Using the Amazon Cognito User Pools API, you can create a user pool to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies.
This API reference provides information about user pools in Amazon Cognito User Pools.
For more information, see the Amazon Cognito Documentation.
", + "service": "Using the Amazon Cognito User Pools API, you can create a user pool to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies.
This API reference provides information about user pools in Amazon Cognito User Pools.
For more information, see the Amazon Cognito Documentation.
", "operations": { "AddCustomAttributes": "Adds additional user attributes to the user pool schema.
", "AdminAddUserToGroup": "Adds the specified user to the specified group.
Calling this action requires developer credentials.
", @@ -41,7 +41,7 @@ "CreateUserPool": "Creates a new Amazon Cognito user pool and sets the password policy for the pool.
", "CreateUserPoolClient": "Creates the user pool client.
", "CreateUserPoolDomain": "Creates a new domain for a user pool.
", - "DeleteGroup": "Deletes a group. Currently only groups with no members can be deleted.
Calling this action requires developer credentials.
", + "DeleteGroup": "Deletes a group.
Calling this action requires developer credentials.
", "DeleteIdentityProvider": "Deletes an identity provider for a user pool.
", "DeleteResourceServer": "Deletes a resource server.
", "DeleteUser": "Allows a user to delete himself or herself.
", @@ -234,7 +234,7 @@ } }, "AdminDisableUserRequest": { - "base": "Represents the request to disable any user as an administrator.
", + "base": "Represents the request to disable the user as an administrator.
", "refs": { } }, @@ -678,10 +678,10 @@ "ChallengeNameType": { "base": null, "refs": { - "AdminInitiateAuthResponse$ChallengeName": "The name of the challenge which you are responding to with this call. This is returned to you in the AdminInitiateAuth response if you need to pass another challenge.
MFA_SETUP: If MFA is required, users who do not have at least one of the MFA methods set up are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to authenticate.
SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA, and SOFTWARE_TOKEN_MFA for TOTP software token MFA.
SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
DEVICE_SRP_AUTH: If device tracking was enabled on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
ADMIN_NO_SRP_AUTH: This is returned if you need to authenticate with USERNAME and PASSWORD directly. An app client must be enabled to use this flow.
NEW_PASSWORD_REQUIRED: For users which are required to change their passwords after successful first login. This challenge should be passed with NEW_PASSWORD and any other required attributes.
The name of the challenge which you are responding to with this call. This is returned to you in the AdminInitiateAuth response if you need to pass another challenge.
MFA_SETUP: If MFA is required, users who do not have at least one of the MFA methods set up are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to authenticate.
SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA, and SOFTWARE_TOKEN_MFA for TOTP software token MFA.
SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
DEVICE_SRP_AUTH: If device tracking was enabled on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
ADMIN_NO_SRP_AUTH: This is returned if you need to authenticate with USERNAME and PASSWORD directly. An app client must be enabled to use this flow.
NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. This challenge should be passed with NEW_PASSWORD and any other required attributes.
MFA_SETUP: For users who are required to setup an MFA factor before they can sign-in. The MFA types enabled for the user pool will be listed in the challenge parameters MFA_CAN_SETUP value.
To setup software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To setup SMS MFA, users will need help from an administrator to add a phone number to their account and then call InitiateAuth again to restart sign-in.
The challenge name. For more information, see AdminInitiateAuth.
", "AdminRespondToAuthChallengeResponse$ChallengeName": "The name of the challenge. For more information, see AdminInitiateAuth.
", - "InitiateAuthResponse$ChallengeName": "The name of the challenge which you are responding to with this call. This is returned to you in the AdminInitiateAuth response if you need to pass another challenge.
Valid values include the following. Note that all of these challenges require USERNAME and SECRET_HASH (if applicable) in the parameters.
SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
DEVICE_SRP_AUTH: If device tracking was enabled on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
NEW_PASSWORD_REQUIRED: For users which are required to change their passwords after successful first login. This challenge should be passed with NEW_PASSWORD and any other required attributes.
The name of the challenge which you are responding to with this call. This is returned to you in the AdminInitiateAuth response if you need to pass another challenge.
Valid values include the following. Note that all of these challenges require USERNAME and SECRET_HASH (if applicable) in the parameters.
SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
DEVICE_SRP_AUTH: If device tracking was enabled on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. This challenge should be passed with NEW_PASSWORD and any other required attributes.
MFA_SETUP: For users who are required to setup an MFA factor before they can sign-in. The MFA types enabled for the user pool will be listed in the challenge parameters MFA_CAN_SETUP value.
To setup software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To setup SMS MFA, users will need help from an administrator to add a phone number to their account and then call InitiateAuth again to restart sign-in.
The challenge name. For more information, see InitiateAuth.
ADMIN_NO_SRP_AUTH is not a valid value.
The challenge name. For more information, see InitiateAuth.
" } @@ -716,8 +716,8 @@ "ChallengeResponsesType": { "base": null, "refs": { - "AdminRespondToAuthChallengeRequest$ChallengeResponses": "The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:
SMS_MFA: SMS_MFA_CODE, USERNAME, SECRET_HASH (if app client is configured with client secret).
PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, TIMESTAMP, USERNAME, SECRET_HASH (if app client is configured with client secret).
ADMIN_NO_SRP_AUTH: PASSWORD, USERNAME, SECRET_HASH (if app client is configured with client secret).
NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, USERNAME, SECRET_HASH (if app client is configured with client secret).
The value of the USERNAME attribute must be the user's actual username, not an alias (such as email address or phone number). To make this easier, the AdminInitiateAuth response includes the actual username value in the USERNAMEUSER_ID_FOR_SRP attribute, even if you specified an alias in your call to AdminInitiateAuth.
The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:
SECRET_HASH (if app client is configured with client secret) applies to all inputs below (including SOFTWARE_TOKEN_MFA).
SMS_MFA: SMS_MFA_CODE, USERNAME.
PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, TIMESTAMP, USERNAME.
NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, USERNAME.
SOFTWARE_TOKEN_MFA: USERNAME and SOFTWARE_TOKEN_MFA_CODE are required attributes.
DEVICE_SRP_AUTH requires USERNAME, DEVICE_KEY, SRP_A (and SECRET_HASH).
DEVICE_PASSWORD_VERIFIER requires everything that PASSWORD_VERIFIER requires plus DEVICE_KEY.
The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:
SMS_MFA: SMS_MFA_CODE, USERNAME, SECRET_HASH (if app client is configured with client secret).
PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, TIMESTAMP, USERNAME, SECRET_HASH (if app client is configured with client secret).
ADMIN_NO_SRP_AUTH: PASSWORD, USERNAME, SECRET_HASH (if app client is configured with client secret).
NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, USERNAME, SECRET_HASH (if app client is configured with client secret).
MFA_SETUP requires USERNAME, plus you need to use the session value returned by VerifySoftwareToken in the Session parameter.
The value of the USERNAME attribute must be the user's actual username, not an alias (such as email address or phone number). To make this easier, the AdminInitiateAuth response includes the actual username value in the USERNAMEUSER_ID_FOR_SRP attribute, even if you specified an alias in your call to AdminInitiateAuth.
The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:
SECRET_HASH (if app client is configured with client secret) applies to all inputs below (including SOFTWARE_TOKEN_MFA).
SMS_MFA: SMS_MFA_CODE, USERNAME.
PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, TIMESTAMP, USERNAME.
NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, USERNAME.
SOFTWARE_TOKEN_MFA: USERNAME and SOFTWARE_TOKEN_MFA_CODE are required attributes.
DEVICE_SRP_AUTH requires USERNAME, DEVICE_KEY, SRP_A (and SECRET_HASH).
DEVICE_PASSWORD_VERIFIER requires everything that PASSWORD_VERIFIER requires plus DEVICE_KEY.
MFA_SETUP requires USERNAME, plus you need to use the session value returned by VerifySoftwareToken in the Session parameter.
The value of the provider attribute to link to, for example, xxxxx_account.
The UUID of the authenticated user. This is not the same as username.
The external ID is a value that we recommend you use to add security to your IAM role which is used to call Amazon SNS to send SMS messages for your user pool. If you provide an ExternalId, the Cognito User Pool will include it when attempting to assume your IAM role, so that you can set your roles trust policy to require the ExternalID. If you use the Cognito Management Console to create a role for SMS MFA, Cognito will create a role with the required permissions and a trust policy that demonstrates use of the ExternalId.
The external ID is a value that we recommend you use to add security to your IAM role which is used to call Amazon SNS to send SMS messages for your user pool. If you provide an ExternalId, the Cognito User Pool will include it when attempting to assume your IAM role, so that you can set your roles trust policy to require the ExternalID. If you use the Cognito Management Console to create a role for SMS MFA, Cognito will create a role with the required permissions and a trust policy that demonstrates use of the ExternalId.
For more information about the ExternalId of a role, see How to use an external ID when granting access to your AWS resources to a third party
The minimum length.
", "StringAttributeConstraintsType$MaxLength": "The maximum length.
", "UserContextDataType$EncodedData": "Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.
", @@ -3055,9 +3055,9 @@ "refs": { "CreateUserPoolRequest$MfaConfiguration": "Specifies MFA configuration details.
", "GetUserPoolMfaConfigResponse$MfaConfiguration": "The multi-factor (MFA) configuration. Valid values include:
OFF MFA will not be used for any users.
ON MFA is required for all users to sign in.
OPTIONAL MFA will be required only for individual users who have an MFA factor enabled.
The MFA configuration. Valid values include:
OFF MFA will not be used for any users.
ON MFA is required for all users to sign in.
OPTIONAL MFA will be required only for individual users who have an MFA factor enabled.
The MFA configuration. Users who don't have an MFA factor set up won't be able to sign-in if you set the MfaConfiguration value to ‘ON’. See Adding Multi-Factor Authentication (MFA) to a User Pool to learn more. Valid values include:
OFF MFA will not be used for any users.
ON MFA is required for all users to sign in.
OPTIONAL MFA will be required only for individual users who have an MFA factor enabled.
The MFA configuration. Valid values include:
OFF MFA will not be used for any users.
ON MFA is required for all users to sign in.
OPTIONAL MFA will be required only for individual users who have an MFA factor enabled.
Can be one of the following values:
OFF - MFA tokens are not required and cannot be specified during user registration.
ON - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.
OPTIONAL - Users have the option when registering to create an MFA token.
Can be one of the following values:
OFF - MFA tokens are not required and cannot be specified during user registration.
ON - MFA tokens are required for all user registrations. You can only specify ON when you are initially creating a user pool. You can use the SetUserPoolMfaConfig API operation to turn MFA \"ON\" for existing user pools.
OPTIONAL - Users have the option when registering to create an MFA token.
Can be one of the following values:
OFF - MFA tokens are not required and cannot be specified during user registration.
ON - MFA tokens are required for all user registrations. You can only specify required when you are initially creating a user pool.
OPTIONAL - Users have the option when registering to create an MFA token.
This parameter is currently disabled.
", + "CacheCluster$ReplicationGroupLogDeliveryEnabled": "A boolean value indicating whether log delivery is enabled for the replication group.
", "CacheNodeTypeSpecificParameter$IsModifiable": "Indicates whether (true) or not (false) the parameter can be modified. Some parameters have security or operational implications that prevent them from being changed.
Indicates whether the parameter group is associated with a Global datastore
", "CompleteMigrationMessage$Force": "Forces the migration to stop without ensuring that data is in sync. It is recommended to use this option only to abort the migration and not recommended when application wants to continue migration to ElastiCache.
", @@ -241,6 +242,7 @@ "GlobalReplicationGroup$AuthTokenEnabled": "A flag that enables using an AuthToken (password) when issuing Redis commands.
Default: false
A flag that enables in-transit encryption when set to true. You cannot modify the value of TransitEncryptionEnabled after the cluster is created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabled to true when you create a cluster.
Required: Only available when creating a replication group in an Amazon VPC using redis version 3.2.6, 4.x or later.
A flag that enables encryption at rest when set to true.
You cannot modify the value of AtRestEncryptionEnabled after the replication group is created. To enable encryption at rest on a replication group you must set AtRestEncryptionEnabled to true when you create the replication group.
Required: Only available when creating a replication group in an Amazon VPC using redis version 3.2.6, 4.x or later.
Specify if log delivery is enabled. Default true.
This parameter is currently disabled.
", "ModifyGlobalReplicationGroupMessage$AutomaticFailoverEnabled": "Determines whether a read replica is automatically promoted to read/write primary if the existing primary encounters a failure.
", "ModifyReplicationGroupMessage$AutomaticFailoverEnabled": "Determines whether a read replica is automatically promoted to read/write primary if the existing primary encounters a failure.
Valid values: true | false
Indicates whether a change to the parameter is applied immediately or requires a reboot for the change to be applied. You can force a reboot or wait until the next maintenance window's reboot. For more information, see Rebooting a Cluster.
" } }, + "CloudWatchLogsDestinationDetails": { + "base": "The configuration details of the CloudWatch Logs destination.
", + "refs": { + "DestinationDetails$CloudWatchLogsDetails": "The configuration details of the CloudWatch Logs destination.
" + } + }, "ClusterIdList": { "base": null, "refs": { @@ -859,6 +867,22 @@ "refs": { } }, + "DestinationDetails": { + "base": "Configuration details of either a CloudWatch Logs destination or Kinesis Data Firehose destination.
", + "refs": { + "LogDeliveryConfiguration$DestinationDetails": "Configuration details of either a CloudWatch Logs destination or Kinesis Data Firehose destination.
", + "LogDeliveryConfigurationRequest$DestinationDetails": "Configuration details of either a CloudWatch Logs destination or Kinesis Data Firehose destination.
", + "PendingLogDeliveryConfiguration$DestinationDetails": "Configuration details of either a CloudWatch Logs destination or Kinesis Data Firehose destination.
" + } + }, + "DestinationType": { + "base": null, + "refs": { + "LogDeliveryConfiguration$DestinationType": "Returns the destination type, either cloudwatch-logs or kinesis-firehose.
Specify either cloudwatch-logs or kinesis-firehose as the destination type.
Returns the destination type, either CloudWatch Logs or Kinesis Data Firehose.
" + } + }, "DisassociateGlobalReplicationGroupMessage": { "base": null, "refs": { @@ -990,8 +1014,8 @@ "GlobalNodeGroupIdList": { "base": null, "refs": { - "DecreaseNodeGroupsInGlobalReplicationGroupMessage$GlobalNodeGroupsToRemove": "If the value of NodeGroupCount is less than the current number of node groups (shards), then either NodeGroupsToRemove or NodeGroupsToRetain is required. NodeGroupsToRemove is a list of NodeGroupIds to remove from the cluster. ElastiCache for Redis will attempt to remove all node groups listed by NodeGroupsToRemove from the cluster.
", - "DecreaseNodeGroupsInGlobalReplicationGroupMessage$GlobalNodeGroupsToRetain": "If the value of NodeGroupCount is less than the current number of node groups (shards), then either NodeGroupsToRemove or NodeGroupsToRetain is required. NodeGroupsToRemove is a list of NodeGroupIds to remove from the cluster. ElastiCache for Redis will attempt to remove all node groups listed by NodeGroupsToRemove from the cluster.
" + "DecreaseNodeGroupsInGlobalReplicationGroupMessage$GlobalNodeGroupsToRemove": "If the value of NodeGroupCount is less than the current number of node groups (shards), then either NodeGroupsToRemove or NodeGroupsToRetain is required. GlobalNodeGroupsToRemove is a list of NodeGroupIds to remove from the cluster. ElastiCache for Redis will attempt to remove all node groups listed by GlobalNodeGroupsToRemove from the cluster.
", + "DecreaseNodeGroupsInGlobalReplicationGroupMessage$GlobalNodeGroupsToRetain": "If the value of NodeGroupCount is less than the current number of node groups (shards), then either NodeGroupsToRemove or NodeGroupsToRetain is required. GlobalNodeGroupsToRetain is a list of NodeGroupIds to retain from the cluster. ElastiCache for Redis will attempt to retain all node groups listed by GlobalNodeGroupsToRetain from the cluster.
" } }, "GlobalNodeGroupList": { @@ -1090,9 +1114,9 @@ "base": null, "refs": { "Authentication$PasswordCount": "The number of passwords belonging to the user. The maximum is two.
", - "CacheCluster$NumCacheNodes": "The number of cache nodes in the cluster.
For clusters running Redis, this value must be 1. For clusters running Memcached, this value must be between 1 and 20.
", + "CacheCluster$NumCacheNodes": "The number of cache nodes in the cluster.
For clusters running Redis, this value must be 1. For clusters running Memcached, this value must be between 1 and 40.
", "CacheCluster$SnapshotRetentionLimit": "The number of days for which ElastiCache retains automatic cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshot that was taken today is retained for 5 days before being deleted.
If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off.
The initial number of cache nodes that the cluster has.
For clusters running Redis, this value must be 1. For clusters running Memcached, this value must be between 1 and 20.
If you need more than 20 nodes for your Memcached cluster, please fill out the ElastiCache Limit Increase Request form at http://aws.amazon.com/contact-us/elasticache-node-limit-request/.
", + "CreateCacheClusterMessage$NumCacheNodes": "The initial number of cache nodes that the cluster has.
For clusters running Redis, this value must be 1. For clusters running Memcached, this value must be between 1 and 40.
If you need more than 20 nodes for your Memcached cluster, please fill out the ElastiCache Limit Increase Request form at http://aws.amazon.com/contact-us/elasticache-node-limit-request/.
", "CreateCacheClusterMessage$Port": "The port number on which each of the cache nodes accepts connections.
", "CreateCacheClusterMessage$SnapshotRetentionLimit": "The number of days for which ElastiCache retains automatic snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshot taken today is retained for 5 days before being deleted.
This parameter is only valid if the Engine parameter is redis.
Default: 0 (i.e., automatic backups are disabled for this cache cluster).
", "CreateReplicationGroupMessage$NumCacheClusters": "The number of clusters this replication group initially has.
This parameter is not used if there is more than one node group (shard). You should use ReplicasPerNodeGroup instead.
If AutomaticFailoverEnabled is true, the value of this parameter must be at least 2. If AutomaticFailoverEnabled is false you can omit this parameter (it will default to 1), or you can explicitly set it to a value between 2 and 6.
The maximum permitted value for NumCacheClusters is 6 (1 primary plus 5 replicas).
The maximum number of records to include in the response. If more records exist than the specified MaxRecords value, a marker is included in the response so that the remaining results can be retrieved.
", "DescribeUsersMessage$MaxRecords": "The maximum number of records to include in the response. If more records exist than the specified MaxRecords value, a marker is included in the response so that the remaining results can be retrieved.
", "IncreaseReplicaCountMessage$NewReplicaCount": "The number of read replica nodes you want at the completion of this operation. For Redis (cluster mode disabled) replication groups, this is the number of replica nodes in the replication group. For Redis (cluster mode enabled) replication groups, this is the number of replica nodes in each of the replication group's node groups.
", - "ModifyCacheClusterMessage$NumCacheNodes": "The number of cache nodes that the cluster should have. If the value for NumCacheNodes is greater than the sum of the number of current cache nodes and the number of cache nodes pending creation (which may be zero), more nodes are added. If the value is less than the number of existing cache nodes, nodes are removed. If the value is equal to the number of current cache nodes, any pending add or remove requests are canceled.
If you are removing cache nodes, you must use the CacheNodeIdsToRemove parameter to provide the IDs of the specific cache nodes to remove.
For clusters running Redis, this value must be 1. For clusters running Memcached, this value must be between 1 and 20.
Adding or removing Memcached cache nodes can be applied immediately or as a pending operation (see ApplyImmediately).
A pending operation to modify the number of cache nodes in a cluster during its maintenance window, whether by adding or removing nodes in accordance with the scale out architecture, is not queued. The customer's latest request to add or remove nodes to the cluster overrides any previous pending operations to modify the number of cache nodes in the cluster. For example, a request to remove 2 nodes would override a previous pending operation to remove 3 nodes. Similarly, a request to add 2 nodes would override a previous pending operation to remove 3 nodes and vice versa. As Memcached cache nodes may now be provisioned in different Availability Zones with flexible cache node placement, a request to add nodes does not automatically override a previous pending operation to add nodes. The customer can modify the previous pending operation to add more nodes or explicitly cancel the pending request and retry the new request. To cancel pending operations to modify the number of cache nodes in a cluster, use the ModifyCacheCluster request and set NumCacheNodes equal to the number of cache nodes currently in the cluster.
The number of cache nodes that the cluster should have. If the value for NumCacheNodes is greater than the sum of the number of current cache nodes and the number of cache nodes pending creation (which may be zero), more nodes are added. If the value is less than the number of existing cache nodes, nodes are removed. If the value is equal to the number of current cache nodes, any pending add or remove requests are canceled.
If you are removing cache nodes, you must use the CacheNodeIdsToRemove parameter to provide the IDs of the specific cache nodes to remove.
For clusters running Redis, this value must be 1. For clusters running Memcached, this value must be between 1 and 40.
Adding or removing Memcached cache nodes can be applied immediately or as a pending operation (see ApplyImmediately).
A pending operation to modify the number of cache nodes in a cluster during its maintenance window, whether by adding or removing nodes in accordance with the scale out architecture, is not queued. The customer's latest request to add or remove nodes to the cluster overrides any previous pending operations to modify the number of cache nodes in the cluster. For example, a request to remove 2 nodes would override a previous pending operation to remove 3 nodes. Similarly, a request to add 2 nodes would override a previous pending operation to remove 3 nodes and vice versa. As Memcached cache nodes may now be provisioned in different Availability Zones with flexible cache node placement, a request to add nodes does not automatically override a previous pending operation to add nodes. The customer can modify the previous pending operation to add more nodes or explicitly cancel the pending request and retry the new request. To cancel pending operations to modify the number of cache nodes in a cluster, use the ModifyCacheCluster request and set NumCacheNodes equal to the number of cache nodes currently in the cluster.
The number of days for which ElastiCache retains automatic cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshot that was taken today is retained for 5 days before being deleted.
If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off.
The number of days for which ElastiCache retains automatic node group (shard) snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshot that was taken today is retained for 5 days before being deleted.
Important If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off.
", "NodeGroupConfiguration$ReplicaCount": "The number of read replica nodes in this node group (shard).
", - "PendingModifiedValues$NumCacheNodes": "The new number of cache nodes for the cluster.
For clusters running Redis, this value must be 1. For clusters running Memcached, this value must be between 1 and 20.
", + "PendingModifiedValues$NumCacheNodes": "The new number of cache nodes for the cluster.
For clusters running Redis, this value must be 1. For clusters running Memcached, this value must be between 1 and 40.
", "PurchaseReservedCacheNodesOfferingMessage$CacheNodeCount": "The number of cache node instances to reserve.
Default: 1
The number of days for which ElastiCache retains automatic cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshot that was taken today is retained for 5 days before being deleted.
If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off.
The number of cache nodes in the source cluster.
For clusters running Redis, this value must be 1. For clusters running Memcached, this value must be between 1 and 20.
", + "Snapshot$NumCacheNodes": "The number of cache nodes in the source cluster.
For clusters running Redis, this value must be 1. For clusters running Memcached, this value must be between 1 and 40.
", "Snapshot$Port": "The port number used by each cache nodes in the source cluster.
", "Snapshot$SnapshotRetentionLimit": "For an automatic snapshot, the number of days for which ElastiCache retains the snapshot before deleting it.
For manual snapshots, this field reflects the SnapshotRetentionLimit for the source cluster when the snapshot was created. This field is otherwise ignored: Manual snapshots do not expire, and can only be deleted using the DeleteSnapshot operation.
Important If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off.
", "Snapshot$NumNodeGroups": "The number of node groups (shards) in this snapshot. When restoring from a snapshot, the number of node groups (shards) in the snapshot and in the restored replication group must be the same.
" @@ -1210,6 +1234,12 @@ "RemoveTagsFromResourceMessage$TagKeys": "A list of TagKeys identifying the tags you want removed from the named resource.
The configuration details of the Kinesis Data Firehose destination.
", + "refs": { + "DestinationDetails$KinesisFirehoseDetails": "The configuration details of the Kinesis Data Firehose destination.
" + } + }, "ListAllowedNodeTypeModificationsMessage": { "base": "The input parameters for the ListAllowedNodeTypeModifications operation.
Returns the destination, format and type of the logs.
", + "refs": { + "LogDeliveryConfigurationList$member": null + } + }, + "LogDeliveryConfigurationList": { + "base": null, + "refs": { + "CacheCluster$LogDeliveryConfigurations": "Returns the destination, format and type of the logs.
", + "ReplicationGroup$LogDeliveryConfigurations": "Returns the destination, format and type of the logs.
" + } + }, + "LogDeliveryConfigurationRequest": { + "base": "Specifies the destination, format and type of the logs.
", + "refs": { + "LogDeliveryConfigurationRequestList$member": null + } + }, + "LogDeliveryConfigurationRequestList": { + "base": null, + "refs": { + "CreateCacheClusterMessage$LogDeliveryConfigurations": "Specifies the destination, format and type of the logs.
", + "CreateReplicationGroupMessage$LogDeliveryConfigurations": "Specifies the destination, format and type of the logs.
", + "ModifyCacheClusterMessage$LogDeliveryConfigurations": "Specifies the destination, format and type of the logs.
", + "ModifyReplicationGroupMessage$LogDeliveryConfigurations": "Specifies the destination, format and type of the logs.
" + } + }, + "LogDeliveryConfigurationStatus": { + "base": null, + "refs": { + "LogDeliveryConfiguration$Status": "Returns the log delivery configuration status. Values are one of enabling | disabling | modifying | active | error
Returns the log format, either JSON or TEXT.
", + "LogDeliveryConfigurationRequest$LogFormat": "Specifies either JSON or TEXT
", + "PendingLogDeliveryConfiguration$LogFormat": "Returns the log format, either JSON or TEXT
" + } + }, + "LogType": { + "base": null, + "refs": { + "LogDeliveryConfiguration$LogType": "Refers to slow-log.
", + "LogDeliveryConfigurationRequest$LogType": "Refers to slow-log.
", + "PendingLogDeliveryConfiguration$LogType": "Refers to slow-log.
" + } + }, "ModifyCacheClusterMessage": { "base": "Represents the input of a ModifyCacheCluster operation.
Indicates the status of automatic failover for this Redis replication group.
" } }, + "PendingLogDeliveryConfiguration": { + "base": "The log delivery configurations being modified
", + "refs": { + "PendingLogDeliveryConfigurationList$member": null + } + }, + "PendingLogDeliveryConfigurationList": { + "base": null, + "refs": { + "PendingModifiedValues$LogDeliveryConfigurations": "The log delivery configurations being modified
", + "ReplicationGroupPendingModifiedValues$LogDeliveryConfigurations": "The log delivery configurations being modified
" + } + }, "PendingModifiedValues": { "base": "A group of settings that are applied to the cluster in the future, or that are currently being applied.
", "refs": { @@ -1490,7 +1583,7 @@ "refs": { "ConfigureShard$PreferredAvailabilityZones": "A list of PreferredAvailabilityZone strings that specify which availability zones the replication group's nodes are to be in. The nummber of PreferredAvailabilityZone values must equal the value of NewReplicaCount plus 1 to account for the primary node. If this member of ReplicaConfiguration is omitted, ElastiCache for Redis selects the availability zone for each of the replicas.
A list of the Availability Zones in which cache nodes are created. The order of the zones in the list is not important.
This option is only supported on Memcached.
If you are creating your cluster in an Amazon VPC (recommended) you can only locate nodes in Availability Zones that are associated with the subnets in the selected subnet group.
The number of Availability Zones listed must equal the value of NumCacheNodes.
If you want all the nodes in the same Availability Zone, use PreferredAvailabilityZone instead, or repeat the Availability Zone multiple times in the list.
Default: System chosen Availability Zones.
", - "ModifyCacheClusterMessage$NewAvailabilityZones": "The list of Availability Zones where the new Memcached cache nodes are created.
This parameter is only valid when NumCacheNodes in the request is greater than the sum of the number of active cache nodes and the number of cache nodes pending creation (which may be zero). The number of Availability Zones supplied in this list must match the cache nodes being added in this request.
This option is only supported on Memcached clusters.
Scenarios:
Scenario 1: You have 3 active nodes and wish to add 2 nodes. Specify NumCacheNodes=5 (3 + 2) and optionally specify two Availability Zones for the two new nodes.
Scenario 2: You have 3 active nodes and 2 nodes pending creation (from the scenario 1 call) and want to add 1 more node. Specify NumCacheNodes=6 ((3 + 2) + 1) and optionally specify an Availability Zone for the new node.
Scenario 3: You want to cancel all pending operations. Specify NumCacheNodes=3 to cancel all pending operations.
The Availability Zone placement of nodes pending creation cannot be modified. If you wish to cancel any nodes pending creation, add 0 nodes by setting NumCacheNodes to the number of current nodes.
If cross-az is specified, existing Memcached nodes remain in their current Availability Zone. Only newly created nodes can be located in different Availability Zones. For guidance on how to move existing Memcached nodes to different Availability Zones, see the Availability Zone Considerations section of Cache Node Considerations for Memcached.
Impact of new add/remove requests upon pending requests
Scenario-1
Pending Action: Delete
New Request: Delete
Result: The new delete, pending or immediate, replaces the pending delete.
Scenario-2
Pending Action: Delete
New Request: Create
Result: The new create, pending or immediate, replaces the pending delete.
Scenario-3
Pending Action: Create
New Request: Delete
Result: The new delete, pending or immediate, replaces the pending create.
Scenario-4
Pending Action: Create
New Request: Create
Result: The new create is added to the pending create.
Important: If the new create request is Apply Immediately - Yes, all creates are performed immediately. If the new create request is Apply Immediately - No, all creates are pending.
This option is only supported on Memcached clusters.
The list of Availability Zones where the new Memcached cache nodes are created.
This parameter is only valid when NumCacheNodes in the request is greater than the sum of the number of active cache nodes and the number of cache nodes pending creation (which may be zero). The number of Availability Zones supplied in this list must match the cache nodes being added in this request.
Scenarios:
Scenario 1: You have 3 active nodes and wish to add 2 nodes. Specify NumCacheNodes=5 (3 + 2) and optionally specify two Availability Zones for the two new nodes.
Scenario 2: You have 3 active nodes and 2 nodes pending creation (from the scenario 1 call) and want to add 1 more node. Specify NumCacheNodes=6 ((3 + 2) + 1) and optionally specify an Availability Zone for the new node.
Scenario 3: You want to cancel all pending operations. Specify NumCacheNodes=3 to cancel all pending operations.
The Availability Zone placement of nodes pending creation cannot be modified. If you wish to cancel any nodes pending creation, add 0 nodes by setting NumCacheNodes to the number of current nodes.
If cross-az is specified, existing Memcached nodes remain in their current Availability Zone. Only newly created nodes can be located in different Availability Zones. For guidance on how to move existing Memcached nodes to different Availability Zones, see the Availability Zone Considerations section of Cache Node Considerations for Memcached.
Impact of new add/remove requests upon pending requests
Scenario-1
Pending Action: Delete
New Request: Delete
Result: The new delete, pending or immediate, replaces the pending delete.
Scenario-2
Pending Action: Delete
New Request: Create
Result: The new create, pending or immediate, replaces the pending delete.
Scenario-3
Pending Action: Create
New Request: Delete
Result: The new delete, pending or immediate, replaces the pending create.
Scenario-4
Pending Action: Create
New Request: Create
Result: The new create is added to the pending create.
Important: If the new create request is Apply Immediately - Yes, all creates are performed immediately. If the new create request is Apply Immediately - No, all creates are pending.
The Amazon Virtual Private Cloud identifier (VPC ID) of the cache subnet group.
", "CacheSubnetGroup$ARN": "The ARN (Amazon Resource Name) of the cache subnet group.
", "CacheSubnetGroupMessage$Marker": "Provides an identifier to allow retrieval of paginated results.
", + "CloudWatchLogsDestinationDetails$LogGroup": "The name of the CloudWatch Logs log group.
", "ClusterIdList$member": null, "CompleteMigrationMessage$ReplicationGroupId": "The ID of the replication group to which data is being migrated.
", "CopySnapshotMessage$SourceSnapshotName": "The name of an existing snapshot from which to make a copy.
", @@ -2108,9 +2202,11 @@ "IncreaseNodeGroupsInGlobalReplicationGroupMessage$GlobalReplicationGroupId": "The name of the Global datastore
", "IncreaseReplicaCountMessage$ReplicationGroupId": "The id of the replication group to which you want to add replica nodes.
", "KeyList$member": null, + "KinesisFirehoseDestinationDetails$DeliveryStream": "The name of the Kinesis Data Firehose delivery stream.
", "ListAllowedNodeTypeModificationsMessage$CacheClusterId": "The name of the cluster you want to scale up to a larger node instanced type. ElastiCache uses the cluster id to identify the current node type of this cluster and from that to create a list of node types you can scale up to.
You must provide a value for either the CacheClusterId or the ReplicationGroupId.
The name of the replication group want to scale up to a larger node type. ElastiCache uses the replication group id to identify the current node type being used by this replication group, and from that to create a list of node types you can scale up to.
You must provide a value for either the CacheClusterId or the ReplicationGroupId.
The Amazon Resource Name (ARN) of the resource for which you want the list of tags, for example arn:aws:elasticache:us-west-2:0123456789:cluster:myCluster or arn:aws:elasticache:us-west-2:0123456789:snapshot:mySnapshot.
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces.
", + "LogDeliveryConfiguration$Message": "Returns an error message for the log delivery configuration.
", "ModifyCacheClusterMessage$CacheClusterId": "The cluster identifier. This value is stored as a lowercase string.
", "ModifyCacheClusterMessage$PreferredMaintenanceWindow": "Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period.
Valid values for ddd are:
sun
mon
tue
wed
thu
fri
sat
Example: sun:23:00-mon:01:30
The Amazon Resource Name (ARN) of the Amazon SNS topic to which notifications are sent.
The Amazon SNS topic owner must be same as the cluster owner.
The estimated time in minutes for the dataset import job to complete.
", + "DescribeForecastResponse$EstimatedTimeRemainingInMinutes": "The estimated time in minutes for the forecast job to complete.
", + "DescribePredictorResponse$EstimatedTimeRemainingInMinutes": "The estimated time in minutes for the predictor training job to complete.
" + } + }, "MaxResults": { "base": null, "refs": { diff --git a/models/apis/securityhub/2018-10-26/api-2.json b/models/apis/securityhub/2018-10-26/api-2.json index c4b74d5b509..857a3a0bc58 100644 --- a/models/apis/securityhub/2018-10-26/api-2.json +++ b/models/apis/securityhub/2018-10-26/api-2.json @@ -12,6 +12,22 @@ "uid":"securityhub-2018-10-26" }, "operations":{ + "AcceptAdministratorInvitation":{ + "name":"AcceptAdministratorInvitation", + "http":{ + "method":"POST", + "requestUri":"/administrator" + }, + "input":{"shape":"AcceptAdministratorInvitationRequest"}, + "output":{"shape":"AcceptAdministratorInvitationResponse"}, + "errors":[ + {"shape":"InternalException"}, + {"shape":"InvalidInputException"}, + {"shape":"LimitExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidAccessException"} + ] + }, "AcceptInvitation":{ "name":"AcceptInvitation", "http":{ @@ -26,7 +42,9 @@ {"shape":"LimitExceededException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InvalidAccessException"} - ] + ], + "deprecated":true, + "deprecatedMessage":"This API has been deprecated, use AcceptAdministratorInvitation API instead." }, "BatchDisableStandards":{ "name":"BatchDisableStandards", @@ -350,6 +368,22 @@ {"shape":"ResourceNotFoundException"} ] }, + "DisassociateFromAdministratorAccount":{ + "name":"DisassociateFromAdministratorAccount", + "http":{ + "method":"POST", + "requestUri":"/administrator/disassociate" + }, + "input":{"shape":"DisassociateFromAdministratorAccountRequest"}, + "output":{"shape":"DisassociateFromAdministratorAccountResponse"}, + "errors":[ + {"shape":"InternalException"}, + {"shape":"InvalidInputException"}, + {"shape":"InvalidAccessException"}, + {"shape":"LimitExceededException"}, + {"shape":"ResourceNotFoundException"} + ] + }, "DisassociateFromMasterAccount":{ "name":"DisassociateFromMasterAccount", "http":{ @@ -364,7 +398,9 @@ {"shape":"InvalidAccessException"}, {"shape":"LimitExceededException"}, {"shape":"ResourceNotFoundException"} - ] + ], + "deprecated":true, + "deprecatedMessage":"This API has been deprecated, use DisassociateFromAdministratorAccount API instead." }, "DisassociateMembers":{ "name":"DisassociateMembers", @@ -429,6 +465,22 @@ {"shape":"AccessDeniedException"} ] }, + "GetAdministratorAccount":{ + "name":"GetAdministratorAccount", + "http":{ + "method":"GET", + "requestUri":"/administrator" + }, + "input":{"shape":"GetAdministratorAccountRequest"}, + "output":{"shape":"GetAdministratorAccountResponse"}, + "errors":[ + {"shape":"InternalException"}, + {"shape":"InvalidInputException"}, + {"shape":"InvalidAccessException"}, + {"shape":"LimitExceededException"}, + {"shape":"ResourceNotFoundException"} + ] + }, "GetEnabledStandards":{ "name":"GetEnabledStandards", "http":{ @@ -520,7 +572,9 @@ {"shape":"InvalidAccessException"}, {"shape":"LimitExceededException"}, {"shape":"ResourceNotFoundException"} - ] + ], + "deprecated":true, + "deprecatedMessage":"This API has been deprecated, use GetAdministratorAccount API instead." }, "GetMembers":{ "name":"GetMembers", @@ -751,6 +805,22 @@ } }, "shapes":{ + "AcceptAdministratorInvitationRequest":{ + "type":"structure", + "required":[ + "AdministratorId", + "InvitationId" + ], + "members":{ + "AdministratorId":{"shape":"NonEmptyString"}, + "InvitationId":{"shape":"NonEmptyString"} + } + }, + "AcceptAdministratorInvitationResponse":{ + "type":"structure", + "members":{ + } + }, "AcceptInvitationRequest":{ "type":"structure", "required":[ @@ -3575,6 +3645,16 @@ "members":{ } }, + "DisassociateFromAdministratorAccountRequest":{ + "type":"structure", + "members":{ + } + }, + "DisassociateFromAdministratorAccountResponse":{ + "type":"structure", + "members":{ + } + }, "DisassociateFromMasterAccountRequest":{ "type":"structure", "members":{ @@ -3672,6 +3752,17 @@ "Lat":{"shape":"Double"} } }, + "GetAdministratorAccountRequest":{ + "type":"structure", + "members":{ + } + }, + "GetAdministratorAccountResponse":{ + "type":"structure", + "members":{ + "Administrator":{"shape":"Invitation"} + } + }, "GetEnabledStandardsRequest":{ "type":"structure", "members":{ @@ -3843,7 +3934,8 @@ "type":"string", "enum":[ "SEND_FINDINGS_TO_SECURITY_HUB", - "RECEIVE_FINDINGS_FROM_SECURITY_HUB" + "RECEIVE_FINDINGS_FROM_SECURITY_HUB", + "UPDATE_FINDINGS_IN_SECURITY_HUB" ] }, "IntegrationTypeList":{ @@ -4142,7 +4234,12 @@ "members":{ "AccountId":{"shape":"AccountId"}, "Email":{"shape":"NonEmptyString"}, - "MasterId":{"shape":"NonEmptyString"}, + "MasterId":{ + "shape":"NonEmptyString", + "deprecated":true, + "deprecatedMessage":"This field is deprecated, use AdministratorId instead." + }, + "AdministratorId":{"shape":"NonEmptyString"}, "MemberStatus":{"shape":"NonEmptyString"}, "InvitedAt":{"shape":"Timestamp"}, "UpdatedAt":{"shape":"Timestamp"} diff --git a/models/apis/securityhub/2018-10-26/docs-2.json b/models/apis/securityhub/2018-10-26/docs-2.json index 9f4a7202575..0fc8392bb65 100644 --- a/models/apis/securityhub/2018-10-26/docs-2.json +++ b/models/apis/securityhub/2018-10-26/docs-2.json @@ -1,15 +1,16 @@ { "version": "2.0", - "service": "Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also provides you with the readiness status of your environment based on controls from supported security standards. Security Hub collects security data from AWS accounts, services, and integrated third-party products and helps you analyze security trends in your environment to identify the highest priority security issues. For more information about Security Hub, see the AWS Security Hub User Guide .
When you use operations in the Security Hub API, the requests are executed only in the AWS Region that is currently active or in the specific AWS Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, execute the same command for each Region to apply the change to.
For example, if your Region is set to us-west-2, when you use CreateMembers to add a member account to Security Hub, the association of the member account with the master account is created only in the us-west-2 Region. Security Hub must be enabled for the member account in the same Region that the invitation was sent from.
The following throttling limits apply to using Security Hub API operations.
BatchEnableStandards - RateLimit of 1 request per second, BurstLimit of 1 request per second.
GetFindings - RateLimit of 3 requests per second. BurstLimit of 6 requests per second.
UpdateFindings - RateLimit of 1 request per second. BurstLimit of 5 requests per second.
UpdateStandardsControl - RateLimit of 1 request per second, BurstLimit of 5 requests per second.
All other operations - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
Security Hub provides you with a comprehensive view of the security state of your AWS environment and resources. It also provides you with the readiness status of your environment based on controls from supported security standards. Security Hub collects security data from AWS accounts, services, and integrated third-party products and helps you analyze security trends in your environment to identify the highest priority security issues. For more information about Security Hub, see the AWS Security Hub User Guide .
When you use operations in the Security Hub API, the requests are executed only in the AWS Region that is currently active or in the specific AWS Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, execute the same command for each Region to apply the change to.
For example, if your Region is set to us-west-2, when you use CreateMembers to add a member account to Security Hub, the association of the member account with the administrator account is created only in the us-west-2 Region. Security Hub must be enabled for the member account in the same Region that the invitation was sent from.
The following throttling limits apply to using Security Hub API operations.
BatchEnableStandards - RateLimit of 1 request per second, BurstLimit of 1 request per second.
GetFindings - RateLimit of 3 requests per second. BurstLimit of 6 requests per second.
UpdateFindings - RateLimit of 1 request per second. BurstLimit of 5 requests per second.
UpdateStandardsControl - RateLimit of 1 request per second, BurstLimit of 5 requests per second.
All other operations - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
Accepts the invitation to be a member account and be monitored by the Security Hub master account that the invitation was sent from.
This operation is only used by member accounts that are not added through Organizations.
When the member account accepts the invitation, permission is granted to the master account to view findings generated in the member account.
", + "AcceptAdministratorInvitation": "Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.
This operation is only used by member accounts that are not added through Organizations.
When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.
", + "AcceptInvitation": "This method is deprecated. Instead, use AcceptAdministratorInvitation.
Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.
This operation is only used by member accounts that are not added through Organizations.
When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.
", "BatchDisableStandards": "Disables the standards specified by the provided StandardsSubscriptionArns.
For more information, see Security Standards section of the AWS Security Hub User Guide.
", "BatchEnableStandards": "Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation.
For more information, see the Security Standards section of the AWS Security Hub User Guide.
", "BatchImportFindings": "Imports security findings generated from an integrated product into Security Hub. This action is requested by the integrated product to import its findings into Security Hub.
The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.
After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.
Note
UserDefinedFields
VerificationState
Workflow
Finding providers also should not use BatchImportFindings to update the following attributes.
Confidence
Criticality
RelatedFindings
Severity
Types
Instead, finding providers use FindingProviderFields to provide values for these attributes.
Used by Security Hub customers to update information about their investigation into a finding. Requested by master accounts or member accounts. Master accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.
Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding.
Master and member accounts can use BatchUpdateFindings to update the following finding fields and objects.
Confidence
Criticality
Note
RelatedFindings
Severity
Types
UserDefinedFields
VerificationState
Workflow
You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the AWS Security Hub User Guide.
", + "BatchUpdateFindings": "Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.
Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding.
Administrator and member accounts can use BatchUpdateFindings to update the following finding fields and objects.
Confidence
Criticality
Note
RelatedFindings
Severity
Types
UserDefinedFields
VerificationState
Workflow
You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the AWS Security Hub User Guide.
", "CreateActionTarget": "Creates a custom action target in Security Hub.
You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.
", "CreateInsight": "Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.
To group the related findings in the insight, use the GroupByAttribute.
Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the master account. If you are integrated with Organizations, then the master account is the Security Hub administrator account that is designated by the organization management account.
CreateMembers is always used to add accounts that are not organization members.
For accounts that are part of an organization, CreateMembers is only used in the following cases:
Security Hub is not configured to automatically add new accounts in an organization.
The account was disassociated or deleted in Security Hub.
This action can only be used by an account that has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.
For accounts that are not organization members, you create the account association and then send an invitation to the member account. To send the invitation, you use the InviteMembers operation. If the account owner accepts the invitation, the account becomes a member account in Security Hub.
Accounts that are part of an organization do not receive an invitation. They automatically become a member account in Security Hub.
A permissions policy is added that permits the master account to view the findings generated in the member account. When Security Hub is enabled in a member account, findings are sent to both the member and master accounts.
To remove the association between the master and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.
Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.
CreateMembers is always used to add accounts that are not organization members.
For accounts that are part of an organization, CreateMembers is only used in the following cases:
Security Hub is not configured to automatically add new accounts in an organization.
The account was disassociated or deleted in Security Hub.
This action can only be used by an account that has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.
For accounts that are not organization members, you create the account association and then send an invitation to the member account. To send the invitation, you use the InviteMembers operation. If the account owner accepts the invitation, the account becomes a member account in Security Hub.
Accounts that are part of an organization do not receive an invitation. They automatically become a member account in Security Hub.
A permissions policy is added that permits the administrator account to view the findings generated in the member account. When Security Hub is enabled in a member account, the member account findings are also visible to the administrator account.
To remove the association between the administrator and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.
Declines invitations to become a member account.
This operation is only used by accounts that are not part of an organization. Organization accounts do not receive invitations.
", "DeleteActionTarget": "Deletes a custom action target from Security Hub.
Deleting a custom action target does not affect any findings or insights that were already sent to Amazon CloudWatch Events using the custom action.
", "DeleteInsight": "Deletes the insight specified by the InsightArn.
Returns a list of security standards controls.
For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.
", "DisableImportFindingsForProduct": "Disables the integration of the specified product with Security Hub. After the integration is disabled, findings from that product are no longer sent to Security Hub.
", "DisableOrganizationAdminAccount": "Disables a Security Hub administrator account. Can only be called by the organization management account.
", - "DisableSecurityHub": "Disables Security Hub in your account only in the current Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub.
When you disable Security Hub for a master account, it doesn't disable Security Hub for any associated member accounts.
When you disable Security Hub, your existing findings and insights and any Security Hub configuration settings are deleted after 90 days and cannot be recovered. Any standards that were enabled are disabled, and your master and member account associations are removed.
If you want to save your existing findings, you must export them before you disable Security Hub.
", - "DisassociateFromMasterAccount": "Disassociates the current Security Hub member account from the associated master account.
This operation is only used by accounts that are not part of an organization. For organization accounts, only the master account (the designated Security Hub administrator) can disassociate a member account.
", - "DisassociateMembers": "Disassociates the specified member accounts from the associated master account.
Can be used to disassociate both accounts that are in an organization and accounts that were invited manually.
", + "DisableSecurityHub": "Disables Security Hub in your account only in the current Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub.
When you disable Security Hub for an administrator account, it doesn't disable Security Hub for any associated member accounts.
When you disable Security Hub, your existing findings and insights and any Security Hub configuration settings are deleted after 90 days and cannot be recovered. Any standards that were enabled are disabled, and your administrator and member account associations are removed.
If you want to save your existing findings, you must export them before you disable Security Hub.
", + "DisassociateFromAdministratorAccount": "Disassociates the current Security Hub member account from the associated administrator account.
This operation is only used by accounts that are not part of an organization. For organization accounts, only the administrator account can disassociate a member account.
", + "DisassociateFromMasterAccount": "This method is deprecated. Instead, use DisassociateFromAdministratorAccount.
Disassociates the current Security Hub member account from the associated administrator account.
This operation is only used by accounts that are not part of an organization. For organization accounts, only the administrator account can disassociate a member account.
", + "DisassociateMembers": "Disassociates the specified member accounts from the associated administrator account.
Can be used to disassociate both accounts that are managed using Organizations and accounts that were invited manually.
", "EnableImportFindingsForProduct": "Enables the integration of a partner product with Security Hub. Integrated products send findings to Security Hub.
When you enable a product integration, a permissions policy that grants permission for the product to send findings to Security Hub is applied.
", "EnableOrganizationAdminAccount": "Designates the Security Hub administrator account for an organization. Can only be called by the organization management account.
", "EnableSecurityHub": "Enables Security Hub for your account in the current Region or the Region you specify in the request.
When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from other services that are integrated with Security Hub.
When you use the EnableSecurityHub operation to enable Security Hub, you also automatically enable the following standards.
CIS AWS Foundations
AWS Foundational Security Best Practices
You do not enable the Payment Card Industry Data Security Standard (PCI DSS) standard.
To not enable the automatically enabled standards, set EnableDefaultStandards to false.
After you enable Security Hub, to enable a standard, use the BatchEnableStandards operation. To disable a standard, use the BatchDisableStandards operation.
To learn more, see Setting Up AWS Security Hub in the AWS Security Hub User Guide.
", + "GetAdministratorAccount": "Provides the details for the Security Hub administrator account for the current member account.
Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.
", "GetEnabledStandards": "Returns a list of the standards that are currently enabled.
", "GetFindings": "Returns a list of findings that match the specified criteria.
", "GetInsightResults": "Lists the results of the Security Hub insight specified by the insight ARN.
", "GetInsights": "Lists and describes insights for the specified insight ARNs.
", "GetInvitationsCount": "Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.
", - "GetMasterAccount": "Provides the details for the Security Hub master account for the current member account.
Can be used by both member accounts that are in an organization and accounts that were invited manually.
", - "GetMembers": "Returns the details for the Security Hub member accounts for the specified account IDs.
A master account can be either a delegated Security Hub administrator account for an organization or a master account that enabled Security Hub manually.
The results include both member accounts that are in an organization and accounts that were invited manually.
", - "InviteMembers": "Invites other AWS accounts to become member accounts for the Security Hub master account that the invitation is sent from.
This operation is only used to invite accounts that do not belong to an organization. Organization accounts do not receive invitations.
Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub.
When the account owner enables Security Hub and accepts the invitation to become a member account, the master account can view the findings generated from the member account.
", + "GetMasterAccount": "This method is deprecated. Instead, use GetAdministratorAccount.
Provides the details for the Security Hub administrator account for the current member account.
Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.
", + "GetMembers": "Returns the details for the Security Hub member accounts for the specified account IDs.
An administrator account can be either the delegated Security Hub administrator account for an organization or an administrator account that enabled Security Hub manually.
The results include both member accounts that are managed using Organizations and accounts that were invited manually.
", + "InviteMembers": "Invites other AWS accounts to become member accounts for the Security Hub administrator account that the invitation is sent from.
This operation is only used to invite accounts that do not belong to an organization. Organization accounts do not receive invitations.
Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub.
When the account owner enables Security Hub and accepts the invitation to become a member account, the administrator account can view the findings generated from the member account.
", "ListEnabledProductsForImport": "Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub.
", - "ListInvitations": "Lists all Security Hub membership invitations that were sent to the current AWS account.
This operation is only used by accounts that do not belong to an organization. Organization accounts do not receive invitations.
", - "ListMembers": "Lists details about all member accounts for the current Security Hub master account.
The results include both member accounts that belong to an organization and member accounts that were invited manually.
", + "ListInvitations": "Lists all Security Hub membership invitations that were sent to the current AWS account.
This operation is only used by accounts that are managed by invitation. Accounts that are managed using the integration with AWS Organizations do not receive invitations.
", + "ListMembers": "Lists details about all member accounts for the current Security Hub administrator account.
The results include both member accounts that belong to an organization and member accounts that were invited manually.
", "ListOrganizationAdminAccounts": "Lists the Security Hub administrator accounts. Can only be called by the organization management account.
", "ListTagsForResource": "Returns a list of tags associated with a resource.
", "TagResource": "Adds one or more tags to a resource.
", @@ -52,6 +55,16 @@ "UpdateStandardsControl": "Used to control whether an individual security standard control is enabled or disabled.
" }, "shapes": { + "AcceptAdministratorInvitationRequest": { + "base": null, + "refs": { + } + }, + "AcceptAdministratorInvitationResponse": { + "base": null, + "refs": { + } + }, "AcceptInvitationRequest": { "base": null, "refs": { @@ -76,14 +89,14 @@ "AccountDetailsList": { "base": null, "refs": { - "CreateMembersRequest$AccountDetails": "The list of accounts to associate with the Security Hub master account. For each account, the list includes the account ID and optionally the email address.
" + "CreateMembersRequest$AccountDetails": "The list of accounts to associate with the Security Hub administrator account. For each account, the list includes the account ID and optionally the email address.
" } }, "AccountId": { "base": null, "refs": { "AccountDetails$AccountId": "The ID of an AWS account.
", - "Invitation$AccountId": "The account ID of the Security Hub master account that the invitation was sent from.
", + "Invitation$AccountId": "The account ID of the Security Hub administrator account that the invitation was sent from.
", "Member$AccountId": "The AWS account ID of the member account.
", "Result$AccountId": "An AWS account ID of the account that was not processed.
" } @@ -94,7 +107,7 @@ "DeclineInvitationsRequest$AccountIds": "The list of account IDs for the accounts from which to decline the invitations to Security Hub.
", "DeleteInvitationsRequest$AccountIds": "The list of the account IDs that sent the invitations to delete.
", "DeleteMembersRequest$AccountIds": "The list of account IDs for the member accounts to delete.
", - "DisassociateMembersRequest$AccountIds": "The account IDs of the member accounts to disassociate from the master account.
", + "DisassociateMembersRequest$AccountIds": "The account IDs of the member accounts to disassociate from the administrator account.
", "GetMembersRequest$AccountIds": "The list of account IDs for the Security Hub member accounts to return the details for.
", "InviteMembersRequest$AccountIds": "The list of account IDs of the AWS accounts to invite to Security Hub as members.
" } @@ -1739,7 +1752,7 @@ "DescribeOrganizationConfigurationResponse$MemberAccountLimitReached": "Whether the maximum number of allowed member accounts are already associated with the Security Hub administrator account.
", "DnsRequestAction$Blocked": "Indicates whether the DNS request was blocked.
", "EnableSecurityHubRequest$EnableDefaultStandards": "Whether to enable the security standards that Security Hub has designated as automatically enabled. If you do not provide a value for EnableDefaultStandards, it is set to true. To not enable the automatically enabled standards, set EnableDefaultStandards to false.
Specifies which member accounts to include in the response based on their relationship status with the master account. The default value is TRUE.
If OnlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the master is set to ENABLED.
If OnlyAssociated is set to FALSE, the response includes all existing member accounts.
Specifies which member accounts to include in the response based on their relationship status with the administrator account. The default value is TRUE.
If OnlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the administrator account is set to ENABLED.
If OnlyAssociated is set to FALSE, the response includes all existing member accounts.
Indicates whether the network connection attempt was blocked.
", "PortProbeAction$Blocked": "Indicates whether the port probe was blocked.
", "Standard$EnabledByDefault": "Whether the standard is enabled by default. When Security Hub is enabled from the console, if a standard is enabled by default, the check box for that standard is selected by default.
When Security Hub is enabled using the EnableSecurityHub API operation, the standard is enabled by default unless EnableDefaultStandards is set to false.
The coordinates of the location of the remote IP address.
" } }, + "GetAdministratorAccountRequest": { + "base": null, + "refs": { + } + }, + "GetAdministratorAccountResponse": { + "base": null, + "refs": { + } + }, "GetEnabledStandardsRequest": { "base": null, "refs": { @@ -2412,7 +2445,7 @@ "IntegrationTypeList": { "base": null, "refs": { - "Product$IntegrationTypes": "The types of integration that the product supports. Available values are the following.
SEND_FINDINGS_TO_SECURITY_HUB - Indicates that the integration sends findings to Security Hub.
RECEIVE_FINDINGS_FROM_SECURITY_HUB - Indicates that the integration receives findings from Security Hub.
The types of integration that the product supports. Available values are the following.
SEND_FINDINGS_TO_SECURITY_HUB - The integration sends findings to Security Hub.
RECEIVE_FINDINGS_FROM_SECURITY_HUB - The integration receives findings from Security Hub.
UPDATE_FINDINGS_IN_SECURITY_HUB - The integration does not send new findings to Security Hub, but does make updates to the findings that it receives from Security Hub.
Details about an invitation.
", "refs": { - "GetMasterAccountResponse$Master": "A list of details about the Security Hub master account for the current member account.
", + "GetAdministratorAccountResponse$Administrator": null, + "GetMasterAccountResponse$Master": "A list of details about the Security Hub administrator account for the current member account.
", "InvitationList$member": null } }, @@ -2726,8 +2760,10 @@ "NonEmptyString": { "base": null, "refs": { - "AcceptInvitationRequest$MasterId": "The account ID of the Security Hub master account that sent the invitation.
", - "AcceptInvitationRequest$InvitationId": "The ID of the invitation sent from the Security Hub master account.
", + "AcceptAdministratorInvitationRequest$AdministratorId": "The account ID of the Security Hub administrator account that sent the invitation.
", + "AcceptAdministratorInvitationRequest$InvitationId": "The identifier of the invitation sent from the Security Hub administrator account.
", + "AcceptInvitationRequest$MasterId": "The account ID of the Security Hub administrator account that sent the invitation.
", + "AcceptInvitationRequest$InvitationId": "The identifier of the invitation sent from the Security Hub administrator account.
", "AccessDeniedException$Message": null, "AccessDeniedException$Code": null, "AccountDetails$Email": "The email of an AWS account.
", @@ -3346,7 +3382,7 @@ "InvalidInputException$Message": null, "InvalidInputException$Code": null, "Invitation$InvitationId": "The ID of the invitation sent to the member account.
", - "Invitation$MemberStatus": "The current status of the association between the member and master accounts.
", + "Invitation$MemberStatus": "The current status of the association between the member and administrator accounts.
", "IpFilter$Cidr": "A finding's CIDR value.
", "IpOrganizationDetails$AsnOrg": "The name of the organization that registered the ASN.
", "IpOrganizationDetails$Isp": "The ISP information for the internet provider.
", @@ -3366,8 +3402,9 @@ "MapFilter$Key": "The key of the map filter. For example, for ResourceTags, Key identifies the name of the tag. For UserDefinedFields, Key is the name of the field.
The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security. If you provide security as the filter value, then there is no match.
The email address of the member account.
", - "Member$MasterId": "The AWS account ID of the Security Hub master account associated with this member account.
", - "Member$MemberStatus": "The status of the relationship between the member account and its master account.
The status can have one of the following values:
CREATED - Indicates that the master account added the member account, but has not yet invited the member account.
INVITED - Indicates that the master account invited the member account. The member account has not yet responded to the invitation.
ENABLED - Indicates that the member account is currently active. For manually invited member accounts, indicates that the member account accepted the invitation.
REMOVED - Indicates that the master account disassociated the member account.
RESIGNED - Indicates that the member account disassociated themselves from the master account.
DELETED - Indicates that the master account deleted the member account.
This is replaced by AdministratorID.
The AWS account ID of the Security Hub administrator account associated with this member account.
", + "Member$AdministratorId": "The AWS account ID of the Security Hub administrator account associated with this member account.
", + "Member$MemberStatus": "The status of the relationship between the member account and its administrator account.
The status can have one of the following values:
CREATED - Indicates that the administrator account added the member account, but has not yet invited the member account.
INVITED - Indicates that the administrator account invited the member account. The member account has not yet responded to the invitation.
ENABLED - Indicates that the member account is currently active. For manually invited member accounts, indicates that the member account accepted the invitation.
REMOVED - Indicates that the administrator account disassociated the member account.
RESIGNED - Indicates that the member account disassociated themselves from the administrator account.
DELETED - Indicates that the administrator account deleted the member account.
The protocol of network-related information about a finding.
", "Network$SourceIpV4": "The source IPv4 address of network-related information about a finding.
", "Network$SourceIpV6": "The source IPv6 address of network-related information about a finding.
", @@ -3400,8 +3437,8 @@ "Product$ProductName": "The name of the product.
", "Product$CompanyName": "The name of the company that provides the product.
", "Product$Description": "A description of the product.
", - "Product$MarketplaceUrl": "The URL for the page that contains more information about the product.
", - "Product$ActivationUrl": "The URL used to activate the product.
", + "Product$MarketplaceUrl": "For integrations with AWS services, the AWS Console URL from which to activate the service.
For integrations with third-party products, the AWS Marketplace URL from which to subscribe to or purchase the product.
", + "Product$ActivationUrl": "The URL to the service or product documentation about the integration with Security Hub, including how to activate the integration.
", "Product$ProductSubscriptionResourcePolicy": "The resource policy associated with the product.
", "ProductSubscriptionArnList$member": null, "Recommendation$Text": "Describes the recommended steps to take to remediate an issue identified in a finding.
", diff --git a/service/cognitoidentityprovider/api.go b/service/cognitoidentityprovider/api.go index 4a0e782d835..2334ac823b6 100644 --- a/service/cognitoidentityprovider/api.go +++ b/service/cognitoidentityprovider/api.go @@ -4511,7 +4511,7 @@ func (c *CognitoIdentityProvider) DeleteGroupRequest(input *DeleteGroupInput) (r // DeleteGroup API operation for Amazon Cognito Identity Provider. // -// Deletes a group. Currently only groups with no members can be deleted. +// Deletes a group. // // Calling this action requires developer credentials. // @@ -12345,7 +12345,7 @@ func (s AdminDisableProviderForUserOutput) GoString() string { return s.String() } -// Represents the request to disable any user as an administrator. +// Represents the request to disable the user as an administrator. type AdminDisableUserInput struct { _ struct{} `type:"structure"` @@ -13127,9 +13127,18 @@ type AdminInitiateAuthOutput struct { // USERNAME and PASSWORD directly. An app client must be enabled to use this // flow. // - // * NEW_PASSWORD_REQUIRED: For users which are required to change their - // passwords after successful first login. This challenge should be passed - // with NEW_PASSWORD and any other required attributes. + // * NEW_PASSWORD_REQUIRED: For users who are required to change their passwords + // after successful first login. This challenge should be passed with NEW_PASSWORD + // and any other required attributes. + // + // * MFA_SETUP: For users who are required to setup an MFA factor before + // they can sign-in. The MFA types enabled for the user pool will be listed + // in the challenge parameters MFA_CAN_SETUP value. To setup software token + // MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken, + // and use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge + // with challenge name MFA_SETUP to complete sign-in. To setup SMS MFA, users + // will need help from an administrator to add a phone number to their account + // and then call InitiateAuth again to restart sign-in. ChallengeName *string `type:"string" enum:"ChallengeNameType"` // The challenge parameters. These are returned to you in the AdminInitiateAuth @@ -13873,6 +13882,9 @@ type AdminRespondToAuthChallengeInput struct { // * NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, // USERNAME, SECRET_HASH (if app client is configured with client secret). // + // * MFA_SETUP requires USERNAME, plus you need to use the session value + // returned by VerifySoftwareToken in the Session parameter. + // // The value of the USERNAME attribute must be the user's actual username, not // an alias (such as email address or phone number). To make this easier, the // AdminInitiateAuth response includes the actual username value in the USERNAMEUSER_ID_FOR_SRP @@ -21044,9 +21056,18 @@ type InitiateAuthOutput struct { // * DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices // only. // - // * NEW_PASSWORD_REQUIRED: For users which are required to change their - // passwords after successful first login. This challenge should be passed - // with NEW_PASSWORD and any other required attributes. + // * NEW_PASSWORD_REQUIRED: For users who are required to change their passwords + // after successful first login. This challenge should be passed with NEW_PASSWORD + // and any other required attributes. + // + // * MFA_SETUP: For users who are required to setup an MFA factor before + // they can sign-in. The MFA types enabled for the user pool will be listed + // in the challenge parameters MFA_CAN_SETUP value. To setup software token + // MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken, + // and use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge + // with challenge name MFA_SETUP to complete sign-in. To setup SMS MFA, users + // will need help from an administrator to add a phone number to their account + // and then call InitiateAuth again to restart sign-in. ChallengeName *string `type:"string" enum:"ChallengeNameType"` // The challenge parameters. These are returned to you in the InitiateAuth response @@ -24088,6 +24109,9 @@ type RespondToAuthChallengeInput struct { // // * DEVICE_PASSWORD_VERIFIER requires everything that PASSWORD_VERIFIER // requires plus DEVICE_KEY. + // + // * MFA_SETUP requires USERNAME, plus you need to use the session value + // returned by VerifySoftwareToken in the Session parameter. ChallengeResponses map[string]*string `type:"map"` // The app client ID. @@ -24873,7 +24897,10 @@ func (s SetUserMFAPreferenceOutput) GoString() string { type SetUserPoolMfaConfigInput struct { _ struct{} `type:"structure"` - // The MFA configuration. Valid values include: + // The MFA configuration. Users who don't have an MFA factor set up won't be + // able to sign-in if you set the MfaConfiguration value to ‘ON’. See Adding + // Multi-Factor Authentication (MFA) to a User Pool (cognito/latest/developerguide/user-pool-settings-mfa.html) + // to learn more. Valid values include: // // * OFF MFA will not be used for any users. // @@ -25326,6 +25353,9 @@ type SmsConfigurationType struct { // policy to require the ExternalID. If you use the Cognito Management Console // to create a role for SMS MFA, Cognito will create a role with the required // permissions and a trust policy that demonstrates use of the ExternalId. + // + // For more information about the ExternalId of a role, see How to use an external + // ID when granting access to your AWS resources to a third party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) ExternalId *string `type:"string"` // The Amazon Resource Name (ARN) of the Amazon Simple Notification Service @@ -27474,7 +27504,9 @@ type UpdateUserPoolInput struct { // registration. // // * ON - MFA tokens are required for all user registrations. You can only - // specify required when you are initially creating a user pool. + // specify ON when you are initially creating a user pool. You can use the + // SetUserPoolMfaConfig (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) + // API operation to turn MFA "ON" for existing user pools. // // * OPTIONAL - Users have the option when registering to create an MFA token. MfaConfiguration *string `type:"string" enum:"UserPoolMfaType"` diff --git a/service/cognitoidentityprovider/doc.go b/service/cognitoidentityprovider/doc.go index b25b59fb2f7..ca2e21111da 100644 --- a/service/cognitoidentityprovider/doc.go +++ b/service/cognitoidentityprovider/doc.go @@ -10,7 +10,7 @@ // This API reference provides information about user pools in Amazon Cognito // User Pools. // -// For more information, see the Amazon Cognito Documentation. +// For more information, see the Amazon Cognito Documentation (https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html). // // See https://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18 for more information on this service. // diff --git a/service/elasticache/api.go b/service/elasticache/api.go index 2bb18d44a3f..f1b756c64df 100644 --- a/service/elasticache/api.go +++ b/service/elasticache/api.go @@ -7993,6 +7993,9 @@ type CacheCluster struct { // The version of the cache engine that is used in this cluster. EngineVersion *string `type:"string"` + // Returns the destination, format and type of the logs. + LogDeliveryConfigurations []*LogDeliveryConfiguration `locationNameList:"LogDeliveryConfiguration" type:"list"` + // Describes a notification topic and its status. Notification topics are used // for publishing ElastiCache events to subscribers using Amazon Simple Notification // Service (SNS). @@ -8001,7 +8004,7 @@ type CacheCluster struct { // The number of cache nodes in the cluster. // // For clusters running Redis, this value must be 1. For clusters running Memcached, - // this value must be between 1 and 20. + // this value must be between 1 and 40. NumCacheNodes *int64 `type:"integer"` // A group of settings that are applied to the cluster in the future, or that @@ -8042,6 +8045,10 @@ type CacheCluster struct { // the cluster is not associated with any replication group. ReplicationGroupId *string `type:"string"` + // A boolean value indicating whether log delivery is enabled for the replication + // group. + ReplicationGroupLogDeliveryEnabled *bool `type:"boolean"` + // A list of VPC Security Groups associated with the cluster. SecurityGroups []*SecurityGroupMembership `type:"list"` @@ -8184,6 +8191,12 @@ func (s *CacheCluster) SetEngineVersion(v string) *CacheCluster { return s } +// SetLogDeliveryConfigurations sets the LogDeliveryConfigurations field's value. +func (s *CacheCluster) SetLogDeliveryConfigurations(v []*LogDeliveryConfiguration) *CacheCluster { + s.LogDeliveryConfigurations = v + return s +} + // SetNotificationConfiguration sets the NotificationConfiguration field's value. func (s *CacheCluster) SetNotificationConfiguration(v *NotificationConfiguration) *CacheCluster { s.NotificationConfiguration = v @@ -8226,6 +8239,12 @@ func (s *CacheCluster) SetReplicationGroupId(v string) *CacheCluster { return s } +// SetReplicationGroupLogDeliveryEnabled sets the ReplicationGroupLogDeliveryEnabled field's value. +func (s *CacheCluster) SetReplicationGroupLogDeliveryEnabled(v bool) *CacheCluster { + s.ReplicationGroupLogDeliveryEnabled = &v + return s +} + // SetSecurityGroups sets the SecurityGroups field's value. func (s *CacheCluster) SetSecurityGroups(v []*SecurityGroupMembership) *CacheCluster { s.SecurityGroups = v @@ -8976,6 +8995,30 @@ func (s *CacheSubnetGroup) SetVpcId(v string) *CacheSubnetGroup { return s } +// The configuration details of the CloudWatch Logs destination. +type CloudWatchLogsDestinationDetails struct { + _ struct{} `type:"structure"` + + // The name of the CloudWatch Logs log group. + LogGroup *string `type:"string"` +} + +// String returns the string representation +func (s CloudWatchLogsDestinationDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CloudWatchLogsDestinationDetails) GoString() string { + return s.String() +} + +// SetLogGroup sets the LogGroup field's value. +func (s *CloudWatchLogsDestinationDetails) SetLogGroup(v string) *CloudWatchLogsDestinationDetails { + s.LogGroup = &v + return s +} + type CompleteMigrationInput struct { _ struct{} `type:"structure"` @@ -9388,6 +9431,9 @@ type CreateCacheClusterInput struct { // group and create it anew with the earlier engine version. EngineVersion *string `type:"string"` + // Specifies the destination, format and type of the logs. + LogDeliveryConfigurations []*LogDeliveryConfigurationRequest `locationNameList:"LogDeliveryConfigurationRequest" type:"list"` + // The Amazon Resource Name (ARN) of the Amazon Simple Notification Service // (SNS) topic to which notifications are sent. // @@ -9397,7 +9443,7 @@ type CreateCacheClusterInput struct { // The initial number of cache nodes that the cluster has. // // For clusters running Redis, this value must be 1. For clusters running Memcached, - // this value must be between 1 and 20. + // this value must be between 1 and 40. // // If you need more than 20 nodes for your Memcached cluster, please fill out // the ElastiCache Limit Increase Request form at http://aws.amazon.com/contact-us/elasticache-node-limit-request/ @@ -9591,6 +9637,12 @@ func (s *CreateCacheClusterInput) SetEngineVersion(v string) *CreateCacheCluster return s } +// SetLogDeliveryConfigurations sets the LogDeliveryConfigurations field's value. +func (s *CreateCacheClusterInput) SetLogDeliveryConfigurations(v []*LogDeliveryConfigurationRequest) *CreateCacheClusterInput { + s.LogDeliveryConfigurations = v + return s +} + // SetNotificationTopicArn sets the NotificationTopicArn field's value. func (s *CreateCacheClusterInput) SetNotificationTopicArn(v string) *CreateCacheClusterInput { s.NotificationTopicArn = &v @@ -10262,6 +10314,9 @@ type CreateReplicationGroupInput struct { // The ID of the KMS key used to encrypt the disk in the cluster. KmsKeyId *string `type:"string"` + // Specifies the destination, format and type of the logs. + LogDeliveryConfigurations []*LogDeliveryConfigurationRequest `locationNameList:"LogDeliveryConfigurationRequest" type:"list"` + // A flag indicating if you have Multi-AZ enabled to enhance fault tolerance. // For more information, see Minimizing Downtime: Multi-AZ (http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html). MultiAZEnabled *bool `type:"boolean"` @@ -10562,6 +10617,12 @@ func (s *CreateReplicationGroupInput) SetKmsKeyId(v string) *CreateReplicationGr return s } +// SetLogDeliveryConfigurations sets the LogDeliveryConfigurations field's value. +func (s *CreateReplicationGroupInput) SetLogDeliveryConfigurations(v []*LogDeliveryConfigurationRequest) *CreateReplicationGroupInput { + s.LogDeliveryConfigurations = v + return s +} + // SetMultiAZEnabled sets the MultiAZEnabled field's value. func (s *CreateReplicationGroupInput) SetMultiAZEnabled(v bool) *CreateReplicationGroupInput { s.MultiAZEnabled = &v @@ -11206,15 +11267,15 @@ type DecreaseNodeGroupsInGlobalReplicationGroupInput struct { // If the value of NodeGroupCount is less than the current number of node groups // (shards), then either NodeGroupsToRemove or NodeGroupsToRetain is required. - // NodeGroupsToRemove is a list of NodeGroupIds to remove from the cluster. - // ElastiCache for Redis will attempt to remove all node groups listed by NodeGroupsToRemove + // GlobalNodeGroupsToRemove is a list of NodeGroupIds to remove from the cluster. + // ElastiCache for Redis will attempt to remove all node groups listed by GlobalNodeGroupsToRemove // from the cluster. GlobalNodeGroupsToRemove []*string `locationNameList:"GlobalNodeGroupId" type:"list"` // If the value of NodeGroupCount is less than the current number of node groups // (shards), then either NodeGroupsToRemove or NodeGroupsToRetain is required. - // NodeGroupsToRemove is a list of NodeGroupIds to remove from the cluster. - // ElastiCache for Redis will attempt to remove all node groups listed by NodeGroupsToRemove + // GlobalNodeGroupsToRetain is a list of NodeGroupIds to retain from the cluster. + // ElastiCache for Redis will attempt to retain all node groups listed by GlobalNodeGroupsToRetain // from the cluster. GlobalNodeGroupsToRetain []*string `locationNameList:"GlobalNodeGroupId" type:"list"` @@ -14074,6 +14135,40 @@ func (s *DescribeUsersOutput) SetUsers(v []*User) *DescribeUsersOutput { return s } +// Configuration details of either a CloudWatch Logs destination or Kinesis +// Data Firehose destination. +type DestinationDetails struct { + _ struct{} `type:"structure"` + + // The configuration details of the CloudWatch Logs destination. + CloudWatchLogsDetails *CloudWatchLogsDestinationDetails `type:"structure"` + + // The configuration details of the Kinesis Data Firehose destination. + KinesisFirehoseDetails *KinesisFirehoseDestinationDetails `type:"structure"` +} + +// String returns the string representation +func (s DestinationDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DestinationDetails) GoString() string { + return s.String() +} + +// SetCloudWatchLogsDetails sets the CloudWatchLogsDetails field's value. +func (s *DestinationDetails) SetCloudWatchLogsDetails(v *CloudWatchLogsDestinationDetails) *DestinationDetails { + s.CloudWatchLogsDetails = v + return s +} + +// SetKinesisFirehoseDetails sets the KinesisFirehoseDetails field's value. +func (s *DestinationDetails) SetKinesisFirehoseDetails(v *KinesisFirehoseDestinationDetails) *DestinationDetails { + s.KinesisFirehoseDetails = v + return s +} + type DisassociateGlobalReplicationGroupInput struct { _ struct{} `type:"structure"` @@ -15016,6 +15111,30 @@ func (s *IncreaseReplicaCountOutput) SetReplicationGroup(v *ReplicationGroup) *I return s } +// The configuration details of the Kinesis Data Firehose destination. +type KinesisFirehoseDestinationDetails struct { + _ struct{} `type:"structure"` + + // The name of the Kinesis Data Firehose delivery stream. + DeliveryStream *string `type:"string"` +} + +// String returns the string representation +func (s KinesisFirehoseDestinationDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s KinesisFirehoseDestinationDetails) GoString() string { + return s.String() +} + +// SetDeliveryStream sets the DeliveryStream field's value. +func (s *KinesisFirehoseDestinationDetails) SetDeliveryStream(v string) *KinesisFirehoseDestinationDetails { + s.DeliveryStream = &v + return s +} + // The input parameters for the ListAllowedNodeTypeModifications operation. type ListAllowedNodeTypeModificationsInput struct { _ struct{} `type:"structure"` @@ -15144,6 +15263,138 @@ func (s *ListTagsForResourceInput) SetResourceName(v string) *ListTagsForResourc return s } +// Returns the destination, format and type of the logs. +type LogDeliveryConfiguration struct { + _ struct{} `type:"structure"` + + // Configuration details of either a CloudWatch Logs destination or Kinesis + // Data Firehose destination. + DestinationDetails *DestinationDetails `type:"structure"` + + // Returns the destination type, either cloudwatch-logs or kinesis-firehose. + DestinationType *string `type:"string" enum:"DestinationType"` + + // Returns the log format, either JSON or TEXT. + LogFormat *string `type:"string" enum:"LogFormat"` + + // Refers to slow-log (https://redis.io/commands/slowlog). + LogType *string `type:"string" enum:"LogType"` + + // Returns an error message for the log delivery configuration. + Message *string `type:"string"` + + // Returns the log delivery configuration status. Values are one of enabling + // | disabling | modifying | active | error + Status *string `type:"string" enum:"LogDeliveryConfigurationStatus"` +} + +// String returns the string representation +func (s LogDeliveryConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LogDeliveryConfiguration) GoString() string { + return s.String() +} + +// SetDestinationDetails sets the DestinationDetails field's value. +func (s *LogDeliveryConfiguration) SetDestinationDetails(v *DestinationDetails) *LogDeliveryConfiguration { + s.DestinationDetails = v + return s +} + +// SetDestinationType sets the DestinationType field's value. +func (s *LogDeliveryConfiguration) SetDestinationType(v string) *LogDeliveryConfiguration { + s.DestinationType = &v + return s +} + +// SetLogFormat sets the LogFormat field's value. +func (s *LogDeliveryConfiguration) SetLogFormat(v string) *LogDeliveryConfiguration { + s.LogFormat = &v + return s +} + +// SetLogType sets the LogType field's value. +func (s *LogDeliveryConfiguration) SetLogType(v string) *LogDeliveryConfiguration { + s.LogType = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *LogDeliveryConfiguration) SetMessage(v string) *LogDeliveryConfiguration { + s.Message = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *LogDeliveryConfiguration) SetStatus(v string) *LogDeliveryConfiguration { + s.Status = &v + return s +} + +// Specifies the destination, format and type of the logs. +type LogDeliveryConfigurationRequest struct { + _ struct{} `type:"structure"` + + // Configuration details of either a CloudWatch Logs destination or Kinesis + // Data Firehose destination. + DestinationDetails *DestinationDetails `type:"structure"` + + // Specify either cloudwatch-logs or kinesis-firehose as the destination type. + DestinationType *string `type:"string" enum:"DestinationType"` + + // Specify if log delivery is enabled. Default true. + Enabled *bool `type:"boolean"` + + // Specifies either JSON or TEXT + LogFormat *string `type:"string" enum:"LogFormat"` + + // Refers to slow-log (https://redis.io/commands/slowlog). + LogType *string `type:"string" enum:"LogType"` +} + +// String returns the string representation +func (s LogDeliveryConfigurationRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s LogDeliveryConfigurationRequest) GoString() string { + return s.String() +} + +// SetDestinationDetails sets the DestinationDetails field's value. +func (s *LogDeliveryConfigurationRequest) SetDestinationDetails(v *DestinationDetails) *LogDeliveryConfigurationRequest { + s.DestinationDetails = v + return s +} + +// SetDestinationType sets the DestinationType field's value. +func (s *LogDeliveryConfigurationRequest) SetDestinationType(v string) *LogDeliveryConfigurationRequest { + s.DestinationType = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *LogDeliveryConfigurationRequest) SetEnabled(v bool) *LogDeliveryConfigurationRequest { + s.Enabled = &v + return s +} + +// SetLogFormat sets the LogFormat field's value. +func (s *LogDeliveryConfigurationRequest) SetLogFormat(v string) *LogDeliveryConfigurationRequest { + s.LogFormat = &v + return s +} + +// SetLogType sets the LogType field's value. +func (s *LogDeliveryConfigurationRequest) SetLogType(v string) *LogDeliveryConfigurationRequest { + s.LogType = &v + return s +} + // Represents the input of a ModifyCacheCluster operation. type ModifyCacheClusterInput struct { _ struct{} `type:"structure"` @@ -15247,6 +15498,12 @@ type ModifyCacheClusterInput struct { // it anew with the earlier engine version. EngineVersion *string `type:"string"` + // Specifies the destination, format and type of the logs. + LogDeliveryConfigurations []*LogDeliveryConfigurationRequest `locationNameList:"LogDeliveryConfigurationRequest" type:"list"` + + // + // This option is only supported on Memcached clusters. + // // The list of Availability Zones where the new Memcached cache nodes are created. // // This parameter is only valid when NumCacheNodes in the request is greater @@ -15254,8 +15511,6 @@ type ModifyCacheClusterInput struct { // nodes pending creation (which may be zero). The number of Availability Zones // supplied in this list must match the cache nodes being added in this request. // - // This option is only supported on Memcached clusters. - // // Scenarios: // // * Scenario 1: You have 3 active nodes and wish to add 2 nodes. Specify @@ -15320,7 +15575,7 @@ type ModifyCacheClusterInput struct { // to provide the IDs of the specific cache nodes to remove. // // For clusters running Redis, this value must be 1. For clusters running Memcached, - // this value must be between 1 and 20. + // this value must be between 1 and 40. // // Adding or removing Memcached cache nodes can be applied immediately or as // a pending operation (see ApplyImmediately). @@ -15473,6 +15728,12 @@ func (s *ModifyCacheClusterInput) SetEngineVersion(v string) *ModifyCacheCluster return s } +// SetLogDeliveryConfigurations sets the LogDeliveryConfigurations field's value. +func (s *ModifyCacheClusterInput) SetLogDeliveryConfigurations(v []*LogDeliveryConfigurationRequest) *ModifyCacheClusterInput { + s.LogDeliveryConfigurations = v + return s +} + // SetNewAvailabilityZones sets the NewAvailabilityZones field's value. func (s *ModifyCacheClusterInput) SetNewAvailabilityZones(v []*string) *ModifyCacheClusterInput { s.NewAvailabilityZones = v @@ -15897,6 +16158,9 @@ type ModifyReplicationGroupInput struct { // and create it anew with the earlier engine version. EngineVersion *string `type:"string"` + // Specifies the destination, format and type of the logs. + LogDeliveryConfigurations []*LogDeliveryConfigurationRequest `locationNameList:"LogDeliveryConfigurationRequest" type:"list"` + // A list of tags to be added to this resource. A tag is a key-value pair. A // tag key must be accompanied by a tag value, although null is accepted. MultiAZEnabled *bool `type:"boolean"` @@ -16073,6 +16337,12 @@ func (s *ModifyReplicationGroupInput) SetEngineVersion(v string) *ModifyReplicat return s } +// SetLogDeliveryConfigurations sets the LogDeliveryConfigurations field's value. +func (s *ModifyReplicationGroupInput) SetLogDeliveryConfigurations(v []*LogDeliveryConfigurationRequest) *ModifyReplicationGroupInput { + s.LogDeliveryConfigurations = v + return s +} + // SetMultiAZEnabled sets the MultiAZEnabled field's value. func (s *ModifyReplicationGroupInput) SetMultiAZEnabled(v bool) *ModifyReplicationGroupInput { s.MultiAZEnabled = &v @@ -17269,6 +17539,58 @@ func (s *ParameterNameValue) SetParameterValue(v string) *ParameterNameValue { return s } +// The log delivery configurations being modified +type PendingLogDeliveryConfiguration struct { + _ struct{} `type:"structure"` + + // Configuration details of either a CloudWatch Logs destination or Kinesis + // Data Firehose destination. + DestinationDetails *DestinationDetails `type:"structure"` + + // Returns the destination type, either CloudWatch Logs or Kinesis Data Firehose. + DestinationType *string `type:"string" enum:"DestinationType"` + + // Returns the log format, either JSON or TEXT + LogFormat *string `type:"string" enum:"LogFormat"` + + // Refers to slow-log (https://redis.io/commands/slowlog). + LogType *string `type:"string" enum:"LogType"` +} + +// String returns the string representation +func (s PendingLogDeliveryConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PendingLogDeliveryConfiguration) GoString() string { + return s.String() +} + +// SetDestinationDetails sets the DestinationDetails field's value. +func (s *PendingLogDeliveryConfiguration) SetDestinationDetails(v *DestinationDetails) *PendingLogDeliveryConfiguration { + s.DestinationDetails = v + return s +} + +// SetDestinationType sets the DestinationType field's value. +func (s *PendingLogDeliveryConfiguration) SetDestinationType(v string) *PendingLogDeliveryConfiguration { + s.DestinationType = &v + return s +} + +// SetLogFormat sets the LogFormat field's value. +func (s *PendingLogDeliveryConfiguration) SetLogFormat(v string) *PendingLogDeliveryConfiguration { + s.LogFormat = &v + return s +} + +// SetLogType sets the LogType field's value. +func (s *PendingLogDeliveryConfiguration) SetLogType(v string) *PendingLogDeliveryConfiguration { + s.LogType = &v + return s +} + // A group of settings that are applied to the cluster in the future, or that // are currently being applied. type PendingModifiedValues struct { @@ -17287,10 +17609,13 @@ type PendingModifiedValues struct { // The new cache engine version that the cluster runs. EngineVersion *string `type:"string"` + // The log delivery configurations being modified + LogDeliveryConfigurations []*PendingLogDeliveryConfiguration `locationName:"PendingLogDeliveryConfiguration" type:"list"` + // The new number of cache nodes for the cluster. // // For clusters running Redis, this value must be 1. For clusters running Memcached, - // this value must be between 1 and 20. + // this value must be between 1 and 40. NumCacheNodes *int64 `type:"integer"` } @@ -17328,6 +17653,12 @@ func (s *PendingModifiedValues) SetEngineVersion(v string) *PendingModifiedValue return s } +// SetLogDeliveryConfigurations sets the LogDeliveryConfigurations field's value. +func (s *PendingModifiedValues) SetLogDeliveryConfigurations(v []*PendingLogDeliveryConfiguration) *PendingModifiedValues { + s.LogDeliveryConfigurations = v + return s +} + // SetNumCacheNodes sets the NumCacheNodes field's value. func (s *PendingModifiedValues) SetNumCacheNodes(v int64) *PendingModifiedValues { s.NumCacheNodes = &v @@ -17868,6 +18199,9 @@ type ReplicationGroup struct { // The ID of the KMS key used to encrypt the disk in the cluster. KmsKeyId *string `type:"string"` + // Returns the destination, format and type of the logs. + LogDeliveryConfigurations []*LogDeliveryConfiguration `locationNameList:"LogDeliveryConfiguration" type:"list"` + // The names of all the cache clusters that are part of this replication group. MemberClusters []*string `locationNameList:"ClusterId" type:"list"` @@ -18010,6 +18344,12 @@ func (s *ReplicationGroup) SetKmsKeyId(v string) *ReplicationGroup { return s } +// SetLogDeliveryConfigurations sets the LogDeliveryConfigurations field's value. +func (s *ReplicationGroup) SetLogDeliveryConfigurations(v []*LogDeliveryConfiguration) *ReplicationGroup { + s.LogDeliveryConfigurations = v + return s +} + // SetMemberClusters sets the MemberClusters field's value. func (s *ReplicationGroup) SetMemberClusters(v []*string) *ReplicationGroup { s.MemberClusters = v @@ -18093,6 +18433,9 @@ type ReplicationGroupPendingModifiedValues struct { // Indicates the status of automatic failover for this Redis replication group. AutomaticFailoverStatus *string `type:"string" enum:"PendingAutomaticFailoverStatus"` + // The log delivery configurations being modified + LogDeliveryConfigurations []*PendingLogDeliveryConfiguration `locationName:"PendingLogDeliveryConfiguration" type:"list"` + // The primary cluster ID that is applied immediately (if --apply-immediately // was specified), or during the next maintenance window. PrimaryClusterId *string `type:"string"` @@ -18126,6 +18469,12 @@ func (s *ReplicationGroupPendingModifiedValues) SetAutomaticFailoverStatus(v str return s } +// SetLogDeliveryConfigurations sets the LogDeliveryConfigurations field's value. +func (s *ReplicationGroupPendingModifiedValues) SetLogDeliveryConfigurations(v []*PendingLogDeliveryConfiguration) *ReplicationGroupPendingModifiedValues { + s.LogDeliveryConfigurations = v + return s +} + // SetPrimaryClusterId sets the PrimaryClusterId field's value. func (s *ReplicationGroupPendingModifiedValues) SetPrimaryClusterId(v string) *ReplicationGroupPendingModifiedValues { s.PrimaryClusterId = &v @@ -18961,7 +19310,7 @@ type Snapshot struct { // The number of cache nodes in the source cluster. // // For clusters running Redis, this value must be 1. For clusters running Memcached, - // this value must be between 1 and 20. + // this value must be between 1 and 40. NumCacheNodes *int64 `type:"integer"` // The number of node groups (shards) in this snapshot. When restoring from @@ -20109,6 +20458,78 @@ func ChangeType_Values() []string { } } +const ( + // DestinationTypeCloudwatchLogs is a DestinationType enum value + DestinationTypeCloudwatchLogs = "cloudwatch-logs" + + // DestinationTypeKinesisFirehose is a DestinationType enum value + DestinationTypeKinesisFirehose = "kinesis-firehose" +) + +// DestinationType_Values returns all elements of the DestinationType enum +func DestinationType_Values() []string { + return []string{ + DestinationTypeCloudwatchLogs, + DestinationTypeKinesisFirehose, + } +} + +const ( + // LogDeliveryConfigurationStatusActive is a LogDeliveryConfigurationStatus enum value + LogDeliveryConfigurationStatusActive = "active" + + // LogDeliveryConfigurationStatusEnabling is a LogDeliveryConfigurationStatus enum value + LogDeliveryConfigurationStatusEnabling = "enabling" + + // LogDeliveryConfigurationStatusModifying is a LogDeliveryConfigurationStatus enum value + LogDeliveryConfigurationStatusModifying = "modifying" + + // LogDeliveryConfigurationStatusDisabling is a LogDeliveryConfigurationStatus enum value + LogDeliveryConfigurationStatusDisabling = "disabling" + + // LogDeliveryConfigurationStatusError is a LogDeliveryConfigurationStatus enum value + LogDeliveryConfigurationStatusError = "error" +) + +// LogDeliveryConfigurationStatus_Values returns all elements of the LogDeliveryConfigurationStatus enum +func LogDeliveryConfigurationStatus_Values() []string { + return []string{ + LogDeliveryConfigurationStatusActive, + LogDeliveryConfigurationStatusEnabling, + LogDeliveryConfigurationStatusModifying, + LogDeliveryConfigurationStatusDisabling, + LogDeliveryConfigurationStatusError, + } +} + +const ( + // LogFormatText is a LogFormat enum value + LogFormatText = "text" + + // LogFormatJson is a LogFormat enum value + LogFormatJson = "json" +) + +// LogFormat_Values returns all elements of the LogFormat enum +func LogFormat_Values() []string { + return []string{ + LogFormatText, + LogFormatJson, + } +} + +const ( + // LogTypeSlowLog is a LogType enum value + LogTypeSlowLog = "slow-log" +) + +// LogType_Values returns all elements of the LogType enum +func LogType_Values() []string { + return []string{ + LogTypeSlowLog, + } +} + const ( // MultiAZStatusEnabled is a MultiAZStatus enum value MultiAZStatusEnabled = "enabled" diff --git a/service/forecastservice/api.go b/service/forecastservice/api.go index 5b50f631798..2fb63fc9ce8 100644 --- a/service/forecastservice/api.go +++ b/service/forecastservice/api.go @@ -6057,6 +6057,9 @@ type DescribeDatasetImportJobOutput struct { // The name of the dataset import job. DatasetImportJobName *string `min:"1" type:"string"` + // The estimated time in minutes for the dataset import job to complete. + EstimatedTimeRemainingInMinutes *int64 `type:"long"` + // Statistical information about each field in the input data. FieldStatistics map[string]*Statistics `type:"map"` @@ -6154,6 +6157,12 @@ func (s *DescribeDatasetImportJobOutput) SetDatasetImportJobName(v string) *Desc return s } +// SetEstimatedTimeRemainingInMinutes sets the EstimatedTimeRemainingInMinutes field's value. +func (s *DescribeDatasetImportJobOutput) SetEstimatedTimeRemainingInMinutes(v int64) *DescribeDatasetImportJobOutput { + s.EstimatedTimeRemainingInMinutes = &v + return s +} + // SetFieldStatistics sets the FieldStatistics field's value. func (s *DescribeDatasetImportJobOutput) SetFieldStatistics(v map[string]*Statistics) *DescribeDatasetImportJobOutput { s.FieldStatistics = v @@ -6564,6 +6573,9 @@ type DescribeForecastOutput struct { // The ARN of the dataset group that provided the data used to train the predictor. DatasetGroupArn *string `type:"string"` + // The estimated time in minutes for the forecast job to complete. + EstimatedTimeRemainingInMinutes *int64 `type:"long"` + // The forecast ARN as specified in the request. ForecastArn *string `type:"string"` @@ -6630,6 +6642,12 @@ func (s *DescribeForecastOutput) SetDatasetGroupArn(v string) *DescribeForecastO return s } +// SetEstimatedTimeRemainingInMinutes sets the EstimatedTimeRemainingInMinutes field's value. +func (s *DescribeForecastOutput) SetEstimatedTimeRemainingInMinutes(v int64) *DescribeForecastOutput { + s.EstimatedTimeRemainingInMinutes = &v + return s +} + // SetForecastArn sets the ForecastArn field's value. func (s *DescribeForecastOutput) SetForecastArn(v string) *DescribeForecastOutput { s.ForecastArn = &v @@ -6876,6 +6894,9 @@ type DescribePredictorOutput struct { // (IAM) role that Amazon Forecast can assume to access the key. EncryptionConfig *EncryptionConfig `type:"structure"` + // The estimated time in minutes for the predictor training job to complete. + EstimatedTimeRemainingInMinutes *int64 `type:"long"` + // Used to override the default evaluation parameters of the specified algorithm. // Amazon Forecast evaluates a predictor by splitting a dataset into training // data and testing data. The evaluation parameters define how to perform the @@ -6993,6 +7014,12 @@ func (s *DescribePredictorOutput) SetEncryptionConfig(v *EncryptionConfig) *Desc return s } +// SetEstimatedTimeRemainingInMinutes sets the EstimatedTimeRemainingInMinutes field's value. +func (s *DescribePredictorOutput) SetEstimatedTimeRemainingInMinutes(v int64) *DescribePredictorOutput { + s.EstimatedTimeRemainingInMinutes = &v + return s +} + // SetEvaluationParameters sets the EvaluationParameters field's value. func (s *DescribePredictorOutput) SetEvaluationParameters(v *EvaluationParameters) *DescribePredictorOutput { s.EvaluationParameters = v diff --git a/service/securityhub/api.go b/service/securityhub/api.go index 341958d3cc1..d8eb4fdb240 100644 --- a/service/securityhub/api.go +++ b/service/securityhub/api.go @@ -13,6 +13,110 @@ import ( "github.com/aws/aws-sdk-go/private/protocol/restjson" ) +const opAcceptAdministratorInvitation = "AcceptAdministratorInvitation" + +// AcceptAdministratorInvitationRequest generates a "aws/request.Request" representing the +// client's request for the AcceptAdministratorInvitation operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AcceptAdministratorInvitation for more information on using the AcceptAdministratorInvitation +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the AcceptAdministratorInvitationRequest method. +// req, resp := client.AcceptAdministratorInvitationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AcceptAdministratorInvitation +func (c *SecurityHub) AcceptAdministratorInvitationRequest(input *AcceptAdministratorInvitationInput) (req *request.Request, output *AcceptAdministratorInvitationOutput) { + op := &request.Operation{ + Name: opAcceptAdministratorInvitation, + HTTPMethod: "POST", + HTTPPath: "/administrator", + } + + if input == nil { + input = &AcceptAdministratorInvitationInput{} + } + + output = &AcceptAdministratorInvitationOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// AcceptAdministratorInvitation API operation for AWS SecurityHub. +// +// Accepts the invitation to be a member account and be monitored by the Security +// Hub administrator account that the invitation was sent from. +// +// This operation is only used by member accounts that are not added through +// Organizations. +// +// When the member account accepts the invitation, permission is granted to +// the administrator account to view findings generated in the member account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation AcceptAdministratorInvitation for usage and error information. +// +// Returned Error Types: +// * InternalException +// Internal server error. +// +// * InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// * LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current AWS account or throttling limits. The error code describes the +// limit exceeded. +// +// * ResourceNotFoundException +// The request was rejected because we can't find the specified resource. +// +// * InvalidAccessException +// There is an issue with the account used to make the request. Either Security +// Hub is not enabled for the account, or the account does not have permission +// to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AcceptAdministratorInvitation +func (c *SecurityHub) AcceptAdministratorInvitation(input *AcceptAdministratorInvitationInput) (*AcceptAdministratorInvitationOutput, error) { + req, out := c.AcceptAdministratorInvitationRequest(input) + return out, req.Send() +} + +// AcceptAdministratorInvitationWithContext is the same as AcceptAdministratorInvitation with the addition of +// the ability to pass a context and additional request options. +// +// See AcceptAdministratorInvitation for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) AcceptAdministratorInvitationWithContext(ctx aws.Context, input *AcceptAdministratorInvitationInput, opts ...request.Option) (*AcceptAdministratorInvitationOutput, error) { + req, out := c.AcceptAdministratorInvitationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opAcceptInvitation = "AcceptInvitation" // AcceptInvitationRequest generates a "aws/request.Request" representing the @@ -39,7 +143,12 @@ const opAcceptInvitation = "AcceptInvitation" // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AcceptInvitation +// +// Deprecated: This API has been deprecated, use AcceptAdministratorInvitation API instead. func (c *SecurityHub) AcceptInvitationRequest(input *AcceptInvitationInput) (req *request.Request, output *AcceptInvitationOutput) { + if c.Client.Config.Logger != nil { + c.Client.Config.Logger.Log("This operation, AcceptInvitation, has been deprecated") + } op := &request.Operation{ Name: opAcceptInvitation, HTTPMethod: "POST", @@ -58,14 +167,16 @@ func (c *SecurityHub) AcceptInvitationRequest(input *AcceptInvitationInput) (req // AcceptInvitation API operation for AWS SecurityHub. // +// This method is deprecated. Instead, use AcceptAdministratorInvitation. +// // Accepts the invitation to be a member account and be monitored by the Security -// Hub master account that the invitation was sent from. +// Hub administrator account that the invitation was sent from. // // This operation is only used by member accounts that are not added through // Organizations. // // When the member account accepts the invitation, permission is granted to -// the master account to view findings generated in the member account. +// the administrator account to view findings generated in the member account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -96,6 +207,8 @@ func (c *SecurityHub) AcceptInvitationRequest(input *AcceptInvitationInput) (req // to perform this action. // // See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/AcceptInvitation +// +// Deprecated: This API has been deprecated, use AcceptAdministratorInvitation API instead. func (c *SecurityHub) AcceptInvitation(input *AcceptInvitationInput) (*AcceptInvitationOutput, error) { req, out := c.AcceptInvitationRequest(input) return out, req.Send() @@ -110,6 +223,8 @@ func (c *SecurityHub) AcceptInvitation(input *AcceptInvitationInput) (*AcceptInv // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. +// +// Deprecated: This API has been deprecated, use AcceptAdministratorInvitation API instead. func (c *SecurityHub) AcceptInvitationWithContext(ctx aws.Context, input *AcceptInvitationInput, opts ...request.Option) (*AcceptInvitationOutput, error) { req, out := c.AcceptInvitationRequest(input) req.SetContext(ctx) @@ -481,15 +596,15 @@ func (c *SecurityHub) BatchUpdateFindingsRequest(input *BatchUpdateFindingsInput // BatchUpdateFindings API operation for AWS SecurityHub. // // Used by Security Hub customers to update information about their investigation -// into a finding. Requested by master accounts or member accounts. Master accounts -// can update findings for their account and their member accounts. Member accounts -// can update findings for their account. +// into a finding. Requested by administrator accounts or member accounts. Administrator +// accounts can update findings for their account and their member accounts. +// Member accounts can update findings for their account. // // Updates from BatchUpdateFindings do not affect the value of UpdatedAt for // a finding. // -// Master and member accounts can use BatchUpdateFindings to update the following -// finding fields and objects. +// Administrator and member accounts can use BatchUpdateFindings to update the +// following finding fields and objects. // // * Confidence // @@ -805,10 +920,9 @@ func (c *SecurityHub) CreateMembersRequest(input *CreateMembersInput) (req *requ // CreateMembers API operation for AWS SecurityHub. // // Creates a member association in Security Hub between the specified accounts -// and the account used to make the request, which is the master account. If -// you are integrated with Organizations, then the master account is the Security -// Hub administrator account that is designated by the organization management -// account. +// and the account used to make the request, which is the administrator account. +// If you are integrated with Organizations, then the administrator account +// is designated by the organization management account. // // CreateMembers is always used to add accounts that are not organization members. // @@ -831,12 +945,13 @@ func (c *SecurityHub) CreateMembersRequest(input *CreateMembersInput) (req *requ // Accounts that are part of an organization do not receive an invitation. They // automatically become a member account in Security Hub. // -// A permissions policy is added that permits the master account to view the -// findings generated in the member account. When Security Hub is enabled in -// a member account, findings are sent to both the member and master accounts. +// A permissions policy is added that permits the administrator account to view +// the findings generated in the member account. When Security Hub is enabled +// in a member account, the member account findings are also visible to the +// administrator account. // -// To remove the association between the master and member accounts, use the -// DisassociateFromMasterAccount or DisassociateMembers operation. +// To remove the association between the administrator and member accounts, +// use the DisassociateFromMasterAccount or DisassociateMembers operation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2411,12 +2526,12 @@ func (c *SecurityHub) DisableSecurityHubRequest(input *DisableSecurityHubInput) // Security Hub in all Regions, you must submit one request per Region where // you have enabled Security Hub. // -// When you disable Security Hub for a master account, it doesn't disable Security -// Hub for any associated member accounts. +// When you disable Security Hub for an administrator account, it doesn't disable +// Security Hub for any associated member accounts. // // When you disable Security Hub, your existing findings and insights and any // Security Hub configuration settings are deleted after 90 days and cannot -// be recovered. Any standards that were enabled are disabled, and your master +// be recovered. Any standards that were enabled are disabled, and your administrator // and member account associations are removed. // // If you want to save your existing findings, you must export them before you @@ -2468,6 +2583,108 @@ func (c *SecurityHub) DisableSecurityHubWithContext(ctx aws.Context, input *Disa return out, req.Send() } +const opDisassociateFromAdministratorAccount = "DisassociateFromAdministratorAccount" + +// DisassociateFromAdministratorAccountRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateFromAdministratorAccount operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisassociateFromAdministratorAccount for more information on using the DisassociateFromAdministratorAccount +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisassociateFromAdministratorAccountRequest method. +// req, resp := client.DisassociateFromAdministratorAccountRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromAdministratorAccount +func (c *SecurityHub) DisassociateFromAdministratorAccountRequest(input *DisassociateFromAdministratorAccountInput) (req *request.Request, output *DisassociateFromAdministratorAccountOutput) { + op := &request.Operation{ + Name: opDisassociateFromAdministratorAccount, + HTTPMethod: "POST", + HTTPPath: "/administrator/disassociate", + } + + if input == nil { + input = &DisassociateFromAdministratorAccountInput{} + } + + output = &DisassociateFromAdministratorAccountOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DisassociateFromAdministratorAccount API operation for AWS SecurityHub. +// +// Disassociates the current Security Hub member account from the associated +// administrator account. +// +// This operation is only used by accounts that are not part of an organization. +// For organization accounts, only the administrator account can disassociate +// a member account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation DisassociateFromAdministratorAccount for usage and error information. +// +// Returned Error Types: +// * InternalException +// Internal server error. +// +// * InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// * InvalidAccessException +// There is an issue with the account used to make the request. Either Security +// Hub is not enabled for the account, or the account does not have permission +// to perform this action. +// +// * LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current AWS account or throttling limits. The error code describes the +// limit exceeded. +// +// * ResourceNotFoundException +// The request was rejected because we can't find the specified resource. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromAdministratorAccount +func (c *SecurityHub) DisassociateFromAdministratorAccount(input *DisassociateFromAdministratorAccountInput) (*DisassociateFromAdministratorAccountOutput, error) { + req, out := c.DisassociateFromAdministratorAccountRequest(input) + return out, req.Send() +} + +// DisassociateFromAdministratorAccountWithContext is the same as DisassociateFromAdministratorAccount with the addition of +// the ability to pass a context and additional request options. +// +// See DisassociateFromAdministratorAccount for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) DisassociateFromAdministratorAccountWithContext(ctx aws.Context, input *DisassociateFromAdministratorAccountInput, opts ...request.Option) (*DisassociateFromAdministratorAccountOutput, error) { + req, out := c.DisassociateFromAdministratorAccountRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisassociateFromMasterAccount = "DisassociateFromMasterAccount" // DisassociateFromMasterAccountRequest generates a "aws/request.Request" representing the @@ -2494,7 +2711,12 @@ const opDisassociateFromMasterAccount = "DisassociateFromMasterAccount" // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromMasterAccount +// +// Deprecated: This API has been deprecated, use DisassociateFromAdministratorAccount API instead. func (c *SecurityHub) DisassociateFromMasterAccountRequest(input *DisassociateFromMasterAccountInput) (req *request.Request, output *DisassociateFromMasterAccountOutput) { + if c.Client.Config.Logger != nil { + c.Client.Config.Logger.Log("This operation, DisassociateFromMasterAccount, has been deprecated") + } op := &request.Operation{ Name: opDisassociateFromMasterAccount, HTTPMethod: "POST", @@ -2513,12 +2735,14 @@ func (c *SecurityHub) DisassociateFromMasterAccountRequest(input *DisassociateFr // DisassociateFromMasterAccount API operation for AWS SecurityHub. // +// This method is deprecated. Instead, use DisassociateFromAdministratorAccount. +// // Disassociates the current Security Hub member account from the associated -// master account. +// administrator account. // // This operation is only used by accounts that are not part of an organization. -// For organization accounts, only the master account (the designated Security -// Hub administrator) can disassociate a member account. +// For organization accounts, only the administrator account can disassociate +// a member account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2549,6 +2773,8 @@ func (c *SecurityHub) DisassociateFromMasterAccountRequest(input *DisassociateFr // The request was rejected because we can't find the specified resource. // // See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/DisassociateFromMasterAccount +// +// Deprecated: This API has been deprecated, use DisassociateFromAdministratorAccount API instead. func (c *SecurityHub) DisassociateFromMasterAccount(input *DisassociateFromMasterAccountInput) (*DisassociateFromMasterAccountOutput, error) { req, out := c.DisassociateFromMasterAccountRequest(input) return out, req.Send() @@ -2563,6 +2789,8 @@ func (c *SecurityHub) DisassociateFromMasterAccount(input *DisassociateFromMaste // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. +// +// Deprecated: This API has been deprecated, use DisassociateFromAdministratorAccount API instead. func (c *SecurityHub) DisassociateFromMasterAccountWithContext(ctx aws.Context, input *DisassociateFromMasterAccountInput, opts ...request.Option) (*DisassociateFromMasterAccountOutput, error) { req, out := c.DisassociateFromMasterAccountRequest(input) req.SetContext(ctx) @@ -2615,10 +2843,11 @@ func (c *SecurityHub) DisassociateMembersRequest(input *DisassociateMembersInput // DisassociateMembers API operation for AWS SecurityHub. // -// Disassociates the specified member accounts from the associated master account. +// Disassociates the specified member accounts from the associated administrator +// account. // -// Can be used to disassociate both accounts that are in an organization and -// accounts that were invited manually. +// Can be used to disassociate both accounts that are managed using Organizations +// and accounts that were invited manually. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2985,6 +3214,106 @@ func (c *SecurityHub) EnableSecurityHubWithContext(ctx aws.Context, input *Enabl return out, req.Send() } +const opGetAdministratorAccount = "GetAdministratorAccount" + +// GetAdministratorAccountRequest generates a "aws/request.Request" representing the +// client's request for the GetAdministratorAccount operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetAdministratorAccount for more information on using the GetAdministratorAccount +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetAdministratorAccountRequest method. +// req, resp := client.GetAdministratorAccountRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetAdministratorAccount +func (c *SecurityHub) GetAdministratorAccountRequest(input *GetAdministratorAccountInput) (req *request.Request, output *GetAdministratorAccountOutput) { + op := &request.Operation{ + Name: opGetAdministratorAccount, + HTTPMethod: "GET", + HTTPPath: "/administrator", + } + + if input == nil { + input = &GetAdministratorAccountInput{} + } + + output = &GetAdministratorAccountOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetAdministratorAccount API operation for AWS SecurityHub. +// +// Provides the details for the Security Hub administrator account for the current +// member account. +// +// Can be used by both member accounts that are managed using Organizations +// and accounts that were invited manually. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS SecurityHub's +// API operation GetAdministratorAccount for usage and error information. +// +// Returned Error Types: +// * InternalException +// Internal server error. +// +// * InvalidInputException +// The request was rejected because you supplied an invalid or out-of-range +// value for an input parameter. +// +// * InvalidAccessException +// There is an issue with the account used to make the request. Either Security +// Hub is not enabled for the account, or the account does not have permission +// to perform this action. +// +// * LimitExceededException +// The request was rejected because it attempted to create resources beyond +// the current AWS account or throttling limits. The error code describes the +// limit exceeded. +// +// * ResourceNotFoundException +// The request was rejected because we can't find the specified resource. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetAdministratorAccount +func (c *SecurityHub) GetAdministratorAccount(input *GetAdministratorAccountInput) (*GetAdministratorAccountOutput, error) { + req, out := c.GetAdministratorAccountRequest(input) + return out, req.Send() +} + +// GetAdministratorAccountWithContext is the same as GetAdministratorAccount with the addition of +// the ability to pass a context and additional request options. +// +// See GetAdministratorAccount for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *SecurityHub) GetAdministratorAccountWithContext(ctx aws.Context, input *GetAdministratorAccountInput, opts ...request.Option) (*GetAdministratorAccountOutput, error) { + req, out := c.GetAdministratorAccountRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetEnabledStandards = "GetEnabledStandards" // GetEnabledStandardsRequest generates a "aws/request.Request" representing the @@ -3657,7 +3986,12 @@ const opGetMasterAccount = "GetMasterAccount" // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetMasterAccount +// +// Deprecated: This API has been deprecated, use GetAdministratorAccount API instead. func (c *SecurityHub) GetMasterAccountRequest(input *GetMasterAccountInput) (req *request.Request, output *GetMasterAccountOutput) { + if c.Client.Config.Logger != nil { + c.Client.Config.Logger.Log("This operation, GetMasterAccount, has been deprecated") + } op := &request.Operation{ Name: opGetMasterAccount, HTTPMethod: "GET", @@ -3675,11 +4009,13 @@ func (c *SecurityHub) GetMasterAccountRequest(input *GetMasterAccountInput) (req // GetMasterAccount API operation for AWS SecurityHub. // -// Provides the details for the Security Hub master account for the current +// This method is deprecated. Instead, use GetAdministratorAccount. +// +// Provides the details for the Security Hub administrator account for the current // member account. // -// Can be used by both member accounts that are in an organization and accounts -// that were invited manually. +// Can be used by both member accounts that are managed using Organizations +// and accounts that were invited manually. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3710,6 +4046,8 @@ func (c *SecurityHub) GetMasterAccountRequest(input *GetMasterAccountInput) (req // The request was rejected because we can't find the specified resource. // // See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/GetMasterAccount +// +// Deprecated: This API has been deprecated, use GetAdministratorAccount API instead. func (c *SecurityHub) GetMasterAccount(input *GetMasterAccountInput) (*GetMasterAccountOutput, error) { req, out := c.GetMasterAccountRequest(input) return out, req.Send() @@ -3724,6 +4062,8 @@ func (c *SecurityHub) GetMasterAccount(input *GetMasterAccountInput) (*GetMaster // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. +// +// Deprecated: This API has been deprecated, use GetAdministratorAccount API instead. func (c *SecurityHub) GetMasterAccountWithContext(ctx aws.Context, input *GetMasterAccountInput, opts ...request.Option) (*GetMasterAccountOutput, error) { req, out := c.GetMasterAccountRequest(input) req.SetContext(ctx) @@ -3778,11 +4118,12 @@ func (c *SecurityHub) GetMembersRequest(input *GetMembersInput) (req *request.Re // Returns the details for the Security Hub member accounts for the specified // account IDs. // -// A master account can be either a delegated Security Hub administrator account -// for an organization or a master account that enabled Security Hub manually. +// An administrator account can be either the delegated Security Hub administrator +// account for an organization or an administrator account that enabled Security +// Hub manually. // -// The results include both member accounts that are in an organization and -// accounts that were invited manually. +// The results include both member accounts that are managed using Organizations +// and accounts that were invited manually. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3879,7 +4220,7 @@ func (c *SecurityHub) InviteMembersRequest(input *InviteMembersInput) (req *requ // InviteMembers API operation for AWS SecurityHub. // // Invites other AWS accounts to become member accounts for the Security Hub -// master account that the invitation is sent from. +// administrator account that the invitation is sent from. // // This operation is only used to invite accounts that do not belong to an organization. // Organization accounts do not receive invitations. @@ -3888,8 +4229,8 @@ func (c *SecurityHub) InviteMembersRequest(input *InviteMembersInput) (req *requ // CreateMembers action to create the member account in Security Hub. // // When the account owner enables Security Hub and accepts the invitation to -// become a member account, the master account can view the findings generated -// from the member account. +// become a member account, the administrator account can view the findings +// generated from the member account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4142,8 +4483,9 @@ func (c *SecurityHub) ListInvitationsRequest(input *ListInvitationsInput) (req * // Lists all Security Hub membership invitations that were sent to the current // AWS account. // -// This operation is only used by accounts that do not belong to an organization. -// Organization accounts do not receive invitations. +// This operation is only used by accounts that are managed by invitation. Accounts +// that are managed using the integration with AWS Organizations do not receive +// invitations. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4294,7 +4636,7 @@ func (c *SecurityHub) ListMembersRequest(input *ListMembersInput) (req *request. // ListMembers API operation for AWS SecurityHub. // -// Lists details about all member accounts for the current Security Hub master +// Lists details about all member accounts for the current Security Hub administrator // account. // // The results include both member accounts that belong to an organization and @@ -5389,15 +5731,83 @@ func (c *SecurityHub) UpdateStandardsControlWithContext(ctx aws.Context, input * return out, req.Send() } +type AcceptAdministratorInvitationInput struct { + _ struct{} `type:"structure"` + + // The account ID of the Security Hub administrator account that sent the invitation. + // + // AdministratorId is a required field + AdministratorId *string `type:"string" required:"true"` + + // The identifier of the invitation sent from the Security Hub administrator + // account. + // + // InvitationId is a required field + InvitationId *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s AcceptAdministratorInvitationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AcceptAdministratorInvitationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AcceptAdministratorInvitationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AcceptAdministratorInvitationInput"} + if s.AdministratorId == nil { + invalidParams.Add(request.NewErrParamRequired("AdministratorId")) + } + if s.InvitationId == nil { + invalidParams.Add(request.NewErrParamRequired("InvitationId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAdministratorId sets the AdministratorId field's value. +func (s *AcceptAdministratorInvitationInput) SetAdministratorId(v string) *AcceptAdministratorInvitationInput { + s.AdministratorId = &v + return s +} + +// SetInvitationId sets the InvitationId field's value. +func (s *AcceptAdministratorInvitationInput) SetInvitationId(v string) *AcceptAdministratorInvitationInput { + s.InvitationId = &v + return s +} + +type AcceptAdministratorInvitationOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s AcceptAdministratorInvitationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AcceptAdministratorInvitationOutput) GoString() string { + return s.String() +} + type AcceptInvitationInput struct { _ struct{} `type:"structure"` - // The ID of the invitation sent from the Security Hub master account. + // The identifier of the invitation sent from the Security Hub administrator + // account. // // InvitationId is a required field InvitationId *string `type:"string" required:"true"` - // The account ID of the Security Hub master account that sent the invitation. + // The account ID of the Security Hub administrator account that sent the invitation. // // MasterId is a required field MasterId *string `type:"string" required:"true"` @@ -19922,8 +20332,9 @@ func (s *CreateInsightOutput) SetInsightArn(v string) *CreateInsightOutput { type CreateMembersInput struct { _ struct{} `type:"structure"` - // The list of accounts to associate with the Security Hub master account. For - // each account, the list includes the account ID and optionally the email address. + // The list of accounts to associate with the Security Hub administrator account. + // For each account, the list includes the account ID and optionally the email + // address. // // AccountDetails is a required field AccountDetails []*AccountDetails `type:"list" required:"true"` @@ -21165,6 +21576,34 @@ func (s DisableSecurityHubOutput) GoString() string { return s.String() } +type DisassociateFromAdministratorAccountInput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DisassociateFromAdministratorAccountInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateFromAdministratorAccountInput) GoString() string { + return s.String() +} + +type DisassociateFromAdministratorAccountOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DisassociateFromAdministratorAccountOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DisassociateFromAdministratorAccountOutput) GoString() string { + return s.String() +} + type DisassociateFromMasterAccountInput struct { _ struct{} `type:"structure"` } @@ -21196,7 +21635,8 @@ func (s DisassociateFromMasterAccountOutput) GoString() string { type DisassociateMembersInput struct { _ struct{} `type:"structure"` - // The account IDs of the member accounts to disassociate from the master account. + // The account IDs of the member accounts to disassociate from the administrator + // account. // // AccountIds is a required field AccountIds []*string `type:"list" required:"true"` @@ -21623,6 +22063,43 @@ func (s *GeoLocation) SetLon(v float64) *GeoLocation { return s } +type GetAdministratorAccountInput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s GetAdministratorAccountInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetAdministratorAccountInput) GoString() string { + return s.String() +} + +type GetAdministratorAccountOutput struct { + _ struct{} `type:"structure"` + + // Details about an invitation. + Administrator *Invitation `type:"structure"` +} + +// String returns the string representation +func (s GetAdministratorAccountOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetAdministratorAccountOutput) GoString() string { + return s.String() +} + +// SetAdministrator sets the Administrator field's value. +func (s *GetAdministratorAccountOutput) SetAdministrator(v *Invitation) *GetAdministratorAccountOutput { + s.Administrator = v + return s +} + type GetEnabledStandardsInput struct { _ struct{} `type:"structure"` @@ -22040,8 +22517,8 @@ func (s GetMasterAccountInput) GoString() string { type GetMasterAccountOutput struct { _ struct{} `type:"structure"` - // A list of details about the Security Hub master account for the current member - // account. + // A list of details about the Security Hub administrator account for the current + // member account. Master *Invitation `type:"structure"` } @@ -22515,8 +22992,8 @@ func (s *InvalidInputException) RequestID() string { type Invitation struct { _ struct{} `type:"structure"` - // The account ID of the Security Hub master account that the invitation was - // sent from. + // The account ID of the Security Hub administrator account that the invitation + // was sent from. AccountId *string `type:"string"` // The ID of the invitation sent to the member account. @@ -22525,7 +23002,8 @@ type Invitation struct { // The timestamp of when the invitation was sent. InvitedAt *time.Time `type:"timestamp" timestampFormat:"iso8601"` - // The current status of the association between the member and master accounts. + // The current status of the association between the member and administrator + // accounts. MemberStatus *string `type:"string"` } @@ -23003,10 +23481,11 @@ type ListMembersInput struct { NextToken *string `location:"querystring" locationName:"NextToken" type:"string"` // Specifies which member accounts to include in the response based on their - // relationship status with the master account. The default value is TRUE. + // relationship status with the administrator account. The default value is + // TRUE. // // If OnlyAssociated is set to TRUE, the response includes member accounts whose - // relationship status with the master is set to ENABLED. + // relationship status with the administrator account is set to ENABLED. // // If OnlyAssociated is set to FALSE, the response includes all existing member // accounts. @@ -23405,6 +23884,10 @@ type Member struct { // The AWS account ID of the member account. AccountId *string `type:"string"` + // The AWS account ID of the Security Hub administrator account associated with + // this member account. + AdministratorId *string `type:"string"` + // The email address of the member account. Email *string `type:"string"` @@ -23412,32 +23895,37 @@ type Member struct { // account. InvitedAt *time.Time `type:"timestamp" timestampFormat:"iso8601"` - // The AWS account ID of the Security Hub master account associated with this - // member account. - MasterId *string `type:"string"` + // This is replaced by AdministratorID. + // + // The AWS account ID of the Security Hub administrator account associated with + // this member account. + // + // Deprecated: This field is deprecated, use AdministratorId instead. + MasterId *string `deprecated:"true" type:"string"` - // The status of the relationship between the member account and its master + // The status of the relationship between the member account and its administrator // account. // // The status can have one of the following values: // - // * CREATED - Indicates that the master account added the member account, - // but has not yet invited the member account. + // * CREATED - Indicates that the administrator account added the member + // account, but has not yet invited the member account. // - // * INVITED - Indicates that the master account invited the member account. - // The member account has not yet responded to the invitation. + // * INVITED - Indicates that the administrator account invited the member + // account. The member account has not yet responded to the invitation. // // * ENABLED - Indicates that the member account is currently active. For // manually invited member accounts, indicates that the member account accepted // the invitation. // - // * REMOVED - Indicates that the master account disassociated the member - // account. + // * REMOVED - Indicates that the administrator account disassociated the + // member account. // // * RESIGNED - Indicates that the member account disassociated themselves - // from the master account. + // from the administrator account. // - // * DELETED - Indicates that the master account deleted the member account. + // * DELETED - Indicates that the administrator account deleted the member + // account. MemberStatus *string `type:"string"` // The timestamp for the date and time when the member account was updated. @@ -23460,6 +23948,12 @@ func (s *Member) SetAccountId(v string) *Member { return s } +// SetAdministratorId sets the AdministratorId field's value. +func (s *Member) SetAdministratorId(v string) *Member { + s.AdministratorId = &v + return s +} + // SetEmail sets the Email field's value. func (s *Member) SetEmail(v string) *Member { s.Email = &v @@ -24428,7 +24922,8 @@ func (s *ProcessDetails) SetTerminatedAt(v string) *ProcessDetails { type Product struct { _ struct{} `type:"structure"` - // The URL used to activate the product. + // The URL to the service or product documentation about the integration with + // Security Hub, including how to activate the integration. ActivationUrl *string `type:"string"` // The categories assigned to the product. @@ -24443,14 +24938,22 @@ type Product struct { // The types of integration that the product supports. Available values are // the following. // - // * SEND_FINDINGS_TO_SECURITY_HUB - Indicates that the integration sends - // findings to Security Hub. + // * SEND_FINDINGS_TO_SECURITY_HUB - The integration sends findings to Security + // Hub. + // + // * RECEIVE_FINDINGS_FROM_SECURITY_HUB - The integration receives findings + // from Security Hub. // - // * RECEIVE_FINDINGS_FROM_SECURITY_HUB - Indicates that the integration - // receives findings from Security Hub. + // * UPDATE_FINDINGS_IN_SECURITY_HUB - The integration does not send new + // findings to Security Hub, but does make updates to the findings that it + // receives from Security Hub. IntegrationTypes []*string `type:"list"` - // The URL for the page that contains more information about the product. + // For integrations with AWS services, the AWS Console URL from which to activate + // the service. + // + // For integrations with third-party products, the AWS Marketplace URL from + // which to subscribe to or purchase the product. MarketplaceUrl *string `type:"string"` // The ARN assigned to the product. @@ -27243,6 +27746,9 @@ const ( // IntegrationTypeReceiveFindingsFromSecurityHub is a IntegrationType enum value IntegrationTypeReceiveFindingsFromSecurityHub = "RECEIVE_FINDINGS_FROM_SECURITY_HUB" + + // IntegrationTypeUpdateFindingsInSecurityHub is a IntegrationType enum value + IntegrationTypeUpdateFindingsInSecurityHub = "UPDATE_FINDINGS_IN_SECURITY_HUB" ) // IntegrationType_Values returns all elements of the IntegrationType enum @@ -27250,6 +27756,7 @@ func IntegrationType_Values() []string { return []string{ IntegrationTypeSendFindingsToSecurityHub, IntegrationTypeReceiveFindingsFromSecurityHub, + IntegrationTypeUpdateFindingsInSecurityHub, } } diff --git a/service/securityhub/doc.go b/service/securityhub/doc.go index 1fbe2991dd2..0d1ca552f51 100644 --- a/service/securityhub/doc.go +++ b/service/securityhub/doc.go @@ -20,7 +20,7 @@ // // For example, if your Region is set to us-west-2, when you use CreateMembers // to add a member account to Security Hub, the association of the member account -// with the master account is created only in the us-west-2 Region. Security +// with the administrator account is created only in the us-west-2 Region. Security // Hub must be enabled for the member account in the same Region that the invitation // was sent from. // diff --git a/service/securityhub/securityhubiface/interface.go b/service/securityhub/securityhubiface/interface.go index 2f064b86c43..801b15fea42 100644 --- a/service/securityhub/securityhubiface/interface.go +++ b/service/securityhub/securityhubiface/interface.go @@ -26,7 +26,7 @@ import ( // // myFunc uses an SDK service client to make a request to // // AWS SecurityHub. // func myFunc(svc securityhubiface.SecurityHubAPI) bool { -// // Make svc.AcceptInvitation request +// // Make svc.AcceptAdministratorInvitation request // } // // func main() { @@ -42,7 +42,7 @@ import ( // type mockSecurityHubClient struct { // securityhubiface.SecurityHubAPI // } -// func (m *mockSecurityHubClient) AcceptInvitation(input *securityhub.AcceptInvitationInput) (*securityhub.AcceptInvitationOutput, error) { +// func (m *mockSecurityHubClient) AcceptAdministratorInvitation(input *securityhub.AcceptAdministratorInvitationInput) (*securityhub.AcceptAdministratorInvitationOutput, error) { // // mock response/functionality // } // @@ -60,6 +60,10 @@ import ( // and waiters. Its suggested to use the pattern above for testing, or using // tooling to generate mocks to satisfy the interfaces. type SecurityHubAPI interface { + AcceptAdministratorInvitation(*securityhub.AcceptAdministratorInvitationInput) (*securityhub.AcceptAdministratorInvitationOutput, error) + AcceptAdministratorInvitationWithContext(aws.Context, *securityhub.AcceptAdministratorInvitationInput, ...request.Option) (*securityhub.AcceptAdministratorInvitationOutput, error) + AcceptAdministratorInvitationRequest(*securityhub.AcceptAdministratorInvitationInput) (*request.Request, *securityhub.AcceptAdministratorInvitationOutput) + AcceptInvitation(*securityhub.AcceptInvitationInput) (*securityhub.AcceptInvitationOutput, error) AcceptInvitationWithContext(aws.Context, *securityhub.AcceptInvitationInput, ...request.Option) (*securityhub.AcceptInvitationOutput, error) AcceptInvitationRequest(*securityhub.AcceptInvitationInput) (*request.Request, *securityhub.AcceptInvitationOutput) @@ -160,6 +164,10 @@ type SecurityHubAPI interface { DisableSecurityHubWithContext(aws.Context, *securityhub.DisableSecurityHubInput, ...request.Option) (*securityhub.DisableSecurityHubOutput, error) DisableSecurityHubRequest(*securityhub.DisableSecurityHubInput) (*request.Request, *securityhub.DisableSecurityHubOutput) + DisassociateFromAdministratorAccount(*securityhub.DisassociateFromAdministratorAccountInput) (*securityhub.DisassociateFromAdministratorAccountOutput, error) + DisassociateFromAdministratorAccountWithContext(aws.Context, *securityhub.DisassociateFromAdministratorAccountInput, ...request.Option) (*securityhub.DisassociateFromAdministratorAccountOutput, error) + DisassociateFromAdministratorAccountRequest(*securityhub.DisassociateFromAdministratorAccountInput) (*request.Request, *securityhub.DisassociateFromAdministratorAccountOutput) + DisassociateFromMasterAccount(*securityhub.DisassociateFromMasterAccountInput) (*securityhub.DisassociateFromMasterAccountOutput, error) DisassociateFromMasterAccountWithContext(aws.Context, *securityhub.DisassociateFromMasterAccountInput, ...request.Option) (*securityhub.DisassociateFromMasterAccountOutput, error) DisassociateFromMasterAccountRequest(*securityhub.DisassociateFromMasterAccountInput) (*request.Request, *securityhub.DisassociateFromMasterAccountOutput) @@ -180,6 +188,10 @@ type SecurityHubAPI interface { EnableSecurityHubWithContext(aws.Context, *securityhub.EnableSecurityHubInput, ...request.Option) (*securityhub.EnableSecurityHubOutput, error) EnableSecurityHubRequest(*securityhub.EnableSecurityHubInput) (*request.Request, *securityhub.EnableSecurityHubOutput) + GetAdministratorAccount(*securityhub.GetAdministratorAccountInput) (*securityhub.GetAdministratorAccountOutput, error) + GetAdministratorAccountWithContext(aws.Context, *securityhub.GetAdministratorAccountInput, ...request.Option) (*securityhub.GetAdministratorAccountOutput, error) + GetAdministratorAccountRequest(*securityhub.GetAdministratorAccountInput) (*request.Request, *securityhub.GetAdministratorAccountOutput) + GetEnabledStandards(*securityhub.GetEnabledStandardsInput) (*securityhub.GetEnabledStandardsOutput, error) GetEnabledStandardsWithContext(aws.Context, *securityhub.GetEnabledStandardsInput, ...request.Option) (*securityhub.GetEnabledStandardsOutput, error) GetEnabledStandardsRequest(*securityhub.GetEnabledStandardsInput) (*request.Request, *securityhub.GetEnabledStandardsOutput)