name of the cluster subnet group name to be deleted.
", "DeleteEndpointAccessMessage$EndpointName": "The Redshift-managed VPC endpoint to delete.
", "DeleteEventSubscriptionMessage$SubscriptionName": "The name of the Amazon Redshift event notification subscription to be deleted.
", @@ -3272,7 +3272,7 @@ "ModifyClusterMessage$ClusterIdentifier": "The unique identifier of the cluster to be modified.
Example: examplecluster
The new cluster type.
When you submit your cluster resize request, your existing cluster goes into a read-only mode. After Amazon Redshift provisions a new cluster based on your resize requirements, there will be outage for a period while the old cluster is deleted and your connection is switched to the new cluster. You can use DescribeResize to track the progress of the resize request.
Valid Values: multi-node | single-node
The new node type of the cluster. If you specify a new node type, you must also specify the number of nodes parameter.
For more information about resizing clusters, go to Resizing Clusters in Amazon Redshift in the Amazon Redshift Cluster Management Guide.
Valid Values: ds2.xlarge | ds2.8xlarge | dc1.large | dc1.8xlarge | dc2.large | dc2.8xlarge | ra3.xlplus | ra3.4xlarge | ra3.16xlarge
The new password for the cluster admin user. This change is asynchronously applied as soon as possible. Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.
Operations never return the password, so this operation provides a way to regain access to the admin user account for a cluster if the password is lost.
Default: Uses existing setting.
Constraints:
Must be between 8 and 64 characters in length.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain one number.
Can be any printable ASCII character (ASCII code 33-126) except ' (single quote), \" (double quote), \\, /, or @.
The new password for the cluster admin user. This change is asynchronously applied as soon as possible. Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.
Operations never return the password, so this operation provides a way to regain access to the admin user for a cluster if the password is lost.
Default: Uses existing setting.
Constraints:
Must be between 8 and 64 characters in length.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain one number.
Can be any printable ASCII character (ASCII code 33-126) except ' (single quote), \" (double quote), \\, /, or @.
The name of the cluster parameter group to apply to this cluster. This change is applied only after the cluster is rebooted. To reboot a cluster use RebootCluster.
Default: Uses existing setting.
Constraints: The cluster parameter group must be in the same parameter group family that matches the cluster version.
", "ModifyClusterMessage$PreferredMaintenanceWindow": "The weekly time range (in UTC) during which system maintenance can occur, if necessary. If system maintenance is necessary during the window, it may result in an outage.
This maintenance window change is made immediately. If the new maintenance window indicates the current time, there must be at least 120 minutes between the current time and end of the window in order to ensure that pending changes are applied.
Default: Uses existing setting.
Format: ddd:hh24:mi-ddd:hh24:mi, for example wed:07:30-wed:08:00.
Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun
Constraints: Must be at least 30 minutes.
", "ModifyClusterMessage$ClusterVersion": "The new version number of the Amazon Redshift engine to upgrade to.
For major version upgrades, if a non-default cluster parameter group is currently in use, a new cluster parameter group in the cluster parameter group family for the new version must be specified. The new cluster parameter group can be the default for that cluster parameter group family. For more information about parameters and parameter groups, go to Amazon Redshift Parameter Groups in the Amazon Redshift Cluster Management Guide.
Example: 1.0
The identifier of the cluster that will be created from restoring the snapshot.
Constraints:
Must contain from 1 to 63 alphanumeric characters or hyphens.
Alphabetic characters must be lowercase.
First character must be a letter.
Cannot end with a hyphen or contain two consecutive hyphens.
Must be unique for all clusters within an Amazon Web Services account.
The name of the snapshot from which to create the new cluster. This parameter isn't case sensitive. You must specify this parameter or snapshotArn, but not both.
Example: my-snapshot-id
The Amazon Resource Name (ARN) of the snapshot associated with the message to restore from a cluster. You must specify this parameter or snapshotIdentifier, but not both.
The name of the cluster the source snapshot was created from. This parameter is required if your IAM user has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.
", + "RestoreFromClusterSnapshotMessage$SnapshotClusterIdentifier": "The name of the cluster the source snapshot was created from. This parameter is required if your IAM user or role has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.
", "RestoreFromClusterSnapshotMessage$AvailabilityZone": "The Amazon EC2 Availability Zone in which to restore the cluster.
Default: A random, system-chosen Availability Zone.
Example: us-east-2a
The name of the subnet group where you want to cluster restored.
A snapshot of cluster in VPC can be restored only in VPC. Therefore, you must provide subnet group name where you want the cluster restored.
", "RestoreFromClusterSnapshotMessage$OwnerAccount": "The Amazon Web Services account used to create or copy the snapshot. Required if you are restoring a snapshot you do not own, optional if you own the snapshot.
", @@ -3402,7 +3402,7 @@ "RevokeEndpointAccessMessage$Account": "The Amazon Web Services account ID whose access is to be revoked.
", "RevokeSnapshotAccessMessage$SnapshotIdentifier": "The identifier of the snapshot that the account can no longer access.
", "RevokeSnapshotAccessMessage$SnapshotArn": "The Amazon Resource Name (ARN) of the snapshot associated with the message to revoke access.
", - "RevokeSnapshotAccessMessage$SnapshotClusterIdentifier": "The identifier of the cluster the snapshot was created from. This parameter is required if your IAM user has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.
", + "RevokeSnapshotAccessMessage$SnapshotClusterIdentifier": "The identifier of the cluster the snapshot was created from. This parameter is required if your IAM user or role has a policy containing a snapshot resource element that specifies anything other than * for the cluster name.
", "RevokeSnapshotAccessMessage$AccountWithRestoreAccess": "The identifier of the Amazon Web Services account that can no longer restore the specified snapshot.
", "RotateEncryptionKeyMessage$ClusterIdentifier": "The unique identifier of the cluster that you want to rotate the encryption keys for.
Constraints: Must be the name of valid cluster that has encryption enabled.
", "ScheduleDefinitionList$member": null, diff --git a/models/apis/redshift/2012-12-01/endpoint-rule-set-1.json b/models/apis/redshift/2012-12-01/endpoint-rule-set-1.json index e2a4c57c7e2..fb0c8cf4951 100644 --- a/models/apis/redshift/2012-12-01/endpoint-rule-set-1.json +++ b/models/apis/redshift/2012-12-01/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,14 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -62,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -131,187 +111,286 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://redshift-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, { "conditions": [], - "endpoint": { - "url": "https://redshift-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ - "aws-us-gov", + true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsFIPS" ] } ] } ], - "endpoint": { - "url": "https://redshift.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://redshift.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://redshift-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] }, { "conditions": [], - "endpoint": { - "url": "https://redshift-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://redshift.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "us-gov-east-1" + ] + } + ], + "endpoint": { + "url": "https://redshift.us-gov-east-1.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "ref": "Region" + }, + "us-gov-west-1" + ] + } + ], + "endpoint": { + "url": "https://redshift.us-gov-west-1.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [], "endpoint": { - "url": "https://redshift.{Region}.{PartitionResult#dualStackDnsSuffix}", + "url": "https://redshift.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -320,66 +399,13 @@ ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "ref": "Region" - }, - "us-gov-east-1" - ] - } - ], - "endpoint": { - "url": "https://redshift.us-gov-east-1.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - { - "ref": "Region" - }, - "us-gov-west-1" - ] - } - ], - "endpoint": { - "url": "https://redshift.us-gov-west-1.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [], - "endpoint": { - "url": "https://redshift.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/redshift/2012-12-01/endpoint-tests-1.json b/models/apis/redshift/2012-12-01/endpoint-tests-1.json index 1c238ab3b5c..5603237a0d8 100644 --- a/models/apis/redshift/2012-12-01/endpoint-tests-1.json +++ b/models/apis/redshift/2012-12-01/endpoint-tests-1.json @@ -8,9 +8,9 @@ } }, "params": { - "Region": "af-south-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "af-south-1" } }, { @@ -21,9 +21,9 @@ } }, "params": { - "Region": "ap-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-east-1" } }, { @@ -34,9 +34,9 @@ } }, "params": { - "Region": "ap-northeast-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-northeast-1" } }, { @@ -47,9 +47,9 @@ } }, "params": { - "Region": "ap-northeast-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-northeast-2" } }, { @@ -60,9 +60,9 @@ } }, "params": { - "Region": "ap-northeast-3", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-northeast-3" } }, { @@ -73,9 +73,9 @@ } }, "params": { - "Region": "ap-south-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-south-1" } }, { @@ -86,9 +86,9 @@ } }, "params": { - "Region": "ap-southeast-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-southeast-1" } }, { @@ -99,9 +99,9 @@ } }, "params": { - "Region": "ap-southeast-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-southeast-2" } }, { @@ -112,9 +112,9 @@ } }, "params": { - "Region": "ap-southeast-3", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-southeast-3" } }, { @@ -125,9 +125,9 @@ } }, "params": { - "Region": "ca-central-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ca-central-1" } }, { @@ -138,9 +138,9 @@ } }, "params": { - "Region": "ca-central-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "ca-central-1" } }, { @@ -151,9 +151,9 @@ } }, "params": { - "Region": "eu-central-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-central-1" } }, { @@ -164,9 +164,9 @@ } }, "params": { - "Region": "eu-north-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-north-1" } }, { @@ -177,9 +177,9 @@ } }, "params": { - "Region": "eu-south-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-south-1" } }, { @@ -190,9 +190,9 @@ } }, "params": { - "Region": "eu-west-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-west-1" } }, { @@ -203,9 +203,9 @@ } }, "params": { - "Region": "eu-west-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-west-2" } }, { @@ -216,9 +216,9 @@ } }, "params": { - "Region": "eu-west-3", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-west-3" } }, { @@ -229,9 +229,9 @@ } }, "params": { - "Region": "me-south-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "me-south-1" } }, { @@ -242,9 +242,9 @@ } }, "params": { - "Region": "sa-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "sa-east-1" } }, { @@ -255,9 +255,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-1" } }, { @@ -268,9 +268,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-east-1" } }, { @@ -281,9 +281,9 @@ } }, "params": { - "Region": "us-east-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-2" } }, { @@ -294,9 +294,9 @@ } }, "params": { - "Region": "us-east-2", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-east-2" } }, { @@ -307,9 +307,9 @@ } }, "params": { - "Region": "us-west-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-west-1" } }, { @@ -320,9 +320,9 @@ } }, "params": { - "Region": "us-west-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-west-1" } }, { @@ -333,9 +333,9 @@ } }, "params": { - "Region": "us-west-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-west-2" } }, { @@ -346,9 +346,9 @@ } }, "params": { - "Region": "us-west-2", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-west-2" } }, { @@ -359,9 +359,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-east-1" } }, { @@ -372,9 +372,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-1" } }, { @@ -385,9 +385,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "cn-north-1" } }, { @@ -398,9 +398,9 @@ } }, "params": { - "Region": "cn-northwest-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "cn-northwest-1" } }, { @@ -411,9 +411,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "cn-north-1" } }, { @@ -424,9 +424,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "cn-north-1" } }, { @@ -437,9 +437,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "cn-north-1" } }, { @@ -450,9 +450,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-gov-east-1" } }, { @@ -463,9 +463,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-gov-east-1" } }, { @@ -476,9 +476,9 @@ } }, "params": { - "Region": "us-gov-west-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-gov-west-1" } }, { @@ -489,9 +489,9 @@ } }, "params": { - "Region": "us-gov-west-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-gov-west-1" } }, { @@ -502,9 +502,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-gov-east-1" } }, { @@ -515,9 +515,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-gov-east-1" } }, { @@ -528,9 +528,9 @@ } }, "params": { - "Region": "us-iso-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-iso-east-1" } }, { @@ -541,9 +541,9 @@ } }, "params": { - "Region": "us-iso-west-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-iso-west-1" } }, { @@ -554,9 +554,9 @@ } }, "params": { - "Region": "us-iso-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-iso-east-1" } }, { @@ -567,9 +567,9 @@ } }, "params": { - "Region": "us-isob-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-isob-east-1" } }, { @@ -580,20 +580,33 @@ } }, "params": { - "Region": "us-isob-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-isob-east-1" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" } }, "params": { + "UseDualStack": false, + "UseFIPS": false, "Region": "us-east-1", + "Endpoint": "https://example.com" + } + }, + { + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", + "expect": { + "endpoint": { + "url": "https://example.com" + } + }, + "params": { "UseDualStack": false, "UseFIPS": false, "Endpoint": "https://example.com" @@ -605,9 +618,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "Region": "us-east-1", "UseDualStack": false, "UseFIPS": true, + "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -617,9 +630,9 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "Region": "us-east-1", "UseDualStack": true, "UseFIPS": false, + "Region": "us-east-1", "Endpoint": "https://example.com" } } diff --git a/models/apis/securityhub/2018-10-26/api-2.json b/models/apis/securityhub/2018-10-26/api-2.json index 2696bb0a5ff..c11b7d91feb 100644 --- a/models/apis/securityhub/2018-10-26/api-2.json +++ b/models/apis/securityhub/2018-10-26/api-2.json @@ -76,6 +76,36 @@ {"shape":"LimitExceededException"} ] }, + "BatchGetSecurityControls":{ + "name":"BatchGetSecurityControls", + "http":{ + "method":"POST", + "requestUri":"/securityControls/batchGet" + }, + "input":{"shape":"BatchGetSecurityControlsRequest"}, + "output":{"shape":"BatchGetSecurityControlsResponse"}, + "errors":[ + {"shape":"InternalException"}, + {"shape":"LimitExceededException"}, + {"shape":"InvalidAccessException"}, + {"shape":"InvalidInputException"} + ] + }, + "BatchGetStandardsControlAssociations":{ + "name":"BatchGetStandardsControlAssociations", + "http":{ + "method":"POST", + "requestUri":"/associations/batchGet" + }, + "input":{"shape":"BatchGetStandardsControlAssociationsRequest"}, + "output":{"shape":"BatchGetStandardsControlAssociationsResponse"}, + "errors":[ + {"shape":"InternalException"}, + {"shape":"LimitExceededException"}, + {"shape":"InvalidAccessException"}, + {"shape":"InvalidInputException"} + ] + }, "BatchImportFindings":{ "name":"BatchImportFindings", "http":{ @@ -106,6 +136,21 @@ {"shape":"InvalidAccessException"} ] }, + "BatchUpdateStandardsControlAssociations":{ + "name":"BatchUpdateStandardsControlAssociations", + "http":{ + "method":"PATCH", + "requestUri":"/associations" + }, + "input":{"shape":"BatchUpdateStandardsControlAssociationsRequest"}, + "output":{"shape":"BatchUpdateStandardsControlAssociationsResponse"}, + "errors":[ + {"shape":"InternalException"}, + {"shape":"LimitExceededException"}, + {"shape":"InvalidAccessException"}, + {"shape":"InvalidInputException"} + ] + }, "CreateActionTarget":{ "name":"CreateActionTarget", "http":{ @@ -733,6 +778,36 @@ {"shape":"LimitExceededException"} ] }, + "ListSecurityControlDefinitions":{ + "name":"ListSecurityControlDefinitions", + "http":{ + "method":"GET", + "requestUri":"/securityControls/definitions" + }, + "input":{"shape":"ListSecurityControlDefinitionsRequest"}, + "output":{"shape":"ListSecurityControlDefinitionsResponse"}, + "errors":[ + {"shape":"InternalException"}, + {"shape":"InvalidInputException"}, + {"shape":"InvalidAccessException"}, + {"shape":"LimitExceededException"} + ] + }, + "ListStandardsControlAssociations":{ + "name":"ListStandardsControlAssociations", + "http":{ + "method":"GET", + "requestUri":"/associations" + }, + "input":{"shape":"ListStandardsControlAssociationsRequest"}, + "output":{"shape":"ListStandardsControlAssociationsResponse"}, + "errors":[ + {"shape":"InternalException"}, + {"shape":"LimitExceededException"}, + {"shape":"InvalidAccessException"}, + {"shape":"InvalidInputException"} + ] + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -1051,6 +1126,13 @@ "type":"list", "member":{"shape":"AssociatedStandard"} }, + "AssociationStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "AutoEnableStandards":{ "type":"string", "enum":[ @@ -5914,6 +5996,36 @@ "StandardsSubscriptions":{"shape":"StandardsSubscriptions"} } }, + "BatchGetSecurityControlsRequest":{ + "type":"structure", + "required":["SecurityControlIds"], + "members":{ + "SecurityControlIds":{"shape":"StringList"} + } + }, + "BatchGetSecurityControlsResponse":{ + "type":"structure", + "required":["SecurityControls"], + "members":{ + "SecurityControls":{"shape":"SecurityControls"}, + "UnprocessedIds":{"shape":"UnprocessedSecurityControls"} + } + }, + "BatchGetStandardsControlAssociationsRequest":{ + "type":"structure", + "required":["StandardsControlAssociationIds"], + "members":{ + "StandardsControlAssociationIds":{"shape":"StandardsControlAssociationIds"} + } + }, + "BatchGetStandardsControlAssociationsResponse":{ + "type":"structure", + "required":["StandardsControlAssociationDetails"], + "members":{ + "StandardsControlAssociationDetails":{"shape":"StandardsControlAssociationDetails"}, + "UnprocessedAssociations":{"shape":"UnprocessedStandardsControlAssociations"} + } + }, "BatchImportFindingsRequest":{ "type":"structure", "required":["Findings"], @@ -5983,6 +6095,19 @@ "type":"list", "member":{"shape":"BatchUpdateFindingsUnprocessedFinding"} }, + "BatchUpdateStandardsControlAssociationsRequest":{ + "type":"structure", + "required":["StandardsControlAssociationUpdates"], + "members":{ + "StandardsControlAssociationUpdates":{"shape":"StandardsControlAssociationUpdates"} + } + }, + "BatchUpdateStandardsControlAssociationsResponse":{ + "type":"structure", + "members":{ + "UnprocessedAssociationUpdates":{"shape":"UnprocessedStandardsControlAssociationUpdates"} + } + }, "Boolean":{"type":"boolean"}, "BooleanFilter":{ "type":"structure", @@ -6078,6 +6203,13 @@ "Privileged":{"shape":"Boolean"} } }, + "ControlFindingGenerator":{ + "type":"string", + "enum":[ + "STANDARD_CONTROL", + "SECURITY_CONTROL" + ] + }, "ControlStatus":{ "type":"string", "enum":[ @@ -6353,7 +6485,8 @@ "members":{ "HubArn":{"shape":"NonEmptyString"}, "SubscribedAt":{"shape":"NonEmptyString"}, - "AutoEnableControls":{"shape":"Boolean"} + "AutoEnableControls":{"shape":"Boolean"}, + "ControlFindingGenerator":{"shape":"ControlFindingGenerator"} } }, "DescribeOrganizationConfigurationRequest":{ @@ -6555,7 +6688,8 @@ "type":"structure", "members":{ "Tags":{"shape":"TagMap"}, - "EnableDefaultStandards":{"shape":"Boolean"} + "EnableDefaultStandards":{"shape":"Boolean"}, + "ControlFindingGenerator":{"shape":"ControlFindingGenerator"} } }, "EnableSecurityHubResponse":{ @@ -7096,6 +7230,63 @@ "NextToken":{"shape":"NextToken"} } }, + "ListSecurityControlDefinitionsRequest":{ + "type":"structure", + "members":{ + "StandardsArn":{ + "shape":"NonEmptyString", + "location":"querystring", + "locationName":"StandardsArn" + }, + "NextToken":{ + "shape":"NextToken", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListSecurityControlDefinitionsResponse":{ + "type":"structure", + "required":["SecurityControlDefinitions"], + "members":{ + "SecurityControlDefinitions":{"shape":"SecurityControlDefinitions"}, + "NextToken":{"shape":"NextToken"} + } + }, + "ListStandardsControlAssociationsRequest":{ + "type":"structure", + "required":["SecurityControlId"], + "members":{ + "SecurityControlId":{ + "shape":"NonEmptyString", + "location":"querystring", + "locationName":"SecurityControlId" + }, + "NextToken":{ + "shape":"NextToken", + "location":"querystring", + "locationName":"NextToken" + }, + "MaxResults":{ + "shape":"MaxResults", + "location":"querystring", + "locationName":"MaxResults" + } + } + }, + "ListStandardsControlAssociationsResponse":{ + "type":"structure", + "required":["StandardsControlAssociationSummaries"], + "members":{ + "StandardsControlAssociationSummaries":{"shape":"StandardsControlAssociationSummaries"}, + "NextToken":{"shape":"NextToken"} + } + }, "ListTagsForResourceRequest":{ "type":"structure", "required":["ResourceArn"], @@ -7475,6 +7666,13 @@ "type":"list", "member":{"shape":"Record"} }, + "RegionAvailabilityStatus":{ + "type":"string", + "enum":[ + "AVAILABLE", + "UNAVAILABLE" + ] + }, "RelatedFinding":{ "type":"structure", "required":[ @@ -7827,6 +8025,54 @@ "Definition":{"shape":"NonEmptyStringList"} } }, + "SecurityControl":{ + "type":"structure", + "required":[ + "SecurityControlId", + "SecurityControlArn", + "Title", + "Description", + "RemediationUrl", + "SeverityRating", + "SecurityControlStatus" + ], + "members":{ + "SecurityControlId":{"shape":"NonEmptyString"}, + "SecurityControlArn":{"shape":"NonEmptyString"}, + "Title":{"shape":"NonEmptyString"}, + "Description":{"shape":"NonEmptyString"}, + "RemediationUrl":{"shape":"NonEmptyString"}, + "SeverityRating":{"shape":"SeverityRating"}, + "SecurityControlStatus":{"shape":"ControlStatus"} + } + }, + "SecurityControlDefinition":{ + "type":"structure", + "required":[ + "SecurityControlId", + "Title", + "Description", + "RemediationUrl", + "SeverityRating", + "CurrentRegionAvailability" + ], + "members":{ + "SecurityControlId":{"shape":"NonEmptyString"}, + "Title":{"shape":"NonEmptyString"}, + "Description":{"shape":"NonEmptyString"}, + "RemediationUrl":{"shape":"NonEmptyString"}, + "SeverityRating":{"shape":"SeverityRating"}, + "CurrentRegionAvailability":{"shape":"RegionAvailabilityStatus"} + } + }, + "SecurityControlDefinitions":{ + "type":"list", + "member":{"shape":"SecurityControlDefinition"} + }, + "SecurityControls":{ + "type":"list", + "member":{"shape":"SecurityControl"} + }, "SecurityGroups":{ "type":"list", "member":{"shape":"NonEmptyString"} @@ -7959,6 +8205,92 @@ "RelatedRequirements":{"shape":"RelatedRequirementsList"} } }, + "StandardsControlArnList":{ + "type":"list", + "member":{"shape":"NonEmptyString"} + }, + "StandardsControlAssociationDetail":{ + "type":"structure", + "required":[ + "StandardsArn", + "SecurityControlId", + "SecurityControlArn", + "AssociationStatus" + ], + "members":{ + "StandardsArn":{"shape":"NonEmptyString"}, + "SecurityControlId":{"shape":"NonEmptyString"}, + "SecurityControlArn":{"shape":"NonEmptyString"}, + "AssociationStatus":{"shape":"AssociationStatus"}, + "RelatedRequirements":{"shape":"RelatedRequirementsList"}, + "UpdatedAt":{"shape":"Timestamp"}, + "UpdatedReason":{"shape":"NonEmptyString"}, + "StandardsControlTitle":{"shape":"NonEmptyString"}, + "StandardsControlDescription":{"shape":"NonEmptyString"}, + "StandardsControlArns":{"shape":"StandardsControlArnList"} + } + }, + "StandardsControlAssociationDetails":{ + "type":"list", + "member":{"shape":"StandardsControlAssociationDetail"} + }, + "StandardsControlAssociationId":{ + "type":"structure", + "required":[ + "SecurityControlId", + "StandardsArn" + ], + "members":{ + "SecurityControlId":{"shape":"NonEmptyString"}, + "StandardsArn":{"shape":"NonEmptyString"} + } + }, + "StandardsControlAssociationIds":{ + "type":"list", + "member":{"shape":"StandardsControlAssociationId"} + }, + "StandardsControlAssociationSummaries":{ + "type":"list", + "member":{"shape":"StandardsControlAssociationSummary"} + }, + "StandardsControlAssociationSummary":{ + "type":"structure", + "required":[ + "StandardsArn", + "SecurityControlId", + "SecurityControlArn", + "AssociationStatus" + ], + "members":{ + "StandardsArn":{"shape":"NonEmptyString"}, + "SecurityControlId":{"shape":"NonEmptyString"}, + "SecurityControlArn":{"shape":"NonEmptyString"}, + "AssociationStatus":{"shape":"AssociationStatus"}, + "RelatedRequirements":{"shape":"RelatedRequirementsList"}, + "UpdatedAt":{"shape":"Timestamp"}, + "UpdatedReason":{"shape":"NonEmptyString"}, + "StandardsControlTitle":{"shape":"NonEmptyString"}, + "StandardsControlDescription":{"shape":"NonEmptyString"} + } + }, + "StandardsControlAssociationUpdate":{ + "type":"structure", + "required":[ + "StandardsArn", + "SecurityControlId", + "AssociationStatus" + ], + "members":{ + "StandardsArn":{"shape":"NonEmptyString"}, + "SecurityControlId":{"shape":"NonEmptyString"}, + "AssociationStatus":{"shape":"AssociationStatus"}, + "UpdatedReason":{"shape":"NonEmptyString"} + } + }, + "StandardsControlAssociationUpdates":{ + "type":"list", + "member":{"shape":"StandardsControlAssociationUpdate"} + }, "StandardsControls":{ "type":"list", "member":{"shape":"StandardsControl"} @@ -8203,6 +8535,63 @@ "type":"list", "member":{"shape":"NonEmptyString"} }, + "UnprocessedErrorCode":{ + "type":"string", + "enum":[ + "INVALID_INPUT", + "ACCESS_DENIED", + "NOT_FOUND", + "LIMIT_EXCEEDED" + ] + }, + "UnprocessedSecurityControl":{ + "type":"structure", + "required":[ + "SecurityControlId", + "ErrorCode" + ], + "members":{ + "SecurityControlId":{"shape":"NonEmptyString"}, + "ErrorCode":{"shape":"UnprocessedErrorCode"}, + "ErrorReason":{"shape":"NonEmptyString"} + } + }, + "UnprocessedSecurityControls":{ + "type":"list", + "member":{"shape":"UnprocessedSecurityControl"} + }, + "UnprocessedStandardsControlAssociation":{ + "type":"structure", + "required":[ + "StandardsControlAssociationId", + "ErrorCode" + ], + "members":{ + "StandardsControlAssociationId":{"shape":"StandardsControlAssociationId"}, + "ErrorCode":{"shape":"UnprocessedErrorCode"}, + "ErrorReason":{"shape":"NonEmptyString"} + } + }, + "UnprocessedStandardsControlAssociationUpdate":{ + "type":"structure", + "required":[ + "StandardsControlAssociationUpdate", + "ErrorCode" + ], + "members":{ + "StandardsControlAssociationUpdate":{"shape":"StandardsControlAssociationUpdate"}, + "ErrorCode":{"shape":"UnprocessedErrorCode"}, + "ErrorReason":{"shape":"NonEmptyString"} + } + }, + "UnprocessedStandardsControlAssociationUpdates":{ + "type":"list", + "member":{"shape":"UnprocessedStandardsControlAssociationUpdate"} + }, + "UnprocessedStandardsControlAssociations":{ + "type":"list", + "member":{"shape":"UnprocessedStandardsControlAssociation"} + }, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -8315,7 +8704,8 @@ "UpdateSecurityHubConfigurationRequest":{ "type":"structure", "members":{ - "AutoEnableControls":{"shape":"Boolean"} + "AutoEnableControls":{"shape":"Boolean"}, + "ControlFindingGenerator":{"shape":"ControlFindingGenerator"} } }, "UpdateSecurityHubConfigurationResponse":{ diff --git a/models/apis/securityhub/2018-10-26/docs-2.json b/models/apis/securityhub/2018-10-26/docs-2.json index 67ade228d21..e45127ff123 100644 --- a/models/apis/securityhub/2018-10-26/docs-2.json +++ b/models/apis/securityhub/2018-10-26/docs-2.json @@ -1,13 +1,16 @@ { "version": "2.0", - "service": "Security Hub provides you with a comprehensive view of the security state of your Amazon Web Services environment and resources. It also provides you with the readiness status of your environment based on controls from supported security standards. Security Hub collects security data from Amazon Web Services accounts, services, and integrated third-party products and helps you analyze security trends in your environment to identify the highest priority security issues. For more information about Security Hub, see the Security HubUser Guide .
When you use operations in the Security Hub API, the requests are executed only in the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, execute the same command for each Region to apply the change to.
For example, if your Region is set to us-west-2, when you use CreateMembers to add a member account to Security Hub, the association of the member account with the administrator account is created only in the us-west-2 Region. Security Hub must be enabled for the member account in the same Region that the invitation was sent from.
The following throttling limits apply to using Security Hub API operations.
BatchEnableStandards - RateLimit of 1 request per second, BurstLimit of 1 request per second.
GetFindings - RateLimit of 3 requests per second. BurstLimit of 6 requests per second.
BatchImportFindings - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
BatchUpdateFindings - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
UpdateStandardsControl - RateLimit of 1 request per second, BurstLimit of 5 requests per second.
All other operations - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
Security Hub provides you with a comprehensive view of the security state of your Amazon Web Services environment and resources. It also provides you with the readiness status of your environment based on controls from supported security standards. Security Hub collects security data from Amazon Web Services accounts, services, and integrated third-party products and helps you analyze security trends in your environment to identify the highest priority security issues. For more information about Security Hub, see the Security HubUser Guide.
When you use operations in the Security Hub API, the requests are executed only in the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, run the same command for each Region in which you want to apply the change.
For example, if your Region is set to us-west-2, when you use CreateMembers to add a member account to Security Hub, the association of the member account with the administrator account is created only in the us-west-2 Region. Security Hub must be enabled for the member account in the same Region that the invitation was sent from.
The following throttling limits apply to using Security Hub API operations.
BatchEnableStandards - RateLimit of 1 request per second. BurstLimit of 1 request per second.
GetFindings - RateLimit of 3 requests per second. BurstLimit of 6 requests per second.
BatchImportFindings - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
BatchUpdateFindings - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
UpdateStandardsControl - RateLimit of 1 request per second. BurstLimit of 5 requests per second.
All other operations - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.
This operation is only used by member accounts that are not added through Organizations.
When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.
", "AcceptInvitation": "This method is deprecated. Instead, use AcceptAdministratorInvitation.
The Security Hub console continues to use AcceptInvitation. It will eventually change to use AcceptAdministratorInvitation. Any IAM policies that specifically control access to this function must continue to use AcceptInvitation. You should also add AcceptAdministratorInvitation to your policies to ensure that the correct permissions are in place after the console begins to use AcceptAdministratorInvitation.
Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.
This operation is only used by member accounts that are not added through Organizations.
When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.
", "BatchDisableStandards": "Disables the standards specified by the provided StandardsSubscriptionArns.
For more information, see Security Standards section of the Security Hub User Guide.
", "BatchEnableStandards": "Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation.
For more information, see the Security Standards section of the Security Hub User Guide.
", + "BatchGetSecurityControls": "Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.
", + "BatchGetStandardsControlAssociations": "For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.
", "BatchImportFindings": "Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.
BatchImportFindings must be called by one of the following:
The Amazon Web Services account that is associated with a finding if you are using the default product ARN or are a partner sending findings from within a customer's Amazon Web Services account. In these cases, the identifier of the account that you are calling BatchImportFindings from needs to be the same as the AwsAccountId attribute for the finding.
An Amazon Web Services account that Security Hub has allow-listed for an official partner integration. In this case, you can call BatchImportFindings from the allow-listed account and send findings from different customer accounts in the same batch.
The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.
After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.
Note
UserDefinedFields
VerificationState
Workflow
Finding providers also should not use BatchImportFindings to update the following attributes.
Confidence
Criticality
RelatedFindings
Severity
Types
Instead, finding providers use FindingProviderFields to provide values for these attributes.
Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.
Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding.
Administrator and member accounts can use BatchUpdateFindings to update the following finding fields and objects.
Confidence
Criticality
Note
RelatedFindings
Severity
Types
UserDefinedFields
VerificationState
Workflow
You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the Security Hub User Guide.
", + "BatchUpdateStandardsControlAssociations": "For a batch of security controls and standards, this operation updates the enablement status of a control in a standard.
", "CreateActionTarget": "Creates a custom action target in Security Hub.
You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.
", "CreateFindingAggregator": "Used to enable finding aggregation. Must be called from the aggregation Region.
For more details about cross-Region replication, see Configuring finding aggregation in the Security Hub User Guide.
", "CreateInsight": "Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.
To group the related findings in the insight, use the GroupByAttribute.
Lists all Security Hub membership invitations that were sent to the current Amazon Web Services account.
This operation is only used by accounts that are managed by invitation. Accounts that are managed using the integration with Organizations do not receive invitations.
", "ListMembers": "Lists details about all member accounts for the current Security Hub administrator account.
The results include both member accounts that belong to an organization and member accounts that were invited manually.
", "ListOrganizationAdminAccounts": "Lists the Security Hub administrator accounts. Can only be called by the organization management account.
", + "ListSecurityControlDefinitions": "Lists all of the security controls that apply to a specified standard.
", + "ListStandardsControlAssociations": "Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.
", "ListTagsForResource": "Returns a list of tags associated with a resource.
", "TagResource": "Adds one or more tags to a resource.
", "UntagResource": "Removes one or more tags from a resource.
", @@ -217,6 +222,14 @@ "Compliance$AssociatedStandards": "The enabled security standards in which a security control is currently enabled.
" } }, + "AssociationStatus": { + "base": null, + "refs": { + "StandardsControlAssociationDetail$AssociationStatus": "Specifies whether a control is enabled or disabled in a specified standard.
", + "StandardsControlAssociationSummary$AssociationStatus": "The enablement status of a control in a specific standard.
", + "StandardsControlAssociationUpdate$AssociationStatus": "The desired enablement status of the control in the standard.
" + } + }, "AutoEnableStandards": { "base": null, "refs": { @@ -2921,7 +2934,7 @@ } }, "AwsRedshiftClusterClusterSnapshotCopyStatus": { - "base": "Information about a cross-Region snapshot copy.
", + "base": "You can configure Amazon Redshift to copy snapshots for a cluster to another Amazon Web Services Region. This parameter provides information about a cross-Region snapshot copy.
", "refs": { "AwsRedshiftClusterDetails$ClusterSnapshotCopyStatus": "Information about the destination Region and retention period for the cross-Region snapshot copy.
" } @@ -3646,6 +3659,26 @@ "refs": { } }, + "BatchGetSecurityControlsRequest": { + "base": null, + "refs": { + } + }, + "BatchGetSecurityControlsResponse": { + "base": null, + "refs": { + } + }, + "BatchGetStandardsControlAssociationsRequest": { + "base": null, + "refs": { + } + }, + "BatchGetStandardsControlAssociationsResponse": { + "base": null, + "refs": { + } + }, "BatchImportFindingsRequest": { "base": null, "refs": { @@ -3684,6 +3717,16 @@ "BatchUpdateFindingsResponse$UnprocessedFindings": "The list of findings that were not updated.
" } }, + "BatchUpdateStandardsControlAssociationsRequest": { + "base": null, + "refs": { + } + }, + "BatchUpdateStandardsControlAssociationsResponse": { + "base": null, + "refs": { + } + }, "Boolean": { "base": null, "refs": { @@ -3950,9 +3993,18 @@ "ResourceDetails$Container": "Details about a container resource related to a finding.
" } }, + "ControlFindingGenerator": { + "base": null, + "refs": { + "DescribeHubResponse$ControlFindingGenerator": "Specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.
If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
The value for this field in a member account matches the value in the administrator account. For accounts that aren't part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 9, 2023.
This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.
If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
The value for this field in a member account matches the value in the administrator account. For accounts that aren't part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 9, 2023.
Updates whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.
If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.
For accounts that are part of an organization, this value can only be updated in the administrator account.
" + } + }, "ControlStatus": { "base": null, "refs": { + "SecurityControl$SecurityControlStatus": "The status of a security control based on the compliance status of its findings. For more information about how control status is determined, see Determining the overall status of a control from its findings in the Security Hub User Guide.
", "StandardsControl$ControlStatus": "The current status of the security standard control. Indicates whether the control is enabled or disabled. Security Hub does not check against disabled controls.
", "UpdateStandardsControlRequest$ControlStatus": "The updated status of the security standard control.
" } @@ -4613,8 +4665,8 @@ "AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails$Min": " The minimum amount of memory, in MiB. If 0 is specified, there's no maximum limit.
The maximum baseline bandwidth, in Mbps. If this parameter is omitted, there's no maximum limit.
", "AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails$Min": "The minimum baseline bandwidth, in Mbps. If this parameter is omitted, there's no minimum limit.
", - "AwsEc2LaunchTemplateDataInstanceRequirementsDetails$OnDemandMaxPricePercentageOverLowestPrice": "The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance, expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.
The parameter accepts an integer, which Amazon EC2 interprets as a percentage.
A high value, such as 999999, turns off price protection.
The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance, expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.
The parameter accepts an integer, which Amazon EC2 interprets as a percentage.
A high value, such as 999999, turns off price protection.
The price protection threshold for On-Demand Instances. This is the maximum you'll pay for an On-Demand Instance, expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.
The parameter accepts an integer, which Amazon EC2 interprets as a percentage.
A high value, such as 999999, turns off price protection.
The price protection threshold for Spot Instances. This is the maximum you'll pay for a Spot Instance, expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.
The parameter accepts an integer, which Amazon EC2 interprets as a percentage.
A high value, such as 999999, turns off price protection.
The maximum amount of memory, in MiB.
", "AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails$Min": "The minimum amount of memory, in MiB.
", "AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails$Max": "The maximum number of network interfaces.
", @@ -4725,7 +4777,7 @@ "AwsRdsDbSnapshotDetails$Port": "The port that the database engine was listening on at the time of the snapshot.
", "AwsRdsDbSnapshotDetails$Iops": "The provisioned IOPS (I/O operations per second) value of the DB instance at the time of the snapshot.
", "AwsRdsDbSnapshotDetails$PercentProgress": "The percentage of the estimated data that has been transferred.
", - "AwsRedshiftClusterClusterSnapshotCopyStatus$ManualSnapshotRetentionPeriod": "The number of days that manual snapshots are retained in the destination region after they are copied from a source region.
If the value is -1, then the manual snapshot is retained indefinitely.
Valid values: Either -1 or an integer between 1 and 3,653
The number of days that manual snapshots are retained in the destination Region after they are copied from a source Region.
If the value is -1, then the manual snapshot is retained indefinitely.
Valid values: Either -1 or an integer between 1 and 3,653
The number of days to retain automated snapshots in the destination Region after they are copied from a source Region.
", "AwsRedshiftClusterDetails$AutomatedSnapshotRetentionPeriod": "The number of days that automatic cluster snapshots are retained.
", "AwsRedshiftClusterDetails$ManualSnapshotRetentionPeriod": "The default number of days to retain a manual snapshot.
If the value is -1, the snapshot is retained indefinitely.
This setting doesn't change the retention period of existing snapshots.
Valid values: Either -1 or an integer between 1 and 3,653
The maximum number of findings to return.
", "GetInsightsRequest$MaxResults": "The maximum number of items to return in the response.
", "ListEnabledProductsForImportRequest$MaxResults": "The maximum number of items to return in the response.
", - "ListFindingAggregatorsRequest$MaxResults": "The maximum number of results to return. This operation currently only returns a single result.
" + "ListFindingAggregatorsRequest$MaxResults": "The maximum number of results to return. This operation currently only returns a single result.
", + "ListSecurityControlDefinitionsRequest$MaxResults": " An optional parameter that limits the total results of the API response to the specified number. If this parameter isn't provided in the request, the results include the first 25 security controls that apply to the specified standard. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 controls. This repeats until all controls for the standard are returned.
An optional parameter that limits the total results of the API response to the specified number. If this parameter isn't provided in the request, the results include the first 25 standard and control associations. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 associations. This repeats until all associations for the specified control are returned. The number of results is limited by the number of supported Security Hub standards that you've enabled in the calling account.
The token that is required for pagination. On your first call to the ListInvitations operation, set the value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
", "ListMembersRequest$NextToken": "The token that is required for pagination. On your first call to the ListMembers operation, set the value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
", "ListOrganizationAdminAccountsRequest$NextToken": "The token that is required for pagination. On your first call to the ListOrganizationAdminAccounts operation, set the value of this parameter to NULL. For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
The pagination token to use to request the next page of results.
" + "ListOrganizationAdminAccountsResponse$NextToken": "The pagination token to use to request the next page of results.
", + "ListSecurityControlDefinitionsRequest$NextToken": "Optional pagination parameter.
", + "ListSecurityControlDefinitionsResponse$NextToken": "A pagination parameter that's included in the response only if it was included in the request.
", + "ListStandardsControlAssociationsRequest$NextToken": "Optional pagination parameter.
", + "ListStandardsControlAssociationsResponse$NextToken": "A pagination parameter that's included in the response only if it was included in the request.
" } }, "NonEmptyString": { @@ -5270,7 +5348,7 @@ "AwsBackupBackupVaultDetails$BackupVaultName": "The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the Amazon Web Services account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
", "AwsBackupBackupVaultDetails$EncryptionKeyArn": "The unique ARN associated with the server-side encryption key. You can specify a key to encrypt your backups from services that support full Backup management. If you do not specify a key, Backup creates an KMS key for you by default.
", "AwsBackupBackupVaultDetails$AccessPolicy": "A resource-based policy that is used to manage access permissions on the target backup vault.
", - "AwsBackupBackupVaultNotificationsDetails$SnsTopicArn": "An ARN that uniquely identifies the Amazon SNS topic for a backup vault’s events.
", + "AwsBackupBackupVaultNotificationsDetails$SnsTopicArn": "The Amazon Resource Name (ARN) that uniquely identifies the Amazon SNS topic for a backup vault's events.
", "AwsBackupRecoveryPointCalculatedLifecycleDetails$DeleteAt": "Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays.
Specifies the number of days after creation that a recovery point is moved to cold storage.
", "AwsBackupRecoveryPointCreatedByDetails$BackupPlanArn": "An Amazon Resource Name (ARN) that uniquely identifies a backup plan.
", @@ -5493,7 +5571,7 @@ "AwsEc2LaunchTemplateDataInstanceRequirementsDetails$LocalStorage": "Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, see Amazon EC2 instance store in the Amazon EC2 User Guide.
", "AwsEc2LaunchTemplateDataLicenseSetDetails$LicenseConfigurationArn": "The Amazon Resource Name (ARN) of the license configuration.
", "AwsEc2LaunchTemplateDataMaintenanceOptionsDetails$AutoRecovery": "Disables the automatic recovery behavior of your instance or sets it to default.
", - "AwsEc2LaunchTemplateDataMetadataOptionsDetails$HttpEndpoint": "Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is enabled, and you won’t be able to access your instance metadata.
", + "AwsEc2LaunchTemplateDataMetadataOptionsDetails$HttpEndpoint": "Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is enabled, and you won't be able to access your instance metadata.
", "AwsEc2LaunchTemplateDataMetadataOptionsDetails$HttpProtocolIpv6": "Enables or disables the IPv6 endpoint for the instance metadata service.
", "AwsEc2LaunchTemplateDataMetadataOptionsDetails$HttpTokens": "The state of token usage for your instance metadata requests.
", "AwsEc2LaunchTemplateDataMetadataOptionsDetails$InstanceMetadataTags": " When set to enabled, this parameter allows access to instance tags from the instance metadata. When set to disabled, it turns off access to instance tags from the instance metadata. For more information, see Work with instance tags in instance metadata in the Amazon EC2 User Guide.
The name of the custom action target. Can contain up to 20 characters.
", "CreateActionTargetRequest$Description": "The description for the custom action target.
", "CreateActionTargetRequest$Id": "The ID for the custom action target. Can contain up to 20 alphanumeric characters.
", - "CreateActionTargetResponse$ActionTargetArn": "The ARN for the custom action target.
", + "CreateActionTargetResponse$ActionTargetArn": "The Amazon Resource Name (ARN) for the custom action target.
", "CreateFindingAggregatorRequest$RegionLinkingMode": "Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.
The selected option also determines how to use the Regions provided in the Regions list.
The options are as follows:
ALL_REGIONS - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
ALL_REGIONS_EXCEPT_SPECIFIED - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.
SPECIFIED_REGIONS - Indicates to aggregate findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.
The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop finding aggregation.
", "CreateFindingAggregatorResponse$FindingAggregationRegion": "The aggregation Region.
", @@ -6340,7 +6418,7 @@ "DataClassificationDetails$DetailedResultsLocation": "The path to the folder or file that contains the sensitive data.
", "DateFilter$Start": "A timestamp that provides the start date for the date filter.
A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.
A timestamp that provides the end date for the date filter.
A correctly formatted example is 2020-05-21T20:16:34.724Z. The value cannot contain spaces, and date and time should be separated by T. For more information, see RFC 3339 section 5.6, Internet Date/Time Format.
The ARN of the custom action target to delete.
", + "DeleteActionTargetRequest$ActionTargetArn": "The Amazon Resource Name (ARN) of the custom action target to delete.
", "DeleteActionTargetResponse$ActionTargetArn": "The ARN of the custom action target that was deleted.
", "DeleteFindingAggregatorRequest$FindingAggregatorArn": "The ARN of the finding aggregator to delete. To obtain the ARN, use ListFindingAggregators.
The ARN of the insight to delete.
", @@ -6402,6 +6480,8 @@ "LimitExceededException$Code": null, "ListInvitationsResponse$NextToken": "The pagination token to use to request the next page of results.
", "ListMembersResponse$NextToken": "The pagination token to use to request the next page of results.
", + "ListSecurityControlDefinitionsRequest$StandardsArn": "The Amazon Resource Name (ARN) of the standard that you want to view controls for.
", + "ListStandardsControlAssociationsRequest$SecurityControlId": " The identifier of the control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) that you want to determine the enablement status of in each enabled standard.
The state code. The initial state of the load balancer is provisioning.
After the load balancer is fully set up and ready to route traffic, its state is active.
If the load balancer could not be set up, its state is failed.
", "LoadBalancerState$Reason": "A description of the state.
", "Malware$Name": "The name of the malware that was observed.
", @@ -6477,6 +6557,15 @@ "RuleGroupSourceStatefulRulesRuleOptionsSettingsList$member": null, "RuleGroupSourceStatelessRuleMatchAttributesDestinations$AddressDefinition": "An IP address or a block of IP addresses.
", "RuleGroupSourceStatelessRuleMatchAttributesSources$AddressDefinition": "An IP address or a block of IP addresses.
", + "SecurityControl$SecurityControlId": "The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number, such as APIGateway.3.
", + "SecurityControl$SecurityControlArn": " The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.
The title of a security control.
", + "SecurityControl$Description": "The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.
", + "SecurityControl$RemediationUrl": "A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
", + "SecurityControlDefinition$SecurityControlId": " The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
The title of a security control.
", + "SecurityControlDefinition$Description": "The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.
", + "SecurityControlDefinition$RemediationUrl": "A link to Security Hub documentation that explains how to remediate a failed finding for a security control.
", "SecurityGroups$member": null, "SensitiveDataDetections$Type": "The type of sensitive data that was detected. For example, the type might indicate that the data is an email address.
", "SensitiveDataResult$Category": "The category of sensitive data that was detected. For example, the category can indicate that the sensitive data involved credentials, financial information, or personal information.
", @@ -6502,6 +6591,24 @@ "StandardsControl$Title": "The title of the security standard control.
", "StandardsControl$Description": "The longer description of the security standard control. Provides information about what the control is checking for.
", "StandardsControl$RemediationUrl": "A link to remediation information for the control in the Security Hub user documentation.
", + "StandardsControlArnList$member": null, + "StandardsControlAssociationDetail$StandardsArn": "The Amazon Resource Name (ARN) of a security standard.
", + "StandardsControlAssociationDetail$SecurityControlId": "The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Service name and a number, such as APIGateway.3.
", + "StandardsControlAssociationDetail$SecurityControlArn": " The ARN of a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.
The reason for updating the enablement status of a control in a specified standard.
", + "StandardsControlAssociationDetail$StandardsControlTitle": "The title of a control. This field may reference a specific standard.
", + "StandardsControlAssociationDetail$StandardsControlDescription": "The description of a control. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter may reference a specific standard.
", + "StandardsControlAssociationId$SecurityControlId": " The unique identifier (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) of a security control across standards.
The ARN of a standard.
", + "StandardsControlAssociationSummary$StandardsArn": "The Amazon Resource Name (ARN) of a standard.
", + "StandardsControlAssociationSummary$SecurityControlId": "A unique standard-agnostic identifier for a control. Values for this field typically consist of an Amazon Web Service and a number, such as APIGateway.5. This field doesn't reference a specific standard.
", + "StandardsControlAssociationSummary$SecurityControlArn": " The ARN of a control, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.
The reason for updating the control's enablement status in a specified standard.
", + "StandardsControlAssociationSummary$StandardsControlTitle": "The title of a control.
", + "StandardsControlAssociationSummary$StandardsControlDescription": "The description of a control. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. The parameter may reference a specific standard.
", + "StandardsControlAssociationUpdate$StandardsArn": "The Amazon Resource Name (ARN) of the standard in which you want to update the control's enablement status.
", + "StandardsControlAssociationUpdate$SecurityControlId": "The unique identifier for the security control whose enablement status you want to update.
", + "StandardsControlAssociationUpdate$UpdatedReason": "The reason for updating the control's enablement status in the standard.
", "StandardsInputParameterMap$key": null, "StandardsInputParameterMap$value": null, "StandardsManagedBy$Company": "An identifier for the company that manages a specific security standard. For existing standards, the value is equal to Amazon Web Services.
The source of the threat intelligence indicator.
", "ThreatIntelIndicator$SourceUrl": "The URL to the page or site where you can get more information about the threat intelligence indicator.
", "TypeList$member": null, + "UnprocessedSecurityControl$SecurityControlId": " The control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) for which a response couldn't be returned.
The reason why the security control was unprocessed.
", + "UnprocessedStandardsControlAssociation$ErrorReason": "The reason why the standard and control association was unprocessed.
", + "UnprocessedStandardsControlAssociationUpdate$ErrorReason": "The reason why a control's enablement status in the specified standard couldn't be updated.
", "UpdateActionTargetRequest$ActionTargetArn": "The ARN of the custom action target to update.
", "UpdateActionTargetRequest$Name": "The updated name of the custom action target.
", "UpdateActionTargetRequest$Description": "The updated description for the custom action target.
", @@ -6811,6 +6922,12 @@ "Occurrences$Records": "Occurrences of sensitive data in an Apache Avro object container or an Apache Parquet file.
" } }, + "RegionAvailabilityStatus": { + "base": null, + "refs": { + "SecurityControlDefinition$CurrentRegionAvailability": "Specifies whether a security control is available in the current Amazon Web Services Region.
" + } + }, "RelatedFinding": { "base": "Details about a related finding.
", "refs": { @@ -6829,7 +6946,9 @@ "base": null, "refs": { "Compliance$RelatedRequirements": "For a control, the industry or regulatory framework requirements that are related to the control. The check for that control is aligned with these requirements.
", - "StandardsControl$RelatedRequirements": "The list of requirements that are related to this control.
" + "StandardsControl$RelatedRequirements": "The list of requirements that are related to this control.
", + "StandardsControlAssociationDetail$RelatedRequirements": "The requirement that underlies a control in the compliance framework related to the standard.
", + "StandardsControlAssociationSummary$RelatedRequirements": "The requirement that underlies this control in the compliance framework related to the standard.
" } }, "Remediation": { @@ -7071,6 +7190,30 @@ "RuleGroupVariables$PortSets": "A list of port ranges.
" } }, + "SecurityControl": { + "base": "A security control in Security Hub describes a security best practice related to a specific resource.
", + "refs": { + "SecurityControls$member": null + } + }, + "SecurityControlDefinition": { + "base": "Provides metadata for a security control, including its unique standard-agnostic identifier, title, description, severity, availability in Amazon Web Services Regions, and a link to remediation steps.
", + "refs": { + "SecurityControlDefinitions$member": null + } + }, + "SecurityControlDefinitions": { + "base": null, + "refs": { + "ListSecurityControlDefinitionsResponse$SecurityControlDefinitions": "An array of controls that apply to the specified standard.
" + } + }, + "SecurityControls": { + "base": null, + "refs": { + "BatchGetSecurityControlsResponse$SecurityControls": " An array that returns the identifier, Amazon Resource Name (ARN), and other details about a security control. The same information is returned whether the request includes SecurityControlId or SecurityControlArn.
The severity of the finding.
The finding provider can provide the initial severity. The finding provider can only update the severity if it has not been updated using BatchUpdateFindings.
The finding must have either Label or Normalized populated. If only one of these attributes is populated, then Security Hub automatically populates the other one. If neither attribute is populated, then the finding is invalid. Label is the preferred attribute.
The severity of the finding.
The finding provider can provide the initial severity. The finding provider can only update the severity if it hasn't been updated using BatchUpdateFindings.
The finding must have either Label or Normalized populated. If only one of these attributes is populated, then Security Hub automatically populates the other one. If neither attribute is populated, then the finding is invalid. Label is the preferred attribute.
A finding's severity.
" } @@ -7118,6 +7261,8 @@ "SeverityRating": { "base": null, "refs": { + "SecurityControl$SeverityRating": "The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide.
", + "SecurityControlDefinition$SeverityRating": "The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide.
", "StandardsControl$SeverityRating": "The severity of findings generated from this security standard control.
The finding severity is based on an assessment of how easy it would be to compromise Amazon Web Services resources if the issue is detected.
" } }, @@ -7182,6 +7327,62 @@ "StandardsControls$member": null } }, + "StandardsControlArnList": { + "base": null, + "refs": { + "StandardsControlAssociationDetail$StandardsControlArns": "Provides the input parameter that Security Hub uses to call the UpdateStandardsControl API. This API can be used to enable or disable a control in a specified standard.
" + } + }, + "StandardsControlAssociationDetail": { + "base": "Provides details about a control's enablement status in a specified standard.
", + "refs": { + "StandardsControlAssociationDetails$member": null + } + }, + "StandardsControlAssociationDetails": { + "base": null, + "refs": { + "BatchGetStandardsControlAssociationsResponse$StandardsControlAssociationDetails": "Provides the enablement status of a security control in a specified standard and other details for the control in relation to the specified standard.
" + } + }, + "StandardsControlAssociationId": { + "base": " An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. The security control ID or ARN is the same across standards.
An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This parameter shows the specific controls for which the enablement status couldn't be retrieved in specified standards when calling BatchUpdateStandardsControlAssociations.
An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This field is used to query the enablement status of a control in a specified standard. The security control ID or ARN is the same across standards.
An array that provides the enablement status and other details for each security control that applies to each enabled standard.
" + } + }, + "StandardsControlAssociationSummary": { + "base": "An array that provides the enablement status and other details for each control that applies to each enabled standard.
", + "refs": { + "StandardsControlAssociationSummaries$member": null + } + }, + "StandardsControlAssociationUpdate": { + "base": "An array of requested updates to the enablement status of controls in specified standards. The objects in the array include a security control ID, the Amazon Resource Name (ARN) of the standard, the requested enablement status, and the reason for updating the enablement status.
", + "refs": { + "StandardsControlAssociationUpdates$member": null, + "UnprocessedStandardsControlAssociationUpdate$StandardsControlAssociationUpdate": "An array of control and standard associations for which an update failed when calling BatchUpdateStandardsControlAssociations.
" + } + }, + "StandardsControlAssociationUpdates": { + "base": null, + "refs": { + "BatchUpdateStandardsControlAssociationsRequest$StandardsControlAssociationUpdates": "Updates the enablement status of a security control in a specified standard.
" + } + }, "StandardsControls": { "base": null, "refs": { @@ -7399,6 +7600,7 @@ "AwsRdsPendingCloudWatchLogsExports$LogTypesToEnable": "A list of log types that are being enabled.
", "AwsRdsPendingCloudWatchLogsExports$LogTypesToDisable": "A list of log types that are being disabled.
", "AwsRedshiftClusterDetails$PendingActions": "A list of cluster operations that are waiting to start.
", + "BatchGetSecurityControlsRequest$SecurityControlIds": " A list of security controls (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters). The security control ID or Amazon Resource Name (ARN) is the same across standards.
If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
The list of excluded Regions or included Regions.
", "GetFindingAggregatorResponse$Regions": "The list of excluded Regions or included Regions.
", @@ -7488,7 +7690,9 @@ "Invitation$InvitedAt": "The timestamp of when the invitation was sent.
", "Member$InvitedAt": "A timestamp for the date and time when the invitation was sent to the member account.
", "Member$UpdatedAt": "The timestamp for the date and time when the member account was updated.
", - "StandardsControl$ControlStatusUpdatedAt": "The date and time that the status of the security standard control was most recently updated.
" + "StandardsControl$ControlStatusUpdatedAt": "The date and time that the status of the security standard control was most recently updated.
", + "StandardsControlAssociationDetail$UpdatedAt": "The time at which the enablement status of the control in the specified standard was last updated.
", + "StandardsControlAssociationSummary$UpdatedAt": "The last time that a control's enablement status in a specified standard was updated.
" } }, "TypeList": { @@ -7499,6 +7703,50 @@ "FindingProviderFields$Types": "One or more finding types in the format of namespace/category/classifier that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
" } }, + "UnprocessedErrorCode": { + "base": null, + "refs": { + "UnprocessedSecurityControl$ErrorCode": "The error code for the unprocessed security control.
", + "UnprocessedStandardsControlAssociation$ErrorCode": "The error code for the unprocessed standard and control association.
", + "UnprocessedStandardsControlAssociationUpdate$ErrorCode": "The error code for the unprocessed update of the control's enablement status in the specified standard.
" + } + }, + "UnprocessedSecurityControl": { + "base": "Provides details about a security control for which a response couldn't be returned.
", + "refs": { + "UnprocessedSecurityControls$member": null + } + }, + "UnprocessedSecurityControls": { + "base": null, + "refs": { + "BatchGetSecurityControlsResponse$UnprocessedIds": " A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) for which details cannot be returned.
Provides details about which control's enablement status couldn't be retrieved in a specified standard when calling BatchUpdateStandardsControlAssociations. This parameter also provides details about why the request was unprocessed.
", + "refs": { + "UnprocessedStandardsControlAssociations$member": null + } + }, + "UnprocessedStandardsControlAssociationUpdate": { + "base": "Provides details about which control's enablement status could not be updated in a specified standard when calling the BatchUpdateStandardsControlAssociations API. This parameter also provides details about why the request was unprocessed.
", + "refs": { + "UnprocessedStandardsControlAssociationUpdates$member": null + } + }, + "UnprocessedStandardsControlAssociationUpdates": { + "base": null, + "refs": { + "BatchUpdateStandardsControlAssociationsResponse$UnprocessedAssociationUpdates": " A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) whose enablement status in a specified standard couldn't be updated.
A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) whose enablement status in a specified standard cannot be returned.
Gets information about the specified portfolio.
A delegated admin is authorized to invoke this command.
", "DescribePortfolioShareStatus": "Gets the status of the specified portfolio share operation. This API can only be called by the management account in the organization or by a delegated admin.
", "DescribePortfolioShares": "Returns a summary of each of the portfolio shares that were created for the specified portfolio.
You can use this API to determine which accounts or organizational nodes this portfolio have been shared, whether the recipient entity has imported the share, and whether TagOptions are included with the share.
The PortfolioId and Type parameters are both required.
Gets information about the specified product.
", + "DescribeProduct": "Gets information about the specified product.
Running this operation with administrator access results in a failure. DescribeProductAsAdmin should be used instead.
Gets information about the specified product. This operation is run with administrator access.
", "DescribeProductView": "Gets information about the specified product.
", "DescribeProvisionedProduct": "Gets information about the specified provisioned product.
", @@ -54,11 +54,11 @@ "ExecuteProvisionedProductServiceAction": "Executes a self-service action against a provisioned product.
", "GetAWSOrganizationsAccessStatus": "Get the Access Status for Organizations portfolio share feature. This API can only be called by the management account in the organization or by a delegated admin.
", "GetProvisionedProductOutputs": "This API takes either a ProvisonedProductId or a ProvisionedProductName, along with a list of one or more output keys, and responds with the key/value pairs of those outputs.
Requests the import of a resource as an Service Catalog provisioned product that is associated to an Service Catalog product and provisioning artifact. Once imported, all supported Service Catalog governance actions are supported on the provisioned product.
Resource import only supports CloudFormation stack ARNs. CloudFormation StackSets and non-root nested stacks are not supported.
The CloudFormation stack must have one of the following statuses to be imported: CREATE_COMPLETE, UPDATE_COMPLETE, UPDATE_ROLLBACK_COMPLETE, IMPORT_COMPLETE, IMPORT_ROLLBACK_COMPLETE.
Import of the resource requires that the CloudFormation stack template matches the associated Service Catalog product provisioning artifact.
The user or role that performs this operation must have the cloudformation:GetTemplate and cloudformation:DescribeStacks IAM policy permissions.
Requests the import of a resource as an Service Catalog provisioned product that is associated to an Service Catalog product and provisioning artifact. Once imported, all supported governance actions are supported on the provisioned product.
Resource import only supports CloudFormation stack ARNs. CloudFormation StackSets, and non-root nested stacks are not supported.
The CloudFormation stack must have one of the following statuses to be imported: CREATE_COMPLETE, UPDATE_COMPLETE, UPDATE_ROLLBACK_COMPLETE, IMPORT_COMPLETE, and IMPORT_ROLLBACK_COMPLETE.
Import of the resource requires that the CloudFormation stack template matches the associated Service Catalog product provisioning artifact.
When you import an existing CloudFormation stack into a portfolio, constraints that are associated with the product aren't applied during the import process. The constraints are applied after you call UpdateProvisionedProduct for the provisioned product.
The user or role that performs this operation must have the cloudformation:GetTemplate and cloudformation:DescribeStacks IAM policy permissions.
Lists all imported portfolios for which account-to-account shares were accepted by this account. By specifying the PortfolioShareType, you can list portfolios for which organizational shares were accepted by this account.
Lists all the budgets associated to the specified resource.
", "ListConstraintsForPortfolio": "Lists the constraints for the specified portfolio and product.
", - "ListLaunchPaths": "Lists the paths to the specified product. A path is how the user has access to a specified product, and is necessary when provisioning a product. A path also determines the constraints put on the product.
", + "ListLaunchPaths": "Lists the paths to the specified product. A path describes how the user gets access to a specified product and is necessary when provisioning a product. A path also determines the constraints that are put on a product. A path is dependent on a specific product, porfolio, and principal.
When provisioning a product that's been added to a portfolio, you must grant your user, group, or role access to the portfolio. For more information, see Granting users access in the Service Catalog User Guide.
Lists the organization nodes that have access to the specified portfolio. This API can only be called by the management account in the organization or by a delegated admin.
If a delegated admin is de-registered, they can no longer perform this operation.
", "ListPortfolioAccess": "Lists the account IDs that have access to the specified portfolio.
A delegated admin can list the accounts that have access to the shared portfolio. Note that if a delegated admin is de-registered, they can no longer perform this operation.
", "ListPortfolios": "Lists all portfolios in the catalog.
", @@ -73,12 +73,12 @@ "ListServiceActionsForProvisioningArtifact": "Returns a paginated list of self-service actions associated with the specified Product ID and Provisioning Artifact ID.
", "ListStackInstancesForProvisionedProduct": "Returns summary information about stack instances that are associated with the specified CFN_STACKSET type provisioned product. You can filter for stack instances that are associated with a specific Amazon Web Services account name or Region.
Lists the specified TagOptions or all TagOptions.
", - "ProvisionProduct": "Provisions the specified product.
A provisioned product is a resourced instance of a product. For example, provisioning a product based on a CloudFormation template launches a CloudFormation stack and its underlying resources. You can check the status of this request using DescribeRecord.
If the request contains a tag key with an empty list of values, there is a tag conflict for that key. Do not include conflicted keys as tags, or this causes the error \"Parameter validation failed: Missing required parameter in Tags[N]:Value\".
", + "ProvisionProduct": "Provisions the specified product.
A provisioned product is a resourced instance of a product. For example, provisioning a product that's based on an CloudFormation template launches an CloudFormation stack and its underlying resources. You can check the status of this request using DescribeRecord.
If the request contains a tag key with an empty list of values, there's a tag conflict for that key. Don't include conflicted keys as tags, or this will cause the error \"Parameter validation failed: Missing required parameter in Tags[N]:Value\".
When provisioning a product that's been added to a portfolio, you must grant your user, group, or role access to the portfolio. For more information, see Granting users access in the Service Catalog User Guide.
Rejects an offer to share the specified portfolio.
", "ScanProvisionedProducts": "Lists the provisioned products that are available (not terminated).
To use additional filtering, see SearchProvisionedProducts.
", "SearchProducts": "Gets information about the products to which the caller has access.
", "SearchProductsAsAdmin": "Gets information about the products for the specified portfolio or all products.
", - "SearchProvisionedProducts": "Gets information about the provisioned products that meet the specified criteria.
To ensure a complete list of provisioned products and remove duplicate products, use sort-by createdTime.
Here is a CLI example:
aws servicecatalog search-provisioned-products --sort-by createdTime
Gets information about the provisioned products that meet the specified criteria.
", "TerminateProvisionedProduct": "Terminates the specified provisioned product.
This operation does not delete any records associated with the provisioned product.
You can check the status of this request using DescribeRecord.
", "UpdateConstraint": "Updates the specified constraint.
", "UpdatePortfolio": "Updates the specified portfolio.
You cannot update a product that was shared with you.
", diff --git a/models/apis/servicecatalog/2015-12-10/endpoint-rule-set-1.json b/models/apis/servicecatalog/2015-12-10/endpoint-rule-set-1.json index 91983d9e772..5c89793f98f 100644 --- a/models/apis/servicecatalog/2015-12-10/endpoint-rule-set-1.json +++ b/models/apis/servicecatalog/2015-12-10/endpoint-rule-set-1.json @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,23 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] - }, - { - "fn": "parseURL", - "argv": [ - { - "ref": "Endpoint" - } - ], - "assign": "url" } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -71,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -140,90 +111,215 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://servicecatalog-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } ] }, { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsDualStack" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://servicecatalog-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://servicecatalog-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsFIPS" + true ] } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://servicecatalog.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", @@ -231,7 +327,7 @@ { "conditions": [], "endpoint": { - "url": "https://servicecatalog-fips.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://servicecatalog.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -240,74 +336,13 @@ ] } ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://servicecatalog.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "endpoint": { - "url": "https://servicecatalog.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/servicecatalog/2015-12-10/endpoint-tests-1.json b/models/apis/servicecatalog/2015-12-10/endpoint-tests-1.json index 3794c239949..26eca4afaee 100644 --- a/models/apis/servicecatalog/2015-12-10/endpoint-tests-1.json +++ b/models/apis/servicecatalog/2015-12-10/endpoint-tests-1.json @@ -1,770 +1,29 @@ { "testCases": [ { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.ap-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.ap-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.ap-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.ap-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.us-gov-east-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.us-gov-east-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.us-gov-east-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.us-gov-east-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.ca-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.ca-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.ca-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.ca-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.us-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.us-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.us-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.us-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.us-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.us-west-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.us-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.us-west-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "us-west-2" - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.af-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.af-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.af-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.af-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "af-south-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-north-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-north-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-north-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-north-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-west-3.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-west-3.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-west-3.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-west-3.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-west-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-west-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.eu-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.eu-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.ap-northeast-3.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.ap-northeast-3.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.ap-northeast-3.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.ap-northeast-3.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.ap-northeast-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.ap-northeast-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.ap-northeast-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.ap-northeast-2.amazonaws.com" + "url": "https://servicecatalog.af-south-1.amazonaws.com" } }, "params": { + "Region": "af-south-1", "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.ap-northeast-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-northeast-1" + "UseFIPS": false } }, { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.ap-northeast-1.amazonaws.com" + "url": "https://servicecatalog.ap-east-1.amazonaws.com" } }, "params": { + "Region": "ap-east-1", "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-northeast-1" - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog.ap-northeast-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-northeast-1" + "UseFIPS": false } }, { @@ -775,585 +34,547 @@ } }, "params": { + "Region": "ap-northeast-1", "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-northeast-1" + "UseFIPS": false } }, { - "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.me-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "me-south-1" - } - }, - { - "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.me-south-1.amazonaws.com" + "url": "https://servicecatalog.ap-northeast-2.amazonaws.com" } }, "params": { + "Region": "ap-northeast-2", "UseDualStack": false, - "UseFIPS": true, - "Region": "me-south-1" + "UseFIPS": false } }, { - "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.me-south-1.api.aws" + "url": "https://servicecatalog.ap-northeast-3.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "me-south-1" + "Region": "ap-northeast-3", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.me-south-1.amazonaws.com" + "url": "https://servicecatalog.ap-south-1.amazonaws.com" } }, "params": { + "Region": "ap-south-1", "UseDualStack": false, - "UseFIPS": false, - "Region": "me-south-1" + "UseFIPS": false } }, { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.sa-east-1.api.aws" + "url": "https://servicecatalog.ap-southeast-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "sa-east-1" + "Region": "ap-southeast-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.sa-east-1.amazonaws.com" + "url": "https://servicecatalog.ap-southeast-2.amazonaws.com" } }, "params": { + "Region": "ap-southeast-2", "UseDualStack": false, - "UseFIPS": true, - "Region": "sa-east-1" + "UseFIPS": false } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.sa-east-1.api.aws" + "url": "https://servicecatalog.ap-southeast-3.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "sa-east-1" + "Region": "ap-southeast-3", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.sa-east-1.amazonaws.com" + "url": "https://servicecatalog.ca-central-1.amazonaws.com" } }, "params": { + "Region": "ca-central-1", "UseDualStack": false, - "UseFIPS": false, - "Region": "sa-east-1" + "UseFIPS": false } }, { - "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.ap-east-1.api.aws" + "url": "https://servicecatalog.eu-central-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-east-1" + "Region": "eu-central-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.ap-east-1.amazonaws.com" + "url": "https://servicecatalog.eu-north-1.amazonaws.com" } }, "params": { + "Region": "eu-north-1", "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-east-1" + "UseFIPS": false } }, { - "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.ap-east-1.api.aws" + "url": "https://servicecatalog.eu-south-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-east-1" + "Region": "eu-south-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.ap-east-1.amazonaws.com" + "url": "https://servicecatalog.eu-west-1.amazonaws.com" } }, "params": { + "Region": "eu-west-1", "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-east-1" + "UseFIPS": false } }, { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.cn-north-1.api.amazonwebservices.com.cn" + "url": "https://servicecatalog.eu-west-2.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "cn-north-1" + "Region": "eu-west-2", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.cn-north-1.amazonaws.com.cn" + "url": "https://servicecatalog.eu-west-3.amazonaws.com" } }, "params": { + "Region": "eu-west-3", "UseDualStack": false, - "UseFIPS": true, - "Region": "cn-north-1" + "UseFIPS": false } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.cn-north-1.api.amazonwebservices.com.cn" + "url": "https://servicecatalog.me-south-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "cn-north-1" + "Region": "me-south-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.cn-north-1.amazonaws.com.cn" + "url": "https://servicecatalog.sa-east-1.amazonaws.com" } }, "params": { + "Region": "sa-east-1", "UseDualStack": false, - "UseFIPS": false, - "Region": "cn-north-1" + "UseFIPS": false } }, { - "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.us-gov-west-1.api.aws" + "url": "https://servicecatalog.us-east-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-gov-west-1" + "Region": "us-east-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.us-gov-west-1.amazonaws.com" + "url": "https://servicecatalog-fips.us-east-1.amazonaws.com" } }, "params": { + "Region": "us-east-1", "UseDualStack": false, - "UseFIPS": true, - "Region": "us-gov-west-1" + "UseFIPS": true } }, { - "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.us-gov-west-1.api.aws" + "url": "https://servicecatalog.us-east-2.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-gov-west-1" + "Region": "us-east-2", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.us-gov-west-1.amazonaws.com" + "url": "https://servicecatalog-fips.us-east-2.amazonaws.com" } }, "params": { + "Region": "us-east-2", "UseDualStack": false, - "UseFIPS": false, - "Region": "us-gov-west-1" + "UseFIPS": true } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.ap-southeast-1.api.aws" + "url": "https://servicecatalog.us-west-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-southeast-1" + "Region": "us-west-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.ap-southeast-1.amazonaws.com" + "url": "https://servicecatalog-fips.us-west-1.amazonaws.com" } }, "params": { + "Region": "us-west-1", "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-southeast-1" + "UseFIPS": true } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.ap-southeast-1.api.aws" + "url": "https://servicecatalog.us-west-2.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-southeast-1" + "Region": "us-west-2", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.ap-southeast-1.amazonaws.com" + "url": "https://servicecatalog-fips.us-west-2.amazonaws.com" } }, "params": { + "Region": "us-west-2", "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-southeast-1" + "UseFIPS": true } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.ap-southeast-2.api.aws" + "url": "https://servicecatalog-fips.us-east-1.api.aws" } }, "params": { + "Region": "us-east-1", "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-southeast-2" - } - }, - { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.ap-southeast-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-southeast-2" + "UseFIPS": true } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://servicecatalog.ap-southeast-2.api.aws" + "url": "https://servicecatalog.us-east-1.api.aws" } }, "params": { + "Region": "us-east-1", "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-southeast-2" + "UseFIPS": false } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.ap-southeast-2.amazonaws.com" + "url": "https://servicecatalog.cn-north-1.amazonaws.com.cn" } }, "params": { + "Region": "cn-north-1", "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-southeast-2" - } - }, - { - "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://servicecatalog-fips.ap-southeast-3.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-southeast-3" + "UseFIPS": false } }, { - "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack disabled", + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.ap-southeast-3.amazonaws.com" + "url": "https://servicecatalog.cn-northwest-1.amazonaws.com.cn" } }, "params": { + "Region": "cn-northwest-1", "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-southeast-3" + "UseFIPS": false } }, { - "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://servicecatalog.ap-southeast-3.api.aws" + "url": "https://servicecatalog-fips.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { + "Region": "cn-north-1", "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-southeast-3" + "UseFIPS": true } }, { - "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.ap-southeast-3.amazonaws.com" + "url": "https://servicecatalog-fips.cn-north-1.amazonaws.com.cn" } }, "params": { + "Region": "cn-north-1", "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-southeast-3" + "UseFIPS": true } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.us-east-1.api.aws" + "url": "https://servicecatalog.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { + "Region": "cn-north-1", "UseDualStack": true, - "UseFIPS": true, - "Region": "us-east-1" + "UseFIPS": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.us-east-1.amazonaws.com" + "url": "https://servicecatalog.us-gov-east-1.amazonaws.com" } }, "params": { + "Region": "us-gov-east-1", "UseDualStack": false, - "UseFIPS": true, - "Region": "us-east-1" + "UseFIPS": false } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.us-east-1.api.aws" + "url": "https://servicecatalog-fips.us-gov-east-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-east-1" + "Region": "us-gov-east-1", + "UseDualStack": false, + "UseFIPS": true } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.us-east-1.amazonaws.com" + "url": "https://servicecatalog.us-gov-west-1.amazonaws.com" } }, "params": { + "Region": "us-gov-west-1", "UseDualStack": false, - "UseFIPS": false, - "Region": "us-east-1" + "UseFIPS": false } }, { - "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.us-east-2.api.aws" + "url": "https://servicecatalog-fips.us-gov-west-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-east-2" + "Region": "us-gov-west-1", + "UseDualStack": false, + "UseFIPS": true } }, { - "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.us-east-2.amazonaws.com" + "url": "https://servicecatalog-fips.us-gov-east-1.api.aws" } }, "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-east-2" + "Region": "us-gov-east-1", + "UseDualStack": true, + "UseFIPS": true } }, { - "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://servicecatalog.us-east-2.api.aws" + "url": "https://servicecatalog.us-gov-east-1.api.aws" } }, "params": { + "Region": "us-gov-east-1", "UseDualStack": true, - "UseFIPS": false, - "Region": "us-east-2" + "UseFIPS": false } }, { - "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.us-east-2.amazonaws.com" + "url": "https://servicecatalog-fips.us-iso-east-1.c2s.ic.gov" } }, "params": { + "Region": "us-iso-east-1", "UseDualStack": false, - "UseFIPS": false, - "Region": "us-east-2" + "UseFIPS": true } }, { - "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.cn-northwest-1.api.amazonwebservices.com.cn" + "url": "https://servicecatalog.us-iso-east-1.c2s.ic.gov" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "cn-northwest-1" + "Region": "us-iso-east-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog-fips.cn-northwest-1.amazonaws.com.cn" + "url": "https://servicecatalog-fips.us-isob-east-1.sc2s.sgov.gov" } }, "params": { + "Region": "us-isob-east-1", "UseDualStack": false, - "UseFIPS": true, - "Region": "cn-northwest-1" + "UseFIPS": true } }, { - "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.cn-northwest-1.api.amazonwebservices.com.cn" + "url": "https://servicecatalog.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "cn-northwest-1" + "Region": "us-isob-east-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { - "url": "https://servicecatalog.cn-northwest-1.amazonaws.com.cn" + "url": "https://example.com" } }, "params": { + "Region": "us-east-1", "UseDualStack": false, "UseFIPS": false, - "Region": "cn-northwest-1" + "Endpoint": "https://example.com" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" @@ -1362,7 +583,6 @@ "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -1372,9 +592,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { + "Region": "us-east-1", "UseDualStack": false, "UseFIPS": true, - "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -1384,9 +604,9 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { + "Region": "us-east-1", "UseDualStack": true, "UseFIPS": false, - "Region": "us-east-1", "Endpoint": "https://example.com" } } diff --git a/service/connect/api.go b/service/connect/api.go index 5fef428792d..4b805fed792 100644 --- a/service/connect/api.go +++ b/service/connect/api.go @@ -42675,6 +42675,10 @@ type StartTaskContactInput struct { // A formatted URL that is shown to an agent in the Contact Control Panel (CCP). References map[string]*Reference `type:"map"` + // The contactId that is related (https://docs.aws.amazon.com/connect/latest/adminguide/tasks.html#linked-tasks) + // to this contact. + RelatedContactId *string `min:"1" type:"string"` + // The timestamp, in Unix Epoch seconds format, at which to start running the // inbound flow. The scheduled time cannot be in the past. It must be within // up to 6 days in future. @@ -42717,6 +42721,9 @@ func (s *StartTaskContactInput) Validate() error { if s.PreviousContactId != nil && len(*s.PreviousContactId) < 1 { invalidParams.Add(request.NewErrParamMinLen("PreviousContactId", 1)) } + if s.RelatedContactId != nil && len(*s.RelatedContactId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RelatedContactId", 1)) + } if s.TaskTemplateId != nil && len(*s.TaskTemplateId) < 1 { invalidParams.Add(request.NewErrParamMinLen("TaskTemplateId", 1)) } @@ -42791,6 +42798,12 @@ func (s *StartTaskContactInput) SetReferences(v map[string]*Reference) *StartTas return s } +// SetRelatedContactId sets the RelatedContactId field's value. +func (s *StartTaskContactInput) SetRelatedContactId(v string) *StartTaskContactInput { + s.RelatedContactId = &v + return s +} + // SetScheduledTime sets the ScheduledTime field's value. func (s *StartTaskContactInput) SetScheduledTime(v time.Time) *StartTaskContactInput { s.ScheduledTime = &v diff --git a/service/connectcases/api.go b/service/connectcases/api.go index 967483ce7f0..e9a6bbe8cd5 100644 --- a/service/connectcases/api.go +++ b/service/connectcases/api.go @@ -253,7 +253,12 @@ func (c *ConnectCases) CreateCaseRequest(input *CreateCaseInput) (req *request.R // Creates a case in the specified Cases domain. Case system and custom fields // are taken as an array id/value pairs with a declared data types. // -// customer_id is a required field when creating a case. +// The following fields are required when creating a case: +// +// customer_id - You must provide the full customer
+// profile ARN in this format: arn:aws:profile:your AWS Region:your
+// AWS account ID:domains/profiles domain name/profiles/profile ID
+//
title
For more information about Amazon Connect Cases, see Amazon -// Connect Cases in the Amazon Connect Administrator Guide.
+// With Amazon Connect Cases, your agents can track and manage customer issues +// that require multiple interactions, follow-up tasks, and teams in your contact +// center. A case represents a customer issue. It records the issue, the steps +// and interactions taken to resolve the issue, and the outcome. For more information, +// see Amazon Connect Cases (https://docs.aws.amazon.com/connect/latest/adminguide/cases.html) +// in the Amazon Connect Administrator Guide. // // See https://docs.aws.amazon.com/goto/WebAPI/connectcases-2022-10-03 for more information on this service. // diff --git a/service/redshift/api.go b/service/redshift/api.go index d55a64689ce..ac5d393adb1 100644 --- a/service/redshift/api.go +++ b/service/redshift/api.go @@ -13940,7 +13940,7 @@ type AuthorizeSnapshotAccessInput struct { SnapshotArn *string `type:"string"` // The identifier of the cluster the snapshot was created from. This parameter - // is required if your IAM user has a policy containing a snapshot resource + // is required if your IAM user or role has a policy containing a snapshot resource // element that specifies anything other than * for the cluster name. SnapshotClusterIdentifier *string `type:"string"` @@ -15867,8 +15867,9 @@ type CopyClusterSnapshotInput struct { ManualSnapshotRetentionPeriod *int64 `type:"integer"` // The identifier of the cluster the source snapshot was created from. This - // parameter is required if your IAM user has a policy containing a snapshot - // resource element that specifies anything other than * for the cluster name. + // parameter is required if your IAM user or role has a policy containing a + // snapshot resource element that specifies anything other than * for the cluster + // name. // // Constraints: // @@ -16299,8 +16300,8 @@ type CreateClusterInput struct { // The value must be either -1 or an integer between 1 and 3,653. ManualSnapshotRetentionPeriod *int64 `type:"integer"` - // The password associated with the admin user account for the cluster that - // is being created. + // The password associated with the admin user for the cluster that is being + // created. // // Constraints: // @@ -16318,8 +16319,8 @@ type CreateClusterInput struct { // MasterUserPassword is a required field MasterUserPassword *string `type:"string" required:"true"` - // The user name associated with the admin user account for the cluster that - // is being created. + // The user name associated with the admin user for the cluster that is being + // created. // // Constraints: // @@ -19492,8 +19493,9 @@ type DeleteClusterSnapshotInput struct { _ struct{} `type:"structure"` // The unique identifier of the cluster the snapshot was created from. This - // parameter is required if your IAM user has a policy containing a snapshot - // resource element that specifies anything other than * for the cluster name. + // parameter is required if your IAM user or role has a policy containing a + // snapshot resource element that specifies anything other than * for the cluster + // name. // // Constraints: Must be the name of valid cluster. SnapshotClusterIdentifier *string `type:"string"` @@ -19554,8 +19556,9 @@ type DeleteClusterSnapshotMessage struct { _ struct{} `type:"structure"` // The unique identifier of the cluster the snapshot was created from. This - // parameter is required if your IAM user has a policy containing a snapshot - // resource element that specifies anything other than * for the cluster name. + // parameter is required if your IAM user or role has a policy containing a + // snapshot resource element that specifies anything other than * for the cluster + // name. // // Constraints: Must be the name of valid cluster. SnapshotClusterIdentifier *string `type:"string"` @@ -21257,7 +21260,7 @@ type DescribeClusterSnapshotsInput struct { // // Default: 100 // - // Constraints: minimum 20, maximum 100. + // Constraints: minimum 20, maximum 500. MaxRecords *int64 `type:"integer"` // The Amazon Web Services account used to create or copy the snapshot. Use @@ -27969,8 +27972,7 @@ type ModifyClusterInput struct { // element of the operation response. // // Operations never return the password, so this operation provides a way to - // regain access to the admin user account for a cluster if the password is - // lost. + // regain access to the admin user for a cluster if the password is lost. // // Default: Uses existing setting. // @@ -31758,7 +31760,7 @@ type RestoreFromClusterSnapshotInput struct { SnapshotArn *string `type:"string"` // The name of the cluster the source snapshot was created from. This parameter - // is required if your IAM user has a policy containing a snapshot resource + // is required if your IAM user or role has a policy containing a snapshot resource // element that specifies anything other than * for the cluster name. SnapshotClusterIdentifier *string `type:"string"` @@ -32776,7 +32778,7 @@ type RevokeSnapshotAccessInput struct { SnapshotArn *string `type:"string"` // The identifier of the cluster the snapshot was created from. This parameter - // is required if your IAM user has a policy containing a snapshot resource + // is required if your IAM user or role has a policy containing a snapshot resource // element that specifies anything other than * for the cluster name. SnapshotClusterIdentifier *string `type:"string"` diff --git a/service/securityhub/api.go b/service/securityhub/api.go index 2cd1b715045..99caaecd11d 100644 --- a/service/securityhub/api.go +++ b/service/securityhub/api.go @@ -424,6 +424,190 @@ func (c *SecurityHub) BatchEnableStandardsWithContext(ctx aws.Context, input *Ba return out, req.Send() } +const opBatchGetSecurityControls = "BatchGetSecurityControls" + +// BatchGetSecurityControlsRequest generates a "aws/request.Request" representing the +// client's request for the BatchGetSecurityControls operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See BatchGetSecurityControls for more information on using the BatchGetSecurityControls +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the BatchGetSecurityControlsRequest method. +// req, resp := client.BatchGetSecurityControlsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControls +func (c *SecurityHub) BatchGetSecurityControlsRequest(input *BatchGetSecurityControlsInput) (req *request.Request, output *BatchGetSecurityControlsOutput) { + op := &request.Operation{ + Name: opBatchGetSecurityControls, + HTTPMethod: "POST", + HTTPPath: "/securityControls/batchGet", + } + + if input == nil { + input = &BatchGetSecurityControlsInput{} + } + + output = &BatchGetSecurityControlsOutput{} + req = c.newRequest(op, input, output) + return +} + +// BatchGetSecurityControls API operation for AWS SecurityHub. +// +// Provides details about a batch of security controls for the current Amazon +// Web Services account and Amazon Web Services Region. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation BatchGetSecurityControls for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetSecurityControls +func (c *SecurityHub) BatchGetSecurityControls(input *BatchGetSecurityControlsInput) (*BatchGetSecurityControlsOutput, error) { + req, out := c.BatchGetSecurityControlsRequest(input) + return out, req.Send() +} + +// BatchGetSecurityControlsWithContext is the same as BatchGetSecurityControls with the addition of +// the ability to pass a context and additional request options. +// +// See BatchGetSecurityControls for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) BatchGetSecurityControlsWithContext(ctx aws.Context, input *BatchGetSecurityControlsInput, opts ...request.Option) (*BatchGetSecurityControlsOutput, error) { + req, out := c.BatchGetSecurityControlsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opBatchGetStandardsControlAssociations = "BatchGetStandardsControlAssociations" + +// BatchGetStandardsControlAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the BatchGetStandardsControlAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See BatchGetStandardsControlAssociations for more information on using the BatchGetStandardsControlAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the BatchGetStandardsControlAssociationsRequest method. +// req, resp := client.BatchGetStandardsControlAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociations +func (c *SecurityHub) BatchGetStandardsControlAssociationsRequest(input *BatchGetStandardsControlAssociationsInput) (req *request.Request, output *BatchGetStandardsControlAssociationsOutput) { + op := &request.Operation{ + Name: opBatchGetStandardsControlAssociations, + HTTPMethod: "POST", + HTTPPath: "/associations/batchGet", + } + + if input == nil { + input = &BatchGetStandardsControlAssociationsInput{} + } + + output = &BatchGetStandardsControlAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// BatchGetStandardsControlAssociations API operation for AWS SecurityHub. +// +// For a batch of security controls and standards, identifies whether each control +// is currently enabled or disabled in a standard. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation BatchGetStandardsControlAssociations for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchGetStandardsControlAssociations +func (c *SecurityHub) BatchGetStandardsControlAssociations(input *BatchGetStandardsControlAssociationsInput) (*BatchGetStandardsControlAssociationsOutput, error) { + req, out := c.BatchGetStandardsControlAssociationsRequest(input) + return out, req.Send() +} + +// BatchGetStandardsControlAssociationsWithContext is the same as BatchGetStandardsControlAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See BatchGetStandardsControlAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) BatchGetStandardsControlAssociationsWithContext(ctx aws.Context, input *BatchGetStandardsControlAssociationsInput, opts ...request.Option) (*BatchGetStandardsControlAssociationsOutput, error) { + req, out := c.BatchGetStandardsControlAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opBatchImportFindings = "BatchImportFindings" // BatchImportFindingsRequest generates a "aws/request.Request" representing the @@ -686,6 +870,98 @@ func (c *SecurityHub) BatchUpdateFindingsWithContext(ctx aws.Context, input *Bat return out, req.Send() } +const opBatchUpdateStandardsControlAssociations = "BatchUpdateStandardsControlAssociations" + +// BatchUpdateStandardsControlAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the BatchUpdateStandardsControlAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See BatchUpdateStandardsControlAssociations for more information on using the BatchUpdateStandardsControlAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the BatchUpdateStandardsControlAssociationsRequest method. +// req, resp := client.BatchUpdateStandardsControlAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociations +func (c *SecurityHub) BatchUpdateStandardsControlAssociationsRequest(input *BatchUpdateStandardsControlAssociationsInput) (req *request.Request, output *BatchUpdateStandardsControlAssociationsOutput) { + op := &request.Operation{ + Name: opBatchUpdateStandardsControlAssociations, + HTTPMethod: "PATCH", + HTTPPath: "/associations", + } + + if input == nil { + input = &BatchUpdateStandardsControlAssociationsInput{} + } + + output = &BatchUpdateStandardsControlAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// BatchUpdateStandardsControlAssociations API operation for AWS SecurityHub. +// +// For a batch of security controls and standards, this operation updates the +// enablement status of a control in a standard. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation BatchUpdateStandardsControlAssociations for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/BatchUpdateStandardsControlAssociations +func (c *SecurityHub) BatchUpdateStandardsControlAssociations(input *BatchUpdateStandardsControlAssociationsInput) (*BatchUpdateStandardsControlAssociationsOutput, error) { + req, out := c.BatchUpdateStandardsControlAssociationsRequest(input) + return out, req.Send() +} + +// BatchUpdateStandardsControlAssociationsWithContext is the same as BatchUpdateStandardsControlAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See BatchUpdateStandardsControlAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) BatchUpdateStandardsControlAssociationsWithContext(ctx aws.Context, input *BatchUpdateStandardsControlAssociationsInput, opts ...request.Option) (*BatchUpdateStandardsControlAssociationsOutput, error) { + req, out := c.BatchUpdateStandardsControlAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateActionTarget = "CreateActionTarget" // CreateActionTargetRequest generates a "aws/request.Request" representing the @@ -5295,6 +5571,303 @@ func (c *SecurityHub) ListOrganizationAdminAccountsPagesWithContext(ctx aws.Cont return p.Err() } +const opListSecurityControlDefinitions = "ListSecurityControlDefinitions" + +// ListSecurityControlDefinitionsRequest generates a "aws/request.Request" representing the +// client's request for the ListSecurityControlDefinitions operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListSecurityControlDefinitions for more information on using the ListSecurityControlDefinitions +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListSecurityControlDefinitionsRequest method. +// req, resp := client.ListSecurityControlDefinitionsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitions +func (c *SecurityHub) ListSecurityControlDefinitionsRequest(input *ListSecurityControlDefinitionsInput) (req *request.Request, output *ListSecurityControlDefinitionsOutput) { + op := &request.Operation{ + Name: opListSecurityControlDefinitions, + HTTPMethod: "GET", + HTTPPath: "/securityControls/definitions", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListSecurityControlDefinitionsInput{} + } + + output = &ListSecurityControlDefinitionsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListSecurityControlDefinitions API operation for AWS SecurityHub. +// +// Lists all of the security controls that apply to a specified standard. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation ListSecurityControlDefinitions for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListSecurityControlDefinitions +func (c *SecurityHub) ListSecurityControlDefinitions(input *ListSecurityControlDefinitionsInput) (*ListSecurityControlDefinitionsOutput, error) { + req, out := c.ListSecurityControlDefinitionsRequest(input) + return out, req.Send() +} + +// ListSecurityControlDefinitionsWithContext is the same as ListSecurityControlDefinitions with the addition of +// the ability to pass a context and additional request options. +// +// See ListSecurityControlDefinitions for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) ListSecurityControlDefinitionsWithContext(ctx aws.Context, input *ListSecurityControlDefinitionsInput, opts ...request.Option) (*ListSecurityControlDefinitionsOutput, error) { + req, out := c.ListSecurityControlDefinitionsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListSecurityControlDefinitionsPages iterates over the pages of a ListSecurityControlDefinitions operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListSecurityControlDefinitions method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListSecurityControlDefinitions operation. +// pageNum := 0 +// err := client.ListSecurityControlDefinitionsPages(params, +// func(page *securityhub.ListSecurityControlDefinitionsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *SecurityHub) ListSecurityControlDefinitionsPages(input *ListSecurityControlDefinitionsInput, fn func(*ListSecurityControlDefinitionsOutput, bool) bool) error { + return c.ListSecurityControlDefinitionsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListSecurityControlDefinitionsPagesWithContext same as ListSecurityControlDefinitionsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) ListSecurityControlDefinitionsPagesWithContext(ctx aws.Context, input *ListSecurityControlDefinitionsInput, fn func(*ListSecurityControlDefinitionsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListSecurityControlDefinitionsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListSecurityControlDefinitionsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListSecurityControlDefinitionsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListStandardsControlAssociations = "ListStandardsControlAssociations" + +// ListStandardsControlAssociationsRequest generates a "aws/request.Request" representing the +// client's request for the ListStandardsControlAssociations operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListStandardsControlAssociations for more information on using the ListStandardsControlAssociations +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListStandardsControlAssociationsRequest method. +// req, resp := client.ListStandardsControlAssociationsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociations +func (c *SecurityHub) ListStandardsControlAssociationsRequest(input *ListStandardsControlAssociationsInput) (req *request.Request, output *ListStandardsControlAssociationsOutput) { + op := &request.Operation{ + Name: opListStandardsControlAssociations, + HTTPMethod: "GET", + HTTPPath: "/associations", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListStandardsControlAssociationsInput{} + } + + output = &ListStandardsControlAssociationsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListStandardsControlAssociations API operation for AWS SecurityHub. +// +// Specifies whether a control is currently enabled or disabled in each enabled +// standard in the calling account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation ListStandardsControlAssociations for usage and error information. +// +// Returned Error Types: +// +// - InternalException +// Internal server error. +// +// - LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current Amazon Web Services account or throttling limits. The error code +// describes the limit exceeded. +// +// - InvalidAccessException +// The account doesn't have permission to perform this action. +// +// - InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/ListStandardsControlAssociations +func (c *SecurityHub) ListStandardsControlAssociations(input *ListStandardsControlAssociationsInput) (*ListStandardsControlAssociationsOutput, error) { + req, out := c.ListStandardsControlAssociationsRequest(input) + return out, req.Send() +} + +// ListStandardsControlAssociationsWithContext is the same as ListStandardsControlAssociations with the addition of +// the ability to pass a context and additional request options. +// +// See ListStandardsControlAssociations for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) ListStandardsControlAssociationsWithContext(ctx aws.Context, input *ListStandardsControlAssociationsInput, opts ...request.Option) (*ListStandardsControlAssociationsOutput, error) { + req, out := c.ListStandardsControlAssociationsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListStandardsControlAssociationsPages iterates over the pages of a ListStandardsControlAssociations operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListStandardsControlAssociations method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListStandardsControlAssociations operation. +// pageNum := 0 +// err := client.ListStandardsControlAssociationsPages(params, +// func(page *securityhub.ListStandardsControlAssociationsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *SecurityHub) ListStandardsControlAssociationsPages(input *ListStandardsControlAssociationsInput, fn func(*ListStandardsControlAssociationsOutput, bool) bool) error { + return c.ListStandardsControlAssociationsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListStandardsControlAssociationsPagesWithContext same as ListStandardsControlAssociationsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) ListStandardsControlAssociationsPagesWithContext(ctx aws.Context, input *ListStandardsControlAssociationsInput, fn func(*ListStandardsControlAssociationsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListStandardsControlAssociationsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListStandardsControlAssociationsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListStandardsControlAssociationsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListTagsForResource = "ListTagsForResource" // ListTagsForResourceRequest generates a "aws/request.Request" representing the @@ -9518,8 +10091,8 @@ type AwsBackupBackupVaultNotificationsDetails struct { // * S3_BACKUP_OBJECT_FAILED | S3_RESTORE_OBJECT_FAILED BackupVaultEvents []*string `type:"list"` - // An ARN that uniquely identifies the Amazon SNS topic for a backup vault’s - // events. + // The Amazon Resource Name (ARN) that uniquely identifies the Amazon SNS topic + // for a backup vault's events. SnsTopicArn *string `type:"string"` } @@ -15323,7 +15896,7 @@ type AwsEc2LaunchTemplateDataInstanceRequirementsDetails struct { NetworkInterfaceCount *AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails `type:"structure"` // The price protection threshold for On-Demand Instances. This is the maximum - // you’ll pay for an On-Demand Instance, expressed as a percentage above the + // you'll pay for an On-Demand Instance, expressed as a percentage above the // least expensive current generation M, C, or R instance type with your specified // attributes. When Amazon EC2 selects instance types with your attributes, // it excludes instance types priced above your threshold. @@ -15336,7 +15909,7 @@ type AwsEc2LaunchTemplateDataInstanceRequirementsDetails struct { // Indicates whether instance types must support hibernation for On-Demand Instances. RequireHibernateSupport *bool `type:"boolean"` - // The price protection threshold for Spot Instances. This is the maximum you’ll + // The price protection threshold for Spot Instances. This is the maximum you'll // pay for a Spot Instance, expressed as a percentage above the least expensive // current generation M, C, or R instance type with your specified attributes. // When Amazon EC2 selects instance types with your attributes, it excludes @@ -15776,8 +16349,8 @@ type AwsEc2LaunchTemplateDataMetadataOptionsDetails struct { _ struct{} `type:"structure"` // Enables or disables the HTTP metadata endpoint on your instances. If the - // parameter is not specified, the default state is enabled, and you won’t - // be able to access your instance metadata. + // parameter is not specified, the default state is enabled, and you won't be + // able to access your instance metadata. HttpEndpoint *string `type:"string"` // Enables or disables the IPv6 endpoint for the instance metadata service. @@ -31116,7 +31689,9 @@ func (s *AwsRedshiftClusterClusterSecurityGroup) SetStatus(v string) *AwsRedshif return s } -// Information about a cross-Region snapshot copy. +// You can configure Amazon Redshift to copy snapshots for a cluster to another +// Amazon Web Services Region. This parameter provides information about a cross-Region +// snapshot copy. type AwsRedshiftClusterClusterSnapshotCopyStatus struct { _ struct{} `type:"structure"` @@ -31125,7 +31700,7 @@ type AwsRedshiftClusterClusterSnapshotCopyStatus struct { DestinationRegion *string `type:"string"` // The number of days that manual snapshots are retained in the destination - // region after they are copied from a source region. + // Region after they are copied from a source Region. // // If the value is -1, then the manual snapshot is retained indefinitely. // @@ -38597,6 +39172,204 @@ func (s *BatchEnableStandardsOutput) SetStandardsSubscriptions(v []*StandardsSub return s } +type BatchGetSecurityControlsInput struct { + _ struct{} `type:"structure"` + + // A list of security controls (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters). The security control ID or Amazon Resource + // Name (ARN) is the same across standards. + // + // SecurityControlIds is a required field + SecurityControlIds []*string `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetSecurityControlsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetSecurityControlsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *BatchGetSecurityControlsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "BatchGetSecurityControlsInput"} + if s.SecurityControlIds == nil { + invalidParams.Add(request.NewErrParamRequired("SecurityControlIds")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecurityControlIds sets the SecurityControlIds field's value. +func (s *BatchGetSecurityControlsInput) SetSecurityControlIds(v []*string) *BatchGetSecurityControlsInput { + s.SecurityControlIds = v + return s +} + +type BatchGetSecurityControlsOutput struct { + _ struct{} `type:"structure"` + + // An array that returns the identifier, Amazon Resource Name (ARN), and other + // details about a security control. The same information is returned whether + // the request includes SecurityControlId or SecurityControlArn. + // + // SecurityControls is a required field + SecurityControls []*SecurityControl `type:"list" required:"true"` + + // A security control (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters) for which details cannot be returned. + UnprocessedIds []*UnprocessedSecurityControl `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetSecurityControlsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetSecurityControlsOutput) GoString() string { + return s.String() +} + +// SetSecurityControls sets the SecurityControls field's value. +func (s *BatchGetSecurityControlsOutput) SetSecurityControls(v []*SecurityControl) *BatchGetSecurityControlsOutput { + s.SecurityControls = v + return s +} + +// SetUnprocessedIds sets the UnprocessedIds field's value. +func (s *BatchGetSecurityControlsOutput) SetUnprocessedIds(v []*UnprocessedSecurityControl) *BatchGetSecurityControlsOutput { + s.UnprocessedIds = v + return s +} + +type BatchGetStandardsControlAssociationsInput struct { + _ struct{} `type:"structure"` + + // An array with one or more objects that includes a security control (identified + // with SecurityControlId, SecurityControlArn, or a mix of both parameters) + // and the Amazon Resource Name (ARN) of a standard. This field is used to query + // the enablement status of a control in a specified standard. The security + // control ID or ARN is the same across standards. + // + // StandardsControlAssociationIds is a required field + StandardsControlAssociationIds []*StandardsControlAssociationId `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetStandardsControlAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetStandardsControlAssociationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *BatchGetStandardsControlAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "BatchGetStandardsControlAssociationsInput"} + if s.StandardsControlAssociationIds == nil { + invalidParams.Add(request.NewErrParamRequired("StandardsControlAssociationIds")) + } + if s.StandardsControlAssociationIds != nil { + for i, v := range s.StandardsControlAssociationIds { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "StandardsControlAssociationIds", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetStandardsControlAssociationIds sets the StandardsControlAssociationIds field's value. +func (s *BatchGetStandardsControlAssociationsInput) SetStandardsControlAssociationIds(v []*StandardsControlAssociationId) *BatchGetStandardsControlAssociationsInput { + s.StandardsControlAssociationIds = v + return s +} + +type BatchGetStandardsControlAssociationsOutput struct { + _ struct{} `type:"structure"` + + // Provides the enablement status of a security control in a specified standard + // and other details for the control in relation to the specified standard. + // + // StandardsControlAssociationDetails is a required field + StandardsControlAssociationDetails []*StandardsControlAssociationDetail `type:"list" required:"true"` + + // A security control (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters) whose enablement status in a specified standard + // cannot be returned. + UnprocessedAssociations []*UnprocessedStandardsControlAssociation `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetStandardsControlAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchGetStandardsControlAssociationsOutput) GoString() string { + return s.String() +} + +// SetStandardsControlAssociationDetails sets the StandardsControlAssociationDetails field's value. +func (s *BatchGetStandardsControlAssociationsOutput) SetStandardsControlAssociationDetails(v []*StandardsControlAssociationDetail) *BatchGetStandardsControlAssociationsOutput { + s.StandardsControlAssociationDetails = v + return s +} + +// SetUnprocessedAssociations sets the UnprocessedAssociations field's value. +func (s *BatchGetStandardsControlAssociationsOutput) SetUnprocessedAssociations(v []*UnprocessedStandardsControlAssociation) *BatchGetStandardsControlAssociationsOutput { + s.UnprocessedAssociations = v + return s +} + type BatchImportFindingsInput struct { _ struct{} `type:"structure"` @@ -39040,6 +39813,95 @@ func (s *BatchUpdateFindingsUnprocessedFinding) SetFindingIdentifier(v *AwsSecur return s } +type BatchUpdateStandardsControlAssociationsInput struct { + _ struct{} `type:"structure"` + + // Updates the enablement status of a security control in a specified standard. + // + // StandardsControlAssociationUpdates is a required field + StandardsControlAssociationUpdates []*StandardsControlAssociationUpdate `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateStandardsControlAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateStandardsControlAssociationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *BatchUpdateStandardsControlAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "BatchUpdateStandardsControlAssociationsInput"} + if s.StandardsControlAssociationUpdates == nil { + invalidParams.Add(request.NewErrParamRequired("StandardsControlAssociationUpdates")) + } + if s.StandardsControlAssociationUpdates != nil { + for i, v := range s.StandardsControlAssociationUpdates { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "StandardsControlAssociationUpdates", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetStandardsControlAssociationUpdates sets the StandardsControlAssociationUpdates field's value. +func (s *BatchUpdateStandardsControlAssociationsInput) SetStandardsControlAssociationUpdates(v []*StandardsControlAssociationUpdate) *BatchUpdateStandardsControlAssociationsInput { + s.StandardsControlAssociationUpdates = v + return s +} + +type BatchUpdateStandardsControlAssociationsOutput struct { + _ struct{} `type:"structure"` + + // A security control (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters) whose enablement status in a specified standard + // couldn't be updated. + UnprocessedAssociationUpdates []*UnprocessedStandardsControlAssociationUpdate `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateStandardsControlAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s BatchUpdateStandardsControlAssociationsOutput) GoString() string { + return s.String() +} + +// SetUnprocessedAssociationUpdates sets the UnprocessedAssociationUpdates field's value. +func (s *BatchUpdateStandardsControlAssociationsOutput) SetUnprocessedAssociationUpdates(v []*UnprocessedStandardsControlAssociationUpdate) *BatchUpdateStandardsControlAssociationsOutput { + s.UnprocessedAssociationUpdates = v + return s +} + // Boolean filter for querying findings. type BooleanFilter struct { _ struct{} `type:"structure"` @@ -39655,7 +40517,7 @@ func (s *CreateActionTargetInput) SetName(v string) *CreateActionTargetInput { type CreateActionTargetOutput struct { _ struct{} `type:"structure"` - // The ARN for the custom action target. + // The Amazon Resource Name (ARN) for the custom action target. // // ActionTargetArn is a required field ActionTargetArn *string `type:"string" required:"true"` @@ -40420,7 +41282,7 @@ func (s *DeclineInvitationsOutput) SetUnprocessedAccounts(v []*Result) *DeclineI type DeleteActionTargetInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The ARN of the custom action target to delete. + // The Amazon Resource Name (ARN) of the custom action target to delete. // // ActionTargetArn is a required field ActionTargetArn *string `location:"uri" locationName:"ActionTargetArn" type:"string" required:"true"` @@ -40959,6 +41821,21 @@ type DescribeHubOutput struct { // If set to false, then new controls are not enabled. AutoEnableControls *bool `type:"boolean"` + // Specifies whether the calling account has consolidated control findings turned + // on. If the value for this field is set to SECURITY_CONTROL, Security Hub + // generates a single finding for a control check even when the check applies + // to multiple enabled standards. + // + // If the value for this field is set to STANDARD_CONTROL, Security Hub generates + // separate findings for a control check when the check applies to multiple + // enabled standards. + // + // The value for this field in a member account matches the value in the administrator + // account. For accounts that aren't part of an organization, the default value + // of this field is SECURITY_CONTROL if you enabled Security Hub on or after + // February 9, 2023. + ControlFindingGenerator *string `type:"string" enum:"ControlFindingGenerator"` + // The ARN of the Hub resource that was retrieved. HubArn *string `type:"string"` @@ -40990,6 +41867,12 @@ func (s *DescribeHubOutput) SetAutoEnableControls(v bool) *DescribeHubOutput { return s } +// SetControlFindingGenerator sets the ControlFindingGenerator field's value. +func (s *DescribeHubOutput) SetControlFindingGenerator(v string) *DescribeHubOutput { + s.ControlFindingGenerator = &v + return s +} + // SetHubArn sets the HubArn field's value. func (s *DescribeHubOutput) SetHubArn(v string) *DescribeHubOutput { s.HubArn = &v @@ -41946,6 +42829,21 @@ func (s EnableOrganizationAdminAccountOutput) GoString() string { type EnableSecurityHubInput struct { _ struct{} `type:"structure"` + // This field, used when enabling Security Hub, specifies whether the calling + // account has consolidated control findings turned on. If the value for this + // field is set to SECURITY_CONTROL, Security Hub generates a single finding + // for a control check even when the check applies to multiple enabled standards. + // + // If the value for this field is set to STANDARD_CONTROL, Security Hub generates + // separate findings for a control check when the check applies to multiple + // enabled standards. + // + // The value for this field in a member account matches the value in the administrator + // account. For accounts that aren't part of an organization, the default value + // of this field is SECURITY_CONTROL if you enabled Security Hub on or after + // February 9, 2023. + ControlFindingGenerator *string `type:"string" enum:"ControlFindingGenerator"` + // Whether to enable the security standards that Security Hub has designated // as automatically enabled. If you do not provide a value for EnableDefaultStandards, // it is set to true. To not enable the automatically enabled standards, set @@ -41987,6 +42885,12 @@ func (s *EnableSecurityHubInput) Validate() error { return nil } +// SetControlFindingGenerator sets the ControlFindingGenerator field's value. +func (s *EnableSecurityHubInput) SetControlFindingGenerator(v string) *EnableSecurityHubInput { + s.ControlFindingGenerator = &v + return s +} + // SetEnableDefaultStandards sets the EnableDefaultStandards field's value. func (s *EnableSecurityHubInput) SetEnableDefaultStandards(v bool) *EnableSecurityHubInput { s.EnableDefaultStandards = &v @@ -44643,6 +45547,237 @@ func (s *ListOrganizationAdminAccountsOutput) SetNextToken(v string) *ListOrgani return s } +type ListSecurityControlDefinitionsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // An optional parameter that limits the total results of the API response to + // the specified number. If this parameter isn't provided in the request, the + // results include the first 25 security controls that apply to the specified + // standard. The results also include a NextToken parameter that you can use + // in a subsequent API call to get the next 25 controls. This repeats until + // all controls for the standard are returned. + MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"` + + // Optional pagination parameter. + NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` + + // The Amazon Resource Name (ARN) of the standard that you want to view controls + // for. + StandardsArn *string `location:"querystring" locationName:"StandardsArn" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecurityControlDefinitionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecurityControlDefinitionsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListSecurityControlDefinitionsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListSecurityControlDefinitionsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListSecurityControlDefinitionsInput) SetMaxResults(v int64) *ListSecurityControlDefinitionsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecurityControlDefinitionsInput) SetNextToken(v string) *ListSecurityControlDefinitionsInput { + s.NextToken = &v + return s +} + +// SetStandardsArn sets the StandardsArn field's value. +func (s *ListSecurityControlDefinitionsInput) SetStandardsArn(v string) *ListSecurityControlDefinitionsInput { + s.StandardsArn = &v + return s +} + +type ListSecurityControlDefinitionsOutput struct { + _ struct{} `type:"structure"` + + // A pagination parameter that's included in the response only if it was included + // in the request. + NextToken *string `type:"string"` + + // An array of controls that apply to the specified standard. + // + // SecurityControlDefinitions is a required field + SecurityControlDefinitions []*SecurityControlDefinition `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecurityControlDefinitionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSecurityControlDefinitionsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSecurityControlDefinitionsOutput) SetNextToken(v string) *ListSecurityControlDefinitionsOutput { + s.NextToken = &v + return s +} + +// SetSecurityControlDefinitions sets the SecurityControlDefinitions field's value. +func (s *ListSecurityControlDefinitionsOutput) SetSecurityControlDefinitions(v []*SecurityControlDefinition) *ListSecurityControlDefinitionsOutput { + s.SecurityControlDefinitions = v + return s +} + +type ListStandardsControlAssociationsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // An optional parameter that limits the total results of the API response to + // the specified number. If this parameter isn't provided in the request, the + // results include the first 25 standard and control associations. The results + // also include a NextToken parameter that you can use in a subsequent API call + // to get the next 25 associations. This repeats until all associations for + // the specified control are returned. The number of results is limited by the + // number of supported Security Hub standards that you've enabled in the calling + // account. + MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"` + + // Optional pagination parameter. + NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` + + // The identifier of the control (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters) that you want to determine the enablement status + // of in each enabled standard. + // + // SecurityControlId is a required field + SecurityControlId *string `location:"querystring" locationName:"SecurityControlId" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListStandardsControlAssociationsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListStandardsControlAssociationsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListStandardsControlAssociationsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListStandardsControlAssociationsInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.SecurityControlId == nil { + invalidParams.Add(request.NewErrParamRequired("SecurityControlId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListStandardsControlAssociationsInput) SetMaxResults(v int64) *ListStandardsControlAssociationsInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListStandardsControlAssociationsInput) SetNextToken(v string) *ListStandardsControlAssociationsInput { + s.NextToken = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *ListStandardsControlAssociationsInput) SetSecurityControlId(v string) *ListStandardsControlAssociationsInput { + s.SecurityControlId = &v + return s +} + +type ListStandardsControlAssociationsOutput struct { + _ struct{} `type:"structure"` + + // A pagination parameter that's included in the response only if it was included + // in the request. + NextToken *string `type:"string"` + + // An array that provides the enablement status and other details for each security + // control that applies to each enabled standard. + // + // StandardsControlAssociationSummaries is a required field + StandardsControlAssociationSummaries []*StandardsControlAssociationSummary `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListStandardsControlAssociationsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListStandardsControlAssociationsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListStandardsControlAssociationsOutput) SetNextToken(v string) *ListStandardsControlAssociationsOutput { + s.NextToken = &v + return s +} + +// SetStandardsControlAssociationSummaries sets the StandardsControlAssociationSummaries field's value. +func (s *ListStandardsControlAssociationsOutput) SetStandardsControlAssociationSummaries(v []*StandardsControlAssociationSummary) *ListStandardsControlAssociationsOutput { + s.StandardsControlAssociationSummaries = v + return s +} + type ListTagsForResourceInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -48486,6 +49621,222 @@ func (s *RuleGroupVariablesPortSetsDetails) SetDefinition(v []*string) *RuleGrou return s } +// A security control in Security Hub describes a security best practice related +// to a specific resource. +type SecurityControl struct { + _ struct{} `type:"structure"` + + // The description of a security control across standards. This typically summarizes + // how Security Hub evaluates the control and the conditions under which it + // produces a failed finding. This parameter doesn't reference a specific standard. + // + // Description is a required field + Description *string `type:"string" required:"true"` + + // A link to Security Hub documentation that explains how to remediate a failed + // finding for a security control. + // + // RemediationUrl is a required field + RemediationUrl *string `type:"string" required:"true"` + + // The Amazon Resource Name (ARN) for a security control across standards, such + // as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This + // parameter doesn't mention a specific standard. + // + // SecurityControlArn is a required field + SecurityControlArn *string `type:"string" required:"true"` + + // The unique identifier of a security control across standards. Values for + // this field typically consist of an Amazon Web Service name and a number, + // such as APIGateway.3. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The status of a security control based on the compliance status of its findings. + // For more information about how control status is determined, see Determining + // the overall status of a control from its findings (https://docs.aws.amazon.com/securityhub/latest/userguide/controls-overall-status.html) + // in the Security Hub User Guide. + // + // SecurityControlStatus is a required field + SecurityControlStatus *string `type:"string" required:"true" enum:"ControlStatus"` + + // The severity of a security control. For more information about how Security + // Hub determines control severity, see Assigning severity to control findings + // (https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity) + // in the Security Hub User Guide. + // + // SeverityRating is a required field + SeverityRating *string `type:"string" required:"true" enum:"SeverityRating"` + + // The title of a security control. + // + // Title is a required field + Title *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityControl) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityControl) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *SecurityControl) SetDescription(v string) *SecurityControl { + s.Description = &v + return s +} + +// SetRemediationUrl sets the RemediationUrl field's value. +func (s *SecurityControl) SetRemediationUrl(v string) *SecurityControl { + s.RemediationUrl = &v + return s +} + +// SetSecurityControlArn sets the SecurityControlArn field's value. +func (s *SecurityControl) SetSecurityControlArn(v string) *SecurityControl { + s.SecurityControlArn = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *SecurityControl) SetSecurityControlId(v string) *SecurityControl { + s.SecurityControlId = &v + return s +} + +// SetSecurityControlStatus sets the SecurityControlStatus field's value. +func (s *SecurityControl) SetSecurityControlStatus(v string) *SecurityControl { + s.SecurityControlStatus = &v + return s +} + +// SetSeverityRating sets the SeverityRating field's value. +func (s *SecurityControl) SetSeverityRating(v string) *SecurityControl { + s.SeverityRating = &v + return s +} + +// SetTitle sets the Title field's value. +func (s *SecurityControl) SetTitle(v string) *SecurityControl { + s.Title = &v + return s +} + +// Provides metadata for a security control, including its unique standard-agnostic +// identifier, title, description, severity, availability in Amazon Web Services +// Regions, and a link to remediation steps. +type SecurityControlDefinition struct { + _ struct{} `type:"structure"` + + // Specifies whether a security control is available in the current Amazon Web + // Services Region. + // + // CurrentRegionAvailability is a required field + CurrentRegionAvailability *string `type:"string" required:"true" enum:"RegionAvailabilityStatus"` + + // The description of a security control across standards. This typically summarizes + // how Security Hub evaluates the control and the conditions under which it + // produces a failed finding. This parameter doesn't reference a specific standard. + // + // Description is a required field + Description *string `type:"string" required:"true"` + + // A link to Security Hub documentation that explains how to remediate a failed + // finding for a security control. + // + // RemediationUrl is a required field + RemediationUrl *string `type:"string" required:"true"` + + // The unique identifier of a security control across standards. Values for + // this field typically consist of an Amazon Web Service name and a number (for + // example, APIGateway.3). This parameter differs from SecurityControlArn, which + // is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references + // the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3). + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The severity of a security control. For more information about how Security + // Hub determines control severity, see Assigning severity to control findings + // (https://docs.aws.amazon.com/securityhub/latest/userguide/controls-findings-create-update.html#control-findings-severity) + // in the Security Hub User Guide. + // + // SeverityRating is a required field + SeverityRating *string `type:"string" required:"true" enum:"SeverityRating"` + + // The title of a security control. + // + // Title is a required field + Title *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityControlDefinition) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SecurityControlDefinition) GoString() string { + return s.String() +} + +// SetCurrentRegionAvailability sets the CurrentRegionAvailability field's value. +func (s *SecurityControlDefinition) SetCurrentRegionAvailability(v string) *SecurityControlDefinition { + s.CurrentRegionAvailability = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *SecurityControlDefinition) SetDescription(v string) *SecurityControlDefinition { + s.Description = &v + return s +} + +// SetRemediationUrl sets the RemediationUrl field's value. +func (s *SecurityControlDefinition) SetRemediationUrl(v string) *SecurityControlDefinition { + s.RemediationUrl = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *SecurityControlDefinition) SetSecurityControlId(v string) *SecurityControlDefinition { + s.SecurityControlId = &v + return s +} + +// SetSeverityRating sets the SeverityRating field's value. +func (s *SecurityControlDefinition) SetSeverityRating(v string) *SecurityControlDefinition { + s.SeverityRating = &v + return s +} + +// SetTitle sets the Title field's value. +func (s *SecurityControlDefinition) SetTitle(v string) *SecurityControlDefinition { + s.Title = &v + return s +} + // The list of detected instances of sensitive data. type SensitiveDataDetections struct { _ struct{} `type:"structure"` @@ -48593,7 +49944,7 @@ func (s *SensitiveDataResult) SetTotalCount(v int64) *SensitiveDataResult { // The severity of the finding. // // The finding provider can provide the initial severity. The finding provider -// can only update the severity if it has not been updated using BatchUpdateFindings. +// can only update the severity if it hasn't been updated using BatchUpdateFindings. // // The finding must have either Label or Normalized populated. If only one of // these attributes is populated, then Security Hub automatically populates @@ -49131,6 +50482,411 @@ func (s *StandardsControl) SetTitle(v string) *StandardsControl { return s } +// Provides details about a control's enablement status in a specified standard. +type StandardsControlAssociationDetail struct { + _ struct{} `type:"structure"` + + // Specifies whether a control is enabled or disabled in a specified standard. + // + // AssociationStatus is a required field + AssociationStatus *string `type:"string" required:"true" enum:"AssociationStatus"` + + // The requirement that underlies a control in the compliance framework related + // to the standard. + RelatedRequirements []*string `type:"list"` + + // The ARN of a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. + // This parameter doesn't mention a specific standard. + // + // SecurityControlArn is a required field + SecurityControlArn *string `type:"string" required:"true"` + + // The unique identifier of a security control across standards. Values for + // this field typically consist of an Amazon Web Service name and a number, + // such as APIGateway.3. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The Amazon Resource Name (ARN) of a security standard. + // + // StandardsArn is a required field + StandardsArn *string `type:"string" required:"true"` + + // Provides the input parameter that Security Hub uses to call the UpdateStandardsControl + // (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_UpdateStandardsControl.html) + // API. This API can be used to enable or disable a control in a specified standard. + StandardsControlArns []*string `type:"list"` + + // The description of a control. This typically summarizes how Security Hub + // evaluates the control and the conditions under which it produces a failed + // finding. This parameter may reference a specific standard. + StandardsControlDescription *string `type:"string"` + + // The title of a control. This field may reference a specific standard. + StandardsControlTitle *string `type:"string"` + + // The time at which the enablement status of the control in the specified standard + // was last updated. + UpdatedAt *time.Time `type:"timestamp" timestampFormat:"iso8601"` + + // The reason for updating the enablement status of a control in a specified + // standard. + UpdatedReason *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationDetail) GoString() string { + return s.String() +} + +// SetAssociationStatus sets the AssociationStatus field's value. +func (s *StandardsControlAssociationDetail) SetAssociationStatus(v string) *StandardsControlAssociationDetail { + s.AssociationStatus = &v + return s +} + +// SetRelatedRequirements sets the RelatedRequirements field's value. +func (s *StandardsControlAssociationDetail) SetRelatedRequirements(v []*string) *StandardsControlAssociationDetail { + s.RelatedRequirements = v + return s +} + +// SetSecurityControlArn sets the SecurityControlArn field's value. +func (s *StandardsControlAssociationDetail) SetSecurityControlArn(v string) *StandardsControlAssociationDetail { + s.SecurityControlArn = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *StandardsControlAssociationDetail) SetSecurityControlId(v string) *StandardsControlAssociationDetail { + s.SecurityControlId = &v + return s +} + +// SetStandardsArn sets the StandardsArn field's value. +func (s *StandardsControlAssociationDetail) SetStandardsArn(v string) *StandardsControlAssociationDetail { + s.StandardsArn = &v + return s +} + +// SetStandardsControlArns sets the StandardsControlArns field's value. +func (s *StandardsControlAssociationDetail) SetStandardsControlArns(v []*string) *StandardsControlAssociationDetail { + s.StandardsControlArns = v + return s +} + +// SetStandardsControlDescription sets the StandardsControlDescription field's value. +func (s *StandardsControlAssociationDetail) SetStandardsControlDescription(v string) *StandardsControlAssociationDetail { + s.StandardsControlDescription = &v + return s +} + +// SetStandardsControlTitle sets the StandardsControlTitle field's value. +func (s *StandardsControlAssociationDetail) SetStandardsControlTitle(v string) *StandardsControlAssociationDetail { + s.StandardsControlTitle = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *StandardsControlAssociationDetail) SetUpdatedAt(v time.Time) *StandardsControlAssociationDetail { + s.UpdatedAt = &v + return s +} + +// SetUpdatedReason sets the UpdatedReason field's value. +func (s *StandardsControlAssociationDetail) SetUpdatedReason(v string) *StandardsControlAssociationDetail { + s.UpdatedReason = &v + return s +} + +// An array with one or more objects that includes a security control (identified +// with SecurityControlId, SecurityControlArn, or a mix of both parameters) +// and the Amazon Resource Name (ARN) of a standard. The security control ID +// or ARN is the same across standards. +type StandardsControlAssociationId struct { + _ struct{} `type:"structure"` + + // The unique identifier (identified with SecurityControlId, SecurityControlArn, + // or a mix of both parameters) of a security control across standards. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The ARN of a standard. + // + // StandardsArn is a required field + StandardsArn *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationId) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationId) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StandardsControlAssociationId) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StandardsControlAssociationId"} + if s.SecurityControlId == nil { + invalidParams.Add(request.NewErrParamRequired("SecurityControlId")) + } + if s.StandardsArn == nil { + invalidParams.Add(request.NewErrParamRequired("StandardsArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *StandardsControlAssociationId) SetSecurityControlId(v string) *StandardsControlAssociationId { + s.SecurityControlId = &v + return s +} + +// SetStandardsArn sets the StandardsArn field's value. +func (s *StandardsControlAssociationId) SetStandardsArn(v string) *StandardsControlAssociationId { + s.StandardsArn = &v + return s +} + +// An array that provides the enablement status and other details for each control +// that applies to each enabled standard. +type StandardsControlAssociationSummary struct { + _ struct{} `type:"structure"` + + // The enablement status of a control in a specific standard. + // + // AssociationStatus is a required field + AssociationStatus *string `type:"string" required:"true" enum:"AssociationStatus"` + + // The requirement that underlies this control in the compliance framework related + // to the standard. + RelatedRequirements []*string `type:"list"` + + // The ARN of a control, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. + // This parameter doesn't mention a specific standard. + // + // SecurityControlArn is a required field + SecurityControlArn *string `type:"string" required:"true"` + + // A unique standard-agnostic identifier for a control. Values for this field + // typically consist of an Amazon Web Service and a number, such as APIGateway.5. + // This field doesn't reference a specific standard. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The Amazon Resource Name (ARN) of a standard. + // + // StandardsArn is a required field + StandardsArn *string `type:"string" required:"true"` + + // The description of a control. This typically summarizes how Security Hub + // evaluates the control and the conditions under which it produces a failed + // finding. The parameter may reference a specific standard. + StandardsControlDescription *string `type:"string"` + + // The title of a control. + StandardsControlTitle *string `type:"string"` + + // The last time that a control's enablement status in a specified standard + // was updated. + UpdatedAt *time.Time `type:"timestamp" timestampFormat:"iso8601"` + + // The reason for updating the control's enablement status in a specified standard. + UpdatedReason *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationSummary) GoString() string { + return s.String() +} + +// SetAssociationStatus sets the AssociationStatus field's value. +func (s *StandardsControlAssociationSummary) SetAssociationStatus(v string) *StandardsControlAssociationSummary { + s.AssociationStatus = &v + return s +} + +// SetRelatedRequirements sets the RelatedRequirements field's value. +func (s *StandardsControlAssociationSummary) SetRelatedRequirements(v []*string) *StandardsControlAssociationSummary { + s.RelatedRequirements = v + return s +} + +// SetSecurityControlArn sets the SecurityControlArn field's value. +func (s *StandardsControlAssociationSummary) SetSecurityControlArn(v string) *StandardsControlAssociationSummary { + s.SecurityControlArn = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *StandardsControlAssociationSummary) SetSecurityControlId(v string) *StandardsControlAssociationSummary { + s.SecurityControlId = &v + return s +} + +// SetStandardsArn sets the StandardsArn field's value. +func (s *StandardsControlAssociationSummary) SetStandardsArn(v string) *StandardsControlAssociationSummary { + s.StandardsArn = &v + return s +} + +// SetStandardsControlDescription sets the StandardsControlDescription field's value. +func (s *StandardsControlAssociationSummary) SetStandardsControlDescription(v string) *StandardsControlAssociationSummary { + s.StandardsControlDescription = &v + return s +} + +// SetStandardsControlTitle sets the StandardsControlTitle field's value. +func (s *StandardsControlAssociationSummary) SetStandardsControlTitle(v string) *StandardsControlAssociationSummary { + s.StandardsControlTitle = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *StandardsControlAssociationSummary) SetUpdatedAt(v time.Time) *StandardsControlAssociationSummary { + s.UpdatedAt = &v + return s +} + +// SetUpdatedReason sets the UpdatedReason field's value. +func (s *StandardsControlAssociationSummary) SetUpdatedReason(v string) *StandardsControlAssociationSummary { + s.UpdatedReason = &v + return s +} + +// An array of requested updates to the enablement status of controls in specified +// standards. The objects in the array include a security control ID, the Amazon +// Resource Name (ARN) of the standard, the requested enablement status, and +// the reason for updating the enablement status. +type StandardsControlAssociationUpdate struct { + _ struct{} `type:"structure"` + + // The desired enablement status of the control in the standard. + // + // AssociationStatus is a required field + AssociationStatus *string `type:"string" required:"true" enum:"AssociationStatus"` + + // The unique identifier for the security control whose enablement status you + // want to update. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` + + // The Amazon Resource Name (ARN) of the standard in which you want to update + // the control's enablement status. + // + // StandardsArn is a required field + StandardsArn *string `type:"string" required:"true"` + + // The reason for updating the control's enablement status in the standard. + UpdatedReason *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationUpdate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StandardsControlAssociationUpdate) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StandardsControlAssociationUpdate) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StandardsControlAssociationUpdate"} + if s.AssociationStatus == nil { + invalidParams.Add(request.NewErrParamRequired("AssociationStatus")) + } + if s.SecurityControlId == nil { + invalidParams.Add(request.NewErrParamRequired("SecurityControlId")) + } + if s.StandardsArn == nil { + invalidParams.Add(request.NewErrParamRequired("StandardsArn")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAssociationStatus sets the AssociationStatus field's value. +func (s *StandardsControlAssociationUpdate) SetAssociationStatus(v string) *StandardsControlAssociationUpdate { + s.AssociationStatus = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *StandardsControlAssociationUpdate) SetSecurityControlId(v string) *StandardsControlAssociationUpdate { + s.SecurityControlId = &v + return s +} + +// SetStandardsArn sets the StandardsArn field's value. +func (s *StandardsControlAssociationUpdate) SetStandardsArn(v string) *StandardsControlAssociationUpdate { + s.StandardsArn = &v + return s +} + +// SetUpdatedReason sets the UpdatedReason field's value. +func (s *StandardsControlAssociationUpdate) SetUpdatedReason(v string) *StandardsControlAssociationUpdate { + s.UpdatedReason = &v + return s +} + // Provides details about the management of a security standard. type StandardsManagedBy struct { _ struct{} `type:"structure"` @@ -49839,6 +51595,184 @@ func (s *ThreatIntelIndicator) SetValue(v string) *ThreatIntelIndicator { return s } +// Provides details about a security control for which a response couldn't be +// returned. +type UnprocessedSecurityControl struct { + _ struct{} `type:"structure"` + + // The error code for the unprocessed security control. + // + // ErrorCode is a required field + ErrorCode *string `type:"string" required:"true" enum:"UnprocessedErrorCode"` + + // The reason why the security control was unprocessed. + ErrorReason *string `type:"string"` + + // The control (identified with SecurityControlId, SecurityControlArn, or a + // mix of both parameters) for which a response couldn't be returned. + // + // SecurityControlId is a required field + SecurityControlId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedSecurityControl) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedSecurityControl) GoString() string { + return s.String() +} + +// SetErrorCode sets the ErrorCode field's value. +func (s *UnprocessedSecurityControl) SetErrorCode(v string) *UnprocessedSecurityControl { + s.ErrorCode = &v + return s +} + +// SetErrorReason sets the ErrorReason field's value. +func (s *UnprocessedSecurityControl) SetErrorReason(v string) *UnprocessedSecurityControl { + s.ErrorReason = &v + return s +} + +// SetSecurityControlId sets the SecurityControlId field's value. +func (s *UnprocessedSecurityControl) SetSecurityControlId(v string) *UnprocessedSecurityControl { + s.SecurityControlId = &v + return s +} + +// Provides details about which control's enablement status couldn't be retrieved +// in a specified standard when calling BatchUpdateStandardsControlAssociations +// (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html). +// This parameter also provides details about why the request was unprocessed. +type UnprocessedStandardsControlAssociation struct { + _ struct{} `type:"structure"` + + // The error code for the unprocessed standard and control association. + // + // ErrorCode is a required field + ErrorCode *string `type:"string" required:"true" enum:"UnprocessedErrorCode"` + + // The reason why the standard and control association was unprocessed. + ErrorReason *string `type:"string"` + + // An array with one or more objects that includes a security control (identified + // with SecurityControlId, SecurityControlArn, or a mix of both parameters) + // and the Amazon Resource Name (ARN) of a standard. This parameter shows the + // specific controls for which the enablement status couldn't be retrieved in + // specified standards when calling BatchUpdateStandardsControlAssociations + // (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html). + // + // StandardsControlAssociationId is a required field + StandardsControlAssociationId *StandardsControlAssociationId `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedStandardsControlAssociation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedStandardsControlAssociation) GoString() string { + return s.String() +} + +// SetErrorCode sets the ErrorCode field's value. +func (s *UnprocessedStandardsControlAssociation) SetErrorCode(v string) *UnprocessedStandardsControlAssociation { + s.ErrorCode = &v + return s +} + +// SetErrorReason sets the ErrorReason field's value. +func (s *UnprocessedStandardsControlAssociation) SetErrorReason(v string) *UnprocessedStandardsControlAssociation { + s.ErrorReason = &v + return s +} + +// SetStandardsControlAssociationId sets the StandardsControlAssociationId field's value. +func (s *UnprocessedStandardsControlAssociation) SetStandardsControlAssociationId(v *StandardsControlAssociationId) *UnprocessedStandardsControlAssociation { + s.StandardsControlAssociationId = v + return s +} + +// Provides details about which control's enablement status could not be updated +// in a specified standard when calling the BatchUpdateStandardsControlAssociations +// (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html) +// API. This parameter also provides details about why the request was unprocessed. +type UnprocessedStandardsControlAssociationUpdate struct { + _ struct{} `type:"structure"` + + // The error code for the unprocessed update of the control's enablement status + // in the specified standard. + // + // ErrorCode is a required field + ErrorCode *string `type:"string" required:"true" enum:"UnprocessedErrorCode"` + + // The reason why a control's enablement status in the specified standard couldn't + // be updated. + ErrorReason *string `type:"string"` + + // An array of control and standard associations for which an update failed + // when calling BatchUpdateStandardsControlAssociations (https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_BatchUpdateStandardsControlAssociations.html). + // + // StandardsControlAssociationUpdate is a required field + StandardsControlAssociationUpdate *StandardsControlAssociationUpdate `type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedStandardsControlAssociationUpdate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UnprocessedStandardsControlAssociationUpdate) GoString() string { + return s.String() +} + +// SetErrorCode sets the ErrorCode field's value. +func (s *UnprocessedStandardsControlAssociationUpdate) SetErrorCode(v string) *UnprocessedStandardsControlAssociationUpdate { + s.ErrorCode = &v + return s +} + +// SetErrorReason sets the ErrorReason field's value. +func (s *UnprocessedStandardsControlAssociationUpdate) SetErrorReason(v string) *UnprocessedStandardsControlAssociationUpdate { + s.ErrorReason = &v + return s +} + +// SetStandardsControlAssociationUpdate sets the StandardsControlAssociationUpdate field's value. +func (s *UnprocessedStandardsControlAssociationUpdate) SetStandardsControlAssociationUpdate(v *StandardsControlAssociationUpdate) *UnprocessedStandardsControlAssociationUpdate { + s.StandardsControlAssociationUpdate = v + return s +} + type UntagResourceInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -50458,6 +52392,19 @@ type UpdateSecurityHubConfigurationInput struct { // By default, this is set to true, and new controls are enabled automatically. // To not automatically enable new controls, set this to false. AutoEnableControls *bool `type:"boolean"` + + // Updates whether the calling account has consolidated control findings turned + // on. If the value for this field is set to SECURITY_CONTROL, Security Hub + // generates a single finding for a control check even when the check applies + // to multiple enabled standards. + // + // If the value for this field is set to STANDARD_CONTROL, Security Hub generates + // separate findings for a control check when the check applies to multiple + // enabled standards. + // + // For accounts that are part of an organization, this value can only be updated + // in the administrator account. + ControlFindingGenerator *string `type:"string" enum:"ControlFindingGenerator"` } // String returns the string representation. @@ -50484,6 +52431,12 @@ func (s *UpdateSecurityHubConfigurationInput) SetAutoEnableControls(v bool) *Upd return s } +// SetControlFindingGenerator sets the ControlFindingGenerator field's value. +func (s *UpdateSecurityHubConfigurationInput) SetControlFindingGenerator(v string) *UpdateSecurityHubConfigurationInput { + s.ControlFindingGenerator = &v + return s +} + type UpdateSecurityHubConfigurationOutput struct { _ struct{} `type:"structure"` } @@ -51195,6 +53148,22 @@ func AdminStatus_Values() []string { } } +const ( + // AssociationStatusEnabled is a AssociationStatus enum value + AssociationStatusEnabled = "ENABLED" + + // AssociationStatusDisabled is a AssociationStatus enum value + AssociationStatusDisabled = "DISABLED" +) + +// AssociationStatus_Values returns all elements of the AssociationStatus enum +func AssociationStatus_Values() []string { + return []string{ + AssociationStatusEnabled, + AssociationStatusDisabled, + } +} + const ( // AutoEnableStandardsNone is a AutoEnableStandards enum value AutoEnableStandardsNone = "NONE" @@ -51267,6 +53236,22 @@ func ComplianceStatus_Values() []string { } } +const ( + // ControlFindingGeneratorStandardControl is a ControlFindingGenerator enum value + ControlFindingGeneratorStandardControl = "STANDARD_CONTROL" + + // ControlFindingGeneratorSecurityControl is a ControlFindingGenerator enum value + ControlFindingGeneratorSecurityControl = "SECURITY_CONTROL" +) + +// ControlFindingGenerator_Values returns all elements of the ControlFindingGenerator enum +func ControlFindingGenerator_Values() []string { + return []string{ + ControlFindingGeneratorStandardControl, + ControlFindingGeneratorSecurityControl, + } +} + const ( // ControlStatusEnabled is a ControlStatus enum value ControlStatusEnabled = "ENABLED" @@ -51471,6 +53456,22 @@ func RecordState_Values() []string { } } +const ( + // RegionAvailabilityStatusAvailable is a RegionAvailabilityStatus enum value + RegionAvailabilityStatusAvailable = "AVAILABLE" + + // RegionAvailabilityStatusUnavailable is a RegionAvailabilityStatus enum value + RegionAvailabilityStatusUnavailable = "UNAVAILABLE" +) + +// RegionAvailabilityStatus_Values returns all elements of the RegionAvailabilityStatus enum +func RegionAvailabilityStatus_Values() []string { + return []string{ + RegionAvailabilityStatusAvailable, + RegionAvailabilityStatusUnavailable, + } +} + const ( // SeverityLabelInformational is a SeverityLabel enum value SeverityLabelInformational = "INFORMATIONAL" @@ -51691,6 +53692,30 @@ func ThreatIntelIndicatorType_Values() []string { } } +const ( + // UnprocessedErrorCodeInvalidInput is a UnprocessedErrorCode enum value + UnprocessedErrorCodeInvalidInput = "INVALID_INPUT" + + // UnprocessedErrorCodeAccessDenied is a UnprocessedErrorCode enum value + UnprocessedErrorCodeAccessDenied = "ACCESS_DENIED" + + // UnprocessedErrorCodeNotFound is a UnprocessedErrorCode enum value + UnprocessedErrorCodeNotFound = "NOT_FOUND" + + // UnprocessedErrorCodeLimitExceeded is a UnprocessedErrorCode enum value + UnprocessedErrorCodeLimitExceeded = "LIMIT_EXCEEDED" +) + +// UnprocessedErrorCode_Values returns all elements of the UnprocessedErrorCode enum +func UnprocessedErrorCode_Values() []string { + return []string{ + UnprocessedErrorCodeInvalidInput, + UnprocessedErrorCodeAccessDenied, + UnprocessedErrorCodeNotFound, + UnprocessedErrorCodeLimitExceeded, + } +} + const ( // VerificationStateUnknown is a VerificationState enum value VerificationStateUnknown = "UNKNOWN" diff --git a/service/securityhub/doc.go b/service/securityhub/doc.go index f20c7419025..603def3af9b 100644 --- a/service/securityhub/doc.go +++ b/service/securityhub/doc.go @@ -16,8 +16,8 @@ // only in the Amazon Web Services Region that is currently active or in the // specific Amazon Web Services Region that you specify in your request. Any // configuration or settings change that results from the operation is applied -// only to that Region. To make the same change in other Regions, execute the -// same command for each Region to apply the change to. +// only to that Region. To make the same change in other Regions, run the same +// command for each Region in which you want to apply the change. // // For example, if your Region is set to us-west-2, when you use CreateMembers // to add a member account to Security Hub, the association of the member account @@ -27,7 +27,7 @@ // // The following throttling limits apply to using Security Hub API operations. // -// - BatchEnableStandards - RateLimit of 1 request per second, BurstLimit +// - BatchEnableStandards - RateLimit of 1 request per second. BurstLimit // of 1 request per second. // // - GetFindings - RateLimit of 3 requests per second. BurstLimit of 6 requests @@ -39,7 +39,7 @@ // - BatchUpdateFindings - RateLimit of 10 requests per second. BurstLimit // of 30 requests per second. // -// - UpdateStandardsControl - RateLimit of 1 request per second, BurstLimit +// - UpdateStandardsControl - RateLimit of 1 request per second. BurstLimit // of 5 requests per second. // // - All other operations - RateLimit of 10 requests per second. BurstLimit diff --git a/service/securityhub/securityhubiface/interface.go b/service/securityhub/securityhubiface/interface.go index 3ab24948bb1..6aa547d1fc5 100644 --- a/service/securityhub/securityhubiface/interface.go +++ b/service/securityhub/securityhubiface/interface.go @@ -76,6 +76,14 @@ type SecurityHubAPI interface { BatchEnableStandardsWithContext(aws.Context, *securityhub.BatchEnableStandardsInput, ...request.Option) (*securityhub.BatchEnableStandardsOutput, error) BatchEnableStandardsRequest(*securityhub.BatchEnableStandardsInput) (*request.Request, *securityhub.BatchEnableStandardsOutput) + BatchGetSecurityControls(*securityhub.BatchGetSecurityControlsInput) (*securityhub.BatchGetSecurityControlsOutput, error) + BatchGetSecurityControlsWithContext(aws.Context, *securityhub.BatchGetSecurityControlsInput, ...request.Option) (*securityhub.BatchGetSecurityControlsOutput, error) + BatchGetSecurityControlsRequest(*securityhub.BatchGetSecurityControlsInput) (*request.Request, *securityhub.BatchGetSecurityControlsOutput) + + BatchGetStandardsControlAssociations(*securityhub.BatchGetStandardsControlAssociationsInput) (*securityhub.BatchGetStandardsControlAssociationsOutput, error) + BatchGetStandardsControlAssociationsWithContext(aws.Context, *securityhub.BatchGetStandardsControlAssociationsInput, ...request.Option) (*securityhub.BatchGetStandardsControlAssociationsOutput, error) + BatchGetStandardsControlAssociationsRequest(*securityhub.BatchGetStandardsControlAssociationsInput) (*request.Request, *securityhub.BatchGetStandardsControlAssociationsOutput) + BatchImportFindings(*securityhub.BatchImportFindingsInput) (*securityhub.BatchImportFindingsOutput, error) BatchImportFindingsWithContext(aws.Context, *securityhub.BatchImportFindingsInput, ...request.Option) (*securityhub.BatchImportFindingsOutput, error) BatchImportFindingsRequest(*securityhub.BatchImportFindingsInput) (*request.Request, *securityhub.BatchImportFindingsOutput) @@ -84,6 +92,10 @@ type SecurityHubAPI interface { BatchUpdateFindingsWithContext(aws.Context, *securityhub.BatchUpdateFindingsInput, ...request.Option) (*securityhub.BatchUpdateFindingsOutput, error) BatchUpdateFindingsRequest(*securityhub.BatchUpdateFindingsInput) (*request.Request, *securityhub.BatchUpdateFindingsOutput) + BatchUpdateStandardsControlAssociations(*securityhub.BatchUpdateStandardsControlAssociationsInput) (*securityhub.BatchUpdateStandardsControlAssociationsOutput, error) + BatchUpdateStandardsControlAssociationsWithContext(aws.Context, *securityhub.BatchUpdateStandardsControlAssociationsInput, ...request.Option) (*securityhub.BatchUpdateStandardsControlAssociationsOutput, error) + BatchUpdateStandardsControlAssociationsRequest(*securityhub.BatchUpdateStandardsControlAssociationsInput) (*request.Request, *securityhub.BatchUpdateStandardsControlAssociationsOutput) + CreateActionTarget(*securityhub.CreateActionTargetInput) (*securityhub.CreateActionTargetOutput, error) CreateActionTargetWithContext(aws.Context, *securityhub.CreateActionTargetInput, ...request.Option) (*securityhub.CreateActionTargetOutput, error) CreateActionTargetRequest(*securityhub.CreateActionTargetInput) (*request.Request, *securityhub.CreateActionTargetOutput) @@ -280,6 +292,20 @@ type SecurityHubAPI interface { ListOrganizationAdminAccountsPages(*securityhub.ListOrganizationAdminAccountsInput, func(*securityhub.ListOrganizationAdminAccountsOutput, bool) bool) error ListOrganizationAdminAccountsPagesWithContext(aws.Context, *securityhub.ListOrganizationAdminAccountsInput, func(*securityhub.ListOrganizationAdminAccountsOutput, bool) bool, ...request.Option) error + ListSecurityControlDefinitions(*securityhub.ListSecurityControlDefinitionsInput) (*securityhub.ListSecurityControlDefinitionsOutput, error) + ListSecurityControlDefinitionsWithContext(aws.Context, *securityhub.ListSecurityControlDefinitionsInput, ...request.Option) (*securityhub.ListSecurityControlDefinitionsOutput, error) + ListSecurityControlDefinitionsRequest(*securityhub.ListSecurityControlDefinitionsInput) (*request.Request, *securityhub.ListSecurityControlDefinitionsOutput) + + ListSecurityControlDefinitionsPages(*securityhub.ListSecurityControlDefinitionsInput, func(*securityhub.ListSecurityControlDefinitionsOutput, bool) bool) error + ListSecurityControlDefinitionsPagesWithContext(aws.Context, *securityhub.ListSecurityControlDefinitionsInput, func(*securityhub.ListSecurityControlDefinitionsOutput, bool) bool, ...request.Option) error + + ListStandardsControlAssociations(*securityhub.ListStandardsControlAssociationsInput) (*securityhub.ListStandardsControlAssociationsOutput, error) + ListStandardsControlAssociationsWithContext(aws.Context, *securityhub.ListStandardsControlAssociationsInput, ...request.Option) (*securityhub.ListStandardsControlAssociationsOutput, error) + ListStandardsControlAssociationsRequest(*securityhub.ListStandardsControlAssociationsInput) (*request.Request, *securityhub.ListStandardsControlAssociationsOutput) + + ListStandardsControlAssociationsPages(*securityhub.ListStandardsControlAssociationsInput, func(*securityhub.ListStandardsControlAssociationsOutput, bool) bool) error + ListStandardsControlAssociationsPagesWithContext(aws.Context, *securityhub.ListStandardsControlAssociationsInput, func(*securityhub.ListStandardsControlAssociationsOutput, bool) bool, ...request.Option) error + ListTagsForResource(*securityhub.ListTagsForResourceInput) (*securityhub.ListTagsForResourceOutput, error) ListTagsForResourceWithContext(aws.Context, *securityhub.ListTagsForResourceInput, ...request.Option) (*securityhub.ListTagsForResourceOutput, error) ListTagsForResourceRequest(*securityhub.ListTagsForResourceInput) (*request.Request, *securityhub.ListTagsForResourceOutput) diff --git a/service/servicecatalog/api.go b/service/servicecatalog/api.go index ef975f06656..414107f0df6 100644 --- a/service/servicecatalog/api.go +++ b/service/servicecatalog/api.go @@ -2829,6 +2829,9 @@ func (c *ServiceCatalog) DescribeProductRequest(input *DescribeProductInput) (re // // Gets information about the specified product. // +// Running this operation with administrator access results in a failure. DescribeProductAsAdmin +// should be used instead. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4782,19 +4785,24 @@ func (c *ServiceCatalog) ImportAsProvisionedProductRequest(input *ImportAsProvis // // Requests the import of a resource as an Service Catalog provisioned product // that is associated to an Service Catalog product and provisioning artifact. -// Once imported, all supported Service Catalog governance actions are supported -// on the provisioned product. +// Once imported, all supported governance actions are supported on the provisioned +// product. // -// Resource import only supports CloudFormation stack ARNs. CloudFormation StackSets +// Resource import only supports CloudFormation stack ARNs. CloudFormation StackSets, // and non-root nested stacks are not supported. // // The CloudFormation stack must have one of the following statuses to be imported: // CREATE_COMPLETE, UPDATE_COMPLETE, UPDATE_ROLLBACK_COMPLETE, IMPORT_COMPLETE, -// IMPORT_ROLLBACK_COMPLETE. +// and IMPORT_ROLLBACK_COMPLETE. // // Import of the resource requires that the CloudFormation stack template matches // the associated Service Catalog product provisioning artifact. // +// When you import an existing CloudFormation stack into a portfolio, constraints +// that are associated with the product aren't applied during the import process. +// The constraints are applied after you call UpdateProvisionedProduct for the +// provisioned product. +// // The user or role that performs this operation must have the cloudformation:GetTemplate // and cloudformation:DescribeStacks IAM policy permissions. // @@ -5311,9 +5319,15 @@ func (c *ServiceCatalog) ListLaunchPathsRequest(input *ListLaunchPathsInput) (re // ListLaunchPaths API operation for AWS Service Catalog. // -// Lists the paths to the specified product. A path is how the user has access -// to a specified product, and is necessary when provisioning a product. A path -// also determines the constraints put on the product. +// Lists the paths to the specified product. A path describes how the user gets +// access to a specified product and is necessary when provisioning a product. +// A path also determines the constraints that are put on a product. A path +// is dependent on a specific product, porfolio, and principal. +// +// When provisioning a product that's been added to a portfolio, you must grant +// your user, group, or role access to the portfolio. For more information, +// see Granting users access (https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios_users.html) +// in the Service Catalog User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7181,15 +7195,20 @@ func (c *ServiceCatalog) ProvisionProductRequest(input *ProvisionProductInput) ( // Provisions the specified product. // // A provisioned product is a resourced instance of a product. For example, -// provisioning a product based on a CloudFormation template launches a CloudFormation -// stack and its underlying resources. You can check the status of this request -// using DescribeRecord. +// provisioning a product that's based on an CloudFormation template launches +// an CloudFormation stack and its underlying resources. You can check the status +// of this request using DescribeRecord. // -// If the request contains a tag key with an empty list of values, there is -// a tag conflict for that key. Do not include conflicted keys as tags, or this -// causes the error "Parameter validation failed: Missing required parameter +// If the request contains a tag key with an empty list of values, there's a +// tag conflict for that key. Don't include conflicted keys as tags, or this +// will cause the error "Parameter validation failed: Missing required parameter // in Tags[N]:Value". // +// When provisioning a product that's been added to a portfolio, you must grant +// your user, group, or role access to the portfolio. For more information, +// see Granting users access (https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios_users.html) +// in the Service Catalog User Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7714,13 +7733,6 @@ func (c *ServiceCatalog) SearchProvisionedProductsRequest(input *SearchProvision // // Gets information about the provisioned products that meet the specified criteria. // -// To ensure a complete list of provisioned products and remove duplicate products, -// use sort-by createdTime. -// -// Here is a CLI example: -// -// aws servicecatalog search-provisioned-products --sort-by createdTime -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error.