SDK for PHP 3.x

Client: Aws\SecurityHub\SecurityHubClient
Service ID: securityhub
Version: 2018-10-26

This page describes the parameters and results for the operations of the AWS SecurityHub (2018-10-26), and shows how to use the Aws\SecurityHub\SecurityHubClient object to call the described operations. This documentation is specific to the 2018-10-26 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

AcceptAdministratorInvitation ( array $params = [] )
We recommend using Organizations instead of Security Hub invitations to manage your member accounts.
AcceptInvitation ( array $params = [] )
This method is deprecated.
BatchDeleteAutomationRules ( array $params = [] )
Deletes one or more automation rules.
BatchDisableStandards ( array $params = [] )
Disables the standards specified by the provided StandardsSubscriptionArns.
BatchEnableStandards ( array $params = [] )
Enables the standards specified by the provided StandardsArn.
BatchGetAutomationRules ( array $params = [] )
Retrieves a list of details for automation rules based on rule Amazon Resource Names (ARNs).
BatchGetConfigurationPolicyAssociations ( array $params = [] )
Returns associations between an Security Hub configuration and a batch of target accounts, organizational units, or the root.
BatchGetSecurityControls ( array $params = [] )
Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.
BatchGetStandardsControlAssociations ( array $params = [] )
For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.
BatchImportFindings ( array $params = [] )
Imports security findings generated by a finding provider into Security Hub.
BatchUpdateAutomationRules ( array $params = [] )
Updates one or more automation rules based on rule Amazon Resource Names (ARNs) and input parameters.
BatchUpdateFindings ( array $params = [] )
Used by Security Hub customers to update information about their investigation into a finding.
BatchUpdateStandardsControlAssociations ( array $params = [] )
For a batch of security controls and standards, this operation updates the enablement status of a control in a standard.
CreateActionTarget ( array $params = [] )
Creates a custom action target in Security Hub.
CreateAutomationRule ( array $params = [] )
Creates an automation rule based on input parameters.
CreateConfigurationPolicy ( array $params = [] )
Creates a configuration policy with the defined configuration.
CreateFindingAggregator ( array $params = [] )
The aggregation Region is now called the home Region.
CreateInsight ( array $params = [] )
Creates a custom insight in Security Hub.
CreateMembers ( array $params = [] )
Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account.
DeclineInvitations ( array $params = [] )
We recommend using Organizations instead of Security Hub invitations to manage your member accounts.
DeleteActionTarget ( array $params = [] )
Deletes a custom action target from Security Hub.
DeleteConfigurationPolicy ( array $params = [] )
Deletes a configuration policy.
DeleteFindingAggregator ( array $params = [] )
The aggregation Region is now called the home Region.
DeleteInsight ( array $params = [] )
Deletes the insight specified by the InsightArn.
DeleteInvitations ( array $params = [] )
We recommend using Organizations instead of Security Hub invitations to manage your member accounts.
DeleteMembers ( array $params = [] )
Deletes the specified member accounts from Security Hub.
DescribeActionTargets ( array $params = [] )
Returns a list of the custom action targets in Security Hub in your account.
DescribeHub ( array $params = [] )
Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub.
DescribeOrganizationConfiguration ( array $params = [] )
Returns information about the way your organization is configured in Security Hub.
DescribeProducts ( array $params = [] )
Returns information about product integrations in Security Hub.
DescribeStandards ( array $params = [] )
Returns a list of the available standards in Security Hub.
DescribeStandardsControls ( array $params = [] )
Returns a list of security standards controls.
DisableImportFindingsForProduct ( array $params = [] )
Disables the integration of the specified product with Security Hub.
DisableOrganizationAdminAccount ( array $params = [] )
Disables a Security Hub administrator account.
DisableSecurityHub ( array $params = [] )
Disables Security Hub in your account only in the current Amazon Web Services Region.
DisassociateFromAdministratorAccount ( array $params = [] )
Disassociates the current Security Hub member account from the associated administrator account.
DisassociateFromMasterAccount ( array $params = [] )
This method is deprecated.
DisassociateMembers ( array $params = [] )
Disassociates the specified member accounts from the associated administrator account.
EnableImportFindingsForProduct ( array $params = [] )
Enables the integration of a partner product with Security Hub.
EnableOrganizationAdminAccount ( array $params = [] )
Designates the Security Hub administrator account for an organization.
EnableSecurityHub ( array $params = [] )
Enables Security Hub for your account in the current Region or the Region you specify in the request.
GetAdministratorAccount ( array $params = [] )
Provides the details for the Security Hub administrator account for the current member account.
GetConfigurationPolicy ( array $params = [] )
Provides information about a configuration policy.
GetConfigurationPolicyAssociation ( array $params = [] )
Returns the association between a configuration and a target account, organizational unit, or the root.
GetEnabledStandards ( array $params = [] )
Returns a list of the standards that are currently enabled.
GetFindingAggregator ( array $params = [] )
The aggregation Region is now called the home Region.
GetFindingHistory ( array $params = [] )
Returns history for a Security Hub finding in the last 90 days.
GetFindings ( array $params = [] )
Returns a list of findings that match the specified criteria.
GetInsightResults ( array $params = [] )
Lists the results of the Security Hub insight specified by the insight ARN.
GetInsights ( array $params = [] )
Lists and describes insights for the specified insight ARNs.
GetInvitationsCount ( array $params = [] )
We recommend using Organizations instead of Security Hub invitations to manage your member accounts.
GetMasterAccount ( array $params = [] )
This method is deprecated.
GetMembers ( array $params = [] )
Returns the details for the Security Hub member accounts for the specified account IDs.
GetSecurityControlDefinition ( array $params = [] )
Retrieves the definition of a security control.
InviteMembers ( array $params = [] )
We recommend using Organizations instead of Security Hub invitations to manage your member accounts.
ListAutomationRules ( array $params = [] )
A list of automation rules and their metadata for the calling account.
ListConfigurationPolicies ( array $params = [] )
Lists the configuration policies that the Security Hub delegated administrator has created for your organization.
ListConfigurationPolicyAssociations ( array $params = [] )
Provides information about the associations for your configuration policies and self-managed behavior.
ListEnabledProductsForImport ( array $params = [] )
Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub.
ListFindingAggregators ( array $params = [] )
If cross-Region aggregation is enabled, then ListFindingAggregators returns the Amazon Resource Name (ARN) of the finding aggregator.
ListInvitations ( array $params = [] )
We recommend using Organizations instead of Security Hub invitations to manage your member accounts.
ListMembers ( array $params = [] )
Lists details about all member accounts for the current Security Hub administrator account.
ListOrganizationAdminAccounts ( array $params = [] )
Lists the Security Hub administrator accounts.
ListSecurityControlDefinitions ( array $params = [] )
Lists all of the security controls that apply to a specified standard.
ListStandardsControlAssociations ( array $params = [] )
Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.
ListTagsForResource ( array $params = [] )
Returns a list of tags associated with a resource.
StartConfigurationPolicyAssociation ( array $params = [] )
Associates a target account, organizational unit, or the root with a specified configuration.
StartConfigurationPolicyDisassociation ( array $params = [] )
Disassociates a target account, organizational unit, or the root from a specified configuration.
TagResource ( array $params = [] )
Adds one or more tags to a resource.
UntagResource ( array $params = [] )
Removes one or more tags from a resource.
UpdateActionTarget ( array $params = [] )
Updates the name and description of a custom action target in Security Hub.
UpdateConfigurationPolicy ( array $params = [] )
Updates a configuration policy.
UpdateFindingAggregator ( array $params = [] )
The aggregation Region is now called the home Region.
UpdateFindings ( array $params = [] )
UpdateFindings is a deprecated operation.
UpdateInsight ( array $params = [] )
Updates the Security Hub insight identified by the specified insight ARN.
UpdateOrganizationConfiguration ( array $params = [] )
Updates the configuration of your organization in Security Hub.
UpdateSecurityControl ( array $params = [] )
Updates the properties of a security control.
UpdateSecurityHubConfiguration ( array $params = [] )
Updates configuration options for Security Hub.
UpdateStandardsControl ( array $params = [] )
Used to control whether an individual security standard control is enabled or disabled.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

DescribeActionTargets
DescribeProducts
DescribeStandards
DescribeStandardsControls
GetEnabledStandards
GetFindingHistory
GetFindings
GetInsights
ListConfigurationPolicies
ListConfigurationPolicyAssociations
ListEnabledProductsForImport
ListFindingAggregators
ListInvitations
ListMembers
ListOrganizationAdminAccounts
ListSecurityControlDefinitions
ListStandardsControlAssociations

Operations

AcceptAdministratorInvitation

$result = $client->acceptAdministratorInvitation([/* ... */]);
$promise = $client->acceptAdministratorInvitationAsync([/* ... */]);

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.

This operation is only used by member accounts that are not added through Organizations.

When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.

Parameter Syntax

$result = $client->acceptAdministratorInvitation([
    'AdministratorId' => '<string>', // REQUIRED
    'InvitationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AdministratorId
Required: Yes
Type: string

The account ID of the Security Hub administrator account that sent the invitation.

InvitationId
Required: Yes
Type: string

The identifier of the invitation sent from the Security Hub administrator account.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

InvalidAccessException:

The account doesn't have permission to perform this action.

Examples

Example 1: To accept an invitation be a member account

The following example demonstrates how an account can accept an invitation from the Security Hub administrator account to be a member account. This operation is applicable only to member accounts that are not added through AWS Organizations.

$result = $client->acceptAdministratorInvitation([
    'AdministratorId' => '123456789012',
    'InvitationId' => '7ab938c5d52d7904ad09f9e7c20cc4eb',
]);

AcceptInvitation

$result = $client->acceptInvitation([/* ... */]);
$promise = $client->acceptInvitationAsync([/* ... */]);

This method is deprecated. Instead, use AcceptAdministratorInvitation.

The Security Hub console continues to use AcceptInvitation. It will eventually change to use AcceptAdministratorInvitation. Any IAM policies that specifically control access to this function must continue to use AcceptInvitation. You should also add AcceptAdministratorInvitation to your policies to ensure that the correct permissions are in place after the console begins to use AcceptAdministratorInvitation.

Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.

This operation is only used by member accounts that are not added through Organizations.

When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.

Parameter Syntax

$result = $client->acceptInvitation([
    'InvitationId' => '<string>', // REQUIRED
    'MasterId' => '<string>', // REQUIRED
]);

Parameter Details

Members
InvitationId
Required: Yes
Type: string

The identifier of the invitation sent from the Security Hub administrator account.

MasterId
Required: Yes
Type: string

The account ID of the Security Hub administrator account that sent the invitation.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

InvalidAccessException:

The account doesn't have permission to perform this action.

BatchDeleteAutomationRules

$result = $client->batchDeleteAutomationRules([/* ... */]);
$promise = $client->batchDeleteAutomationRulesAsync([/* ... */]);

Deletes one or more automation rules.

Parameter Syntax

$result = $client->batchDeleteAutomationRules([
    'AutomationRulesArns' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AutomationRulesArns
Required: Yes
Type: Array of strings

A list of Amazon Resource Names (ARNs) for the rules that are to be deleted.

Result Syntax

[
    'ProcessedAutomationRules' => ['<string>', ...],
    'UnprocessedAutomationRules' => [
        [
            'ErrorCode' => <integer>,
            'ErrorMessage' => '<string>',
            'RuleArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
ProcessedAutomationRules
Type: Array of strings

A list of properly processed rule ARNs.

UnprocessedAutomationRules
Type: Array of UnprocessedAutomationRule structures

A list of objects containing RuleArn, ErrorCode, and ErrorMessage. This parameter tells you which automation rules the request didn't delete and why.

Errors

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To delete one or more automation rules

The following example deletes the specified automation rules.

$result = $client->batchDeleteAutomationRules([
    'AutomationRulesArns' => [
        'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
        'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222',
    ],
]);

Result syntax:

[
    'ProcessedAutomationRules' => [
        'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    ],
    'UnprocessedAutomationRules' => [
        [
            'ErrorCode' => 500,
            'ErrorMessage' => 'InternalException',
            'RuleArn' => 'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222',
        ],
    ],
]

BatchDisableStandards

$result = $client->batchDisableStandards([/* ... */]);
$promise = $client->batchDisableStandardsAsync([/* ... */]);

Disables the standards specified by the provided StandardsSubscriptionArns.

For more information, see Security Standards section of the Security Hub User Guide.

Parameter Syntax

$result = $client->batchDisableStandards([
    'StandardsSubscriptionArns' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
StandardsSubscriptionArns
Required: Yes
Type: Array of strings

The ARNs of the standards subscriptions to disable.

Result Syntax

[
    'StandardsSubscriptions' => [
        [
            'StandardsArn' => '<string>',
            'StandardsInput' => ['<string>', ...],
            'StandardsStatus' => 'PENDING|READY|FAILED|DELETING|INCOMPLETE',
            'StandardsStatusReason' => [
                'StatusReasonCode' => 'NO_AVAILABLE_CONFIGURATION_RECORDER|INTERNAL_ERROR',
            ],
            'StandardsSubscriptionArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
StandardsSubscriptions
Type: Array of StandardsSubscription structures

The details of the standards subscriptions that were disabled.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To disable one or more security standards

The following example disables a security standard in Security Hub.

$result = $client->batchDisableStandards([
    'StandardsSubscriptionArns' => [
        'arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1',
    ],
]);

Result syntax:

[
    'StandardsSubscriptions' => [
        [
            'StandardsArn' => 'arn:aws:securityhub:eu-central-1::standards/pci-dss/v/3.2.1',
            'StandardsInput' => [
            ],
            'StandardsStatus' => 'DELETING',
            'StandardsSubscriptionArn' => 'arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1',
        ],
    ],
]

BatchEnableStandards

$result = $client->batchEnableStandards([/* ... */]);
$promise = $client->batchEnableStandardsAsync([/* ... */]);

Enables the standards specified by the provided StandardsArn. To obtain the ARN for a standard, use the DescribeStandards operation.

For more information, see the Security Standards section of the Security Hub User Guide.

Parameter Syntax

$result = $client->batchEnableStandards([
    'StandardsSubscriptionRequests' => [ // REQUIRED
        [
            'StandardsArn' => '<string>', // REQUIRED
            'StandardsInput' => ['<string>', ...],
        ],
        // ...
    ],
]);

Parameter Details

Members
StandardsSubscriptionRequests
Required: Yes
Type: Array of StandardsSubscriptionRequest structures

The list of standards checks to enable.

Result Syntax

[
    'StandardsSubscriptions' => [
        [
            'StandardsArn' => '<string>',
            'StandardsInput' => ['<string>', ...],
            'StandardsStatus' => 'PENDING|READY|FAILED|DELETING|INCOMPLETE',
            'StandardsStatusReason' => [
                'StatusReasonCode' => 'NO_AVAILABLE_CONFIGURATION_RECORDER|INTERNAL_ERROR',
            ],
            'StandardsSubscriptionArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
StandardsSubscriptions
Type: Array of StandardsSubscription structures

The details of the standards subscriptions that were enabled.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To enable security standards

The following example enables the security standard specified by the StandardArn. You can use this operation to enable one or more Security Hub standards.

$result = $client->batchEnableStandards([
    'StandardsSubscriptionRequests' => [
        [
            'StandardsArn' => 'arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1',
        ],
    ],
]);

Result syntax:

[
    'StandardsSubscriptions' => [
        [
            'StandardsArn' => 'arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1',
            'StandardsInput' => [
            ],
            'StandardsStatus' => 'PENDING',
            'StandardsSubscriptionArn' => 'arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1',
        ],
    ],
]

BatchGetAutomationRules

$result = $client->batchGetAutomationRules([/* ... */]);
$promise = $client->batchGetAutomationRulesAsync([/* ... */]);

Retrieves a list of details for automation rules based on rule Amazon Resource Names (ARNs).

Parameter Syntax

$result = $client->batchGetAutomationRules([
    'AutomationRulesArns' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AutomationRulesArns
Required: Yes
Type: Array of strings

A list of rule ARNs to get details for.

Result Syntax

[
    'Rules' => [
        [
            'Actions' => [
                [
                    'FindingFieldsUpdate' => [
                        'Confidence' => <integer>,
                        'Criticality' => <integer>,
                        'Note' => [
                            'Text' => '<string>',
                            'UpdatedBy' => '<string>',
                        ],
                        'RelatedFindings' => [
                            [
                                'Id' => '<string>',
                                'ProductArn' => '<string>',
                            ],
                            // ...
                        ],
                        'Severity' => [
                            'Label' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
                            'Normalized' => <integer>,
                            'Product' => <float>,
                        ],
                        'Types' => ['<string>', ...],
                        'UserDefinedFields' => ['<string>', ...],
                        'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
                        'Workflow' => [
                            'Status' => 'NEW|NOTIFIED|RESOLVED|SUPPRESSED',
                        ],
                    ],
                    'Type' => 'FINDING_FIELDS_UPDATE',
                ],
                // ...
            ],
            'CreatedAt' => <DateTime>,
            'CreatedBy' => '<string>',
            'Criteria' => [
                'AwsAccountId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'AwsAccountName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'CompanyName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceAssociatedStandardsId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceSecurityControlId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceStatus' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Confidence' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'CreatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'Criticality' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'Description' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'FirstObservedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'GeneratorId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Id' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'LastObservedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'NoteText' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NoteUpdatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'NoteUpdatedBy' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProductArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProductName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RecordState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RelatedFindingsId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RelatedFindingsProductArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceApplicationArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceApplicationName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceDetailsOther' => [
                    [
                        'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourcePartition' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceRegion' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceTags' => [
                    [
                        'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceType' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'SeverityLabel' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'SourceUrl' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Title' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Type' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'UpdatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'UserDefinedFields' => [
                    [
                        'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'VerificationState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'WorkflowStatus' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
            ],
            'Description' => '<string>',
            'IsTerminal' => true || false,
            'RuleArn' => '<string>',
            'RuleName' => '<string>',
            'RuleOrder' => <integer>,
            'RuleStatus' => 'ENABLED|DISABLED',
            'UpdatedAt' => <DateTime>,
        ],
        // ...
    ],
    'UnprocessedAutomationRules' => [
        [
            'ErrorCode' => <integer>,
            'ErrorMessage' => '<string>',
            'RuleArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
Rules
Type: Array of AutomationRulesConfig structures

A list of rule details for the provided rule ARNs.

UnprocessedAutomationRules
Type: Array of UnprocessedAutomationRule structures

A list of objects containing RuleArn, ErrorCode, and ErrorMessage. This parameter tells you which automation rules the request didn't retrieve and why.

Errors

AccessDeniedException:

You don't have permission to perform the action specified in the request.

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To update one ore more automation rules

The following example updates the specified automation rules.

$result = $client->batchGetAutomationRules([
    'AutomationRulesArns' => [
        'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
        'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222',
    ],
]);

Result syntax:

[
    'Rules' => [
        [
            'Actions' => [
                [
                    'FindingFieldsUpdate' => [
                        'Workflow' => [
                            'Status' => 'RESOLVED',
                        ],
                    ],
                    'Type' => 'FINDING_FIELDS_UPDATE',
                ],
            ],
            'CreatedAt' => ,
            'CreatedBy' => 'AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14',
            'Criteria' => [
                'AwsAccountId' => [
                    [
                        'Comparison' => 'EQUALS',
                        'Value' => '111122223333',
                    ],
                ],
                'FirstObservedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => 5,
                        ],
                    ],
                ],
                'Type' => [
                    [
                        'Comparison' => 'EQUALS',
                        'Value' => 'Software and Configuration Checks/Industry and Regulatory Standards',
                    ],
                ],
            ],
            'Description' => 'sample rule description 1',
            'RuleArn' => 'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'RuleName' => 'sample-rule-name-1',
            'RuleOrder' => 1,
            'RuleStatus' => 'ENABLED',
            'UpdatedAt' => ,
        ],
        [
            'Actions' => [
                [
                    'FindingFieldsUpdate' => [
                        'Workflow' => [
                            'Status' => 'RESOLVED',
                        ],
                    ],
                    'Type' => 'FINDING_FIELDS_UPDATE',
                ],
            ],
            'CreatedAt' => ,
            'CreatedBy' => 'AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14',
            'Criteria' => [
                'ResourceType' => [
                    [
                        'Comparison' => 'EQUALS',
                        'Value' => 'Ec2Instance',
                    ],
                ],
                'SeverityLabel' => [
                    [
                        'Comparison' => 'EQUALS',
                        'Value' => 'INFORMATIONAL',
                    ],
                ],
            ],
            'Description' => 'Sample rule description 2',
            'RuleArn' => 'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222',
            'RuleName' => 'sample-rule-name-2',
            'RuleOrder' => 2,
            'RuleStatus' => 'ENABLED',
            'UpdatedAt' => ,
        ],
    ],
]

BatchGetConfigurationPolicyAssociations

$result = $client->batchGetConfigurationPolicyAssociations([/* ... */]);
$promise = $client->batchGetConfigurationPolicyAssociationsAsync([/* ... */]);

Returns associations between an Security Hub configuration and a batch of target accounts, organizational units, or the root. Only the Security Hub delegated administrator can invoke this operation from the home Region. A configuration can refer to a configuration policy or to a self-managed configuration.

Parameter Syntax

$result = $client->batchGetConfigurationPolicyAssociations([
    'ConfigurationPolicyAssociationIdentifiers' => [ // REQUIRED
        [
            'Target' => [
                'AccountId' => '<string>',
                'OrganizationalUnitId' => '<string>',
                'RootId' => '<string>',
            ],
        ],
        // ...
    ],
]);

Parameter Details

Members
ConfigurationPolicyAssociationIdentifiers
Required: Yes
Type: Array of ConfigurationPolicyAssociation structures

Specifies one or more target account IDs, organizational unit (OU) IDs, or the root ID to retrieve associations for.

Result Syntax

[
    'ConfigurationPolicyAssociations' => [
        [
            'AssociationStatus' => 'PENDING|SUCCESS|FAILED',
            'AssociationStatusMessage' => '<string>',
            'AssociationType' => 'INHERITED|APPLIED',
            'ConfigurationPolicyId' => '<string>',
            'TargetId' => '<string>',
            'TargetType' => 'ACCOUNT|ORGANIZATIONAL_UNIT|ROOT',
            'UpdatedAt' => <DateTime>,
        ],
        // ...
    ],
    'UnprocessedConfigurationPolicyAssociations' => [
        [
            'ConfigurationPolicyAssociationIdentifiers' => [
                'Target' => [
                    'AccountId' => '<string>',
                    'OrganizationalUnitId' => '<string>',
                    'RootId' => '<string>',
                ],
            ],
            'ErrorCode' => '<string>',
            'ErrorReason' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
ConfigurationPolicyAssociations
Type: Array of ConfigurationPolicyAssociationSummary structures

Describes associations for the target accounts, OUs, or the root.

UnprocessedConfigurationPolicyAssociations
Type: Array of UnprocessedConfigurationPolicyAssociation structures

An array of configuration policy associations, one for each configuration policy association identifier, that was specified in the request but couldn’t be processed due to an error.

Errors

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To get configuration associations for a batch of targets

This operation provides details about configuration associations for a batch of target accounts, organizational units, or the root.

$result = $client->batchGetConfigurationPolicyAssociations([
    'ConfigurationPolicyAssociationIdentifiers' => [
        [
            'Target' => [
                'AccountId' => '111122223333',
            ],
        ],
        [
            'Target' => [
                'RootId' => 'r-f6g7h8i9j0example',
            ],
        ],
    ],
]);

Result syntax:

[
    'ConfigurationPolicyAssociations' => [
        [
            'AssociationStatus' => 'SUCCESS',
            'AssociationStatusMessage' => 'This field is only populated for a failed association',
            'AssociationType' => 'INHERITED',
            'ConfigurationPolicyId' => 'a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'TargetId' => '111122223333',
            'TargetType' => 'ACCOUNT',
            'UpdatedAt' => ,
        ],
    ],
    'UnprocessedConfigurationPolicyAssociations' => [
        [
            'ConfigurationPolicyAssociationIdentifiers' => [
                'Target' => [
                    'RootId' => 'r-f6g7h8i9j0example',
                ],
            ],
            'ErrorCode' => '400',
            'ErrorReason' => 'You do not have sufficient access to perform this action.',
        ],
    ],
]

BatchGetSecurityControls

$result = $client->batchGetSecurityControls([/* ... */]);
$promise = $client->batchGetSecurityControlsAsync([/* ... */]);

Provides details about a batch of security controls for the current Amazon Web Services account and Amazon Web Services Region.

Parameter Syntax

$result = $client->batchGetSecurityControls([
    'SecurityControlIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
SecurityControlIds
Required: Yes
Type: Array of strings

A list of security controls (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters). The security control ID or Amazon Resource Name (ARN) is the same across standards.

Result Syntax

[
    'SecurityControls' => [
        [
            'Description' => '<string>',
            'LastUpdateReason' => '<string>',
            'Parameters' => [
                '<NonEmptyString>' => [
                    'Value' => [
                        'Boolean' => true || false,
                        'Double' => <float>,
                        'Enum' => '<string>',
                        'EnumList' => ['<string>', ...],
                        'Integer' => <integer>,
                        'IntegerList' => [<integer>, ...],
                        'String' => '<string>',
                        'StringList' => ['<string>', ...],
                    ],
                    'ValueType' => 'DEFAULT|CUSTOM',
                ],
                // ...
            ],
            'RemediationUrl' => '<string>',
            'SecurityControlArn' => '<string>',
            'SecurityControlId' => '<string>',
            'SecurityControlStatus' => 'ENABLED|DISABLED',
            'SeverityRating' => 'LOW|MEDIUM|HIGH|CRITICAL',
            'Title' => '<string>',
            'UpdateStatus' => 'READY|UPDATING',
        ],
        // ...
    ],
    'UnprocessedIds' => [
        [
            'ErrorCode' => 'INVALID_INPUT|ACCESS_DENIED|NOT_FOUND|LIMIT_EXCEEDED',
            'ErrorReason' => '<string>',
            'SecurityControlId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
SecurityControls
Required: Yes
Type: Array of SecurityControl structures

An array that returns the identifier, Amazon Resource Name (ARN), and other details about a security control. The same information is returned whether the request includes SecurityControlId or SecurityControlArn.

UnprocessedIds
Type: Array of UnprocessedSecurityControl structures

A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) for which details cannot be returned.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

Examples

Example 1: To get security control details

The following example gets details for the specified controls in the current AWS account and AWS Region.

$result = $client->batchGetSecurityControls([
    'SecurityControlIds' => [
        'ACM.1',
        'APIGateway.1',
    ],
]);

Result syntax:

[
    'SecurityControls' => [
        [
            'Description' => 'This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.',
            'LastUpdateReason' => 'Stayed with default value',
            'Parameters' => [
                'daysToExpiration' => [
                    'Value' => [
                        'Integer' => 30,
                    ],
                    'ValueType' => 'DEFAULT',
                ],
            ],
            'RemediationUrl' => 'https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation',
            'SecurityControlArn' => 'arn:aws:securityhub:us-west-2:123456789012:security-control/ACM.1',
            'SecurityControlId' => 'ACM.1',
            'SecurityControlStatus' => 'ENABLED',
            'SeverityRating' => 'MEDIUM',
            'Title' => 'Imported and ACM-issued certificates should be renewed after a specified time period',
            'UpdateStatus' => 'UPDATING',
        ],
        [
            'Description' => 'This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.',
            'LastUpdateReason' => 'Updated control parameters to comply with internal requirements',
            'Parameters' => [
                'loggingLevel' => [
                    'Value' => [
                        'Enum' => 'ERROR',
                    ],
                    'ValueType' => 'CUSTOM',
                ],
            ],
            'RemediationUrl' => 'https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation',
            'SecurityControlArn' => 'arn:aws:securityhub:us-west-2:123456789012:security-control/APIGateway.1',
            'SecurityControlId' => 'APIGateway.1',
            'SecurityControlStatus' => 'ENABLED',
            'SeverityRating' => 'MEDIUM',
            'Title' => 'API Gateway REST and WebSocket API execution logging should be enabled',
            'UpdateStatus' => 'UPDATING',
        ],
    ],
]

BatchGetStandardsControlAssociations

$result = $client->batchGetStandardsControlAssociations([/* ... */]);
$promise = $client->batchGetStandardsControlAssociationsAsync([/* ... */]);

For a batch of security controls and standards, identifies whether each control is currently enabled or disabled in a standard.

Parameter Syntax

$result = $client->batchGetStandardsControlAssociations([
    'StandardsControlAssociationIds' => [ // REQUIRED
        [
            'SecurityControlId' => '<string>', // REQUIRED
            'StandardsArn' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
StandardsControlAssociationIds
Required: Yes
Type: Array of StandardsControlAssociationId structures

An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This field is used to query the enablement status of a control in a specified standard. The security control ID or ARN is the same across standards.

Result Syntax

[
    'StandardsControlAssociationDetails' => [
        [
            'AssociationStatus' => 'ENABLED|DISABLED',
            'RelatedRequirements' => ['<string>', ...],
            'SecurityControlArn' => '<string>',
            'SecurityControlId' => '<string>',
            'StandardsArn' => '<string>',
            'StandardsControlArns' => ['<string>', ...],
            'StandardsControlDescription' => '<string>',
            'StandardsControlTitle' => '<string>',
            'UpdatedAt' => <DateTime>,
            'UpdatedReason' => '<string>',
        ],
        // ...
    ],
    'UnprocessedAssociations' => [
        [
            'ErrorCode' => 'INVALID_INPUT|ACCESS_DENIED|NOT_FOUND|LIMIT_EXCEEDED',
            'ErrorReason' => '<string>',
            'StandardsControlAssociationId' => [
                'SecurityControlId' => '<string>',
                'StandardsArn' => '<string>',
            ],
        ],
        // ...
    ],
]

Result Details

Members
StandardsControlAssociationDetails
Required: Yes
Type: Array of StandardsControlAssociationDetail structures

Provides the enablement status of a security control in a specified standard and other details for the control in relation to the specified standard.

UnprocessedAssociations
Type: Array of UnprocessedStandardsControlAssociation structures

A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) whose enablement status in a specified standard cannot be returned.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

Examples

Example 1: To get enablement status of a batch of controls

The following example retrieves the enablement status of the specified controls in the specified standards.

$result = $client->batchGetStandardsControlAssociations([
    'StandardsControlAssociationIds' => [
        [
            'SecurityControlId' => 'CloudTrail.1',
            'StandardsArn' => 'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0',
        ],
        [
            'SecurityControlId' => 'CloudWatch.12',
            'StandardsArn' => 'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0',
        ],
    ],
]);

Result syntax:

[
    'StandardsControlAssociationDetails' => [
        [
            'AssociationStatus' => 'ENABLED',
            'RelatedRequirements' => [
                'CIS AWS Foundations 2.1',
            ],
            'SecurityControlArn' => 'arn:aws:securityhub:us-west-2:110479873537:security-control/CloudTrail.1',
            'SecurityControlId' => 'CloudTrail.1',
            'StandardsArn' => 'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0',
            'StandardsControlDescription' => 'AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.',
            'StandardsControlTitle' => 'Ensure CloudTrail is enabled in all regions',
            'UpdatedAt' => ,
        ],
        [
            'AssociationStatus' => 'ENABLED',
            'RelatedRequirements' => [
                'CIS AWS Foundations 3.12',
            ],
            'SecurityControlArn' => 'arn:aws:securityhub:us-west-2:110479873537:security-control/CloudWatch.12',
            'SecurityControlId' => 'CloudWatch.12',
            'StandardsArn' => 'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0',
            'StandardsControlDescription' => 'Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Network gateways are required to send/receive traffic to a destination outside of a VPC. It is recommended that a metric filter and alarm be established for changes to network gateways.',
            'StandardsControlTitle' => 'Ensure a log metric filter and alarm exist for changes to network gateways',
            'UpdatedAt' => ,
        ],
    ],
]

BatchImportFindings

$result = $client->batchImportFindings([/* ... */]);
$promise = $client->batchImportFindingsAsync([/* ... */]);

Imports security findings generated by a finding provider into Security Hub. This action is requested by the finding provider to import its findings into Security Hub.

BatchImportFindings must be called by one of the following:

  • The Amazon Web Services account that is associated with a finding if you are using the default product ARN or are a partner sending findings from within a customer's Amazon Web Services account. In these cases, the identifier of the account that you are calling BatchImportFindings from needs to be the same as the AwsAccountId attribute for the finding.

  • An Amazon Web Services account that Security Hub has allow-listed for an official partner integration. In this case, you can call BatchImportFindings from the allow-listed account and send findings from different customer accounts in the same batch.

The maximum allowed size for a finding is 240 Kb. An error is returned for any finding larger than 240 Kb.

After a finding is created, BatchImportFindings cannot be used to update the following finding fields and objects, which Security Hub customers use to manage their investigation workflow.

  • Note

  • UserDefinedFields

  • VerificationState

  • Workflow

Finding providers also should not use BatchImportFindings to update the following attributes.

  • Confidence

  • Criticality

  • RelatedFindings

  • Severity

  • Types

Instead, finding providers use FindingProviderFields to provide values for these attributes.

Parameter Syntax

$result = $client->batchImportFindings([
    'Findings' => [ // REQUIRED
        [
            'Action' => [
                'ActionType' => '<string>',
                'AwsApiCallAction' => [
                    'AffectedResources' => ['<string>', ...],
                    'Api' => '<string>',
                    'CallerType' => '<string>',
                    'DomainDetails' => [
                        'Domain' => '<string>',
                    ],
                    'FirstSeen' => '<string>',
                    'LastSeen' => '<string>',
                    'RemoteIpDetails' => [
                        'City' => [
                            'CityName' => '<string>',
                        ],
                        'Country' => [
                            'CountryCode' => '<string>',
                            'CountryName' => '<string>',
                        ],
                        'GeoLocation' => [
                            'Lat' => <float>,
                            'Lon' => <float>,
                        ],
                        'IpAddressV4' => '<string>',
                        'Organization' => [
                            'Asn' => <integer>,
                            'AsnOrg' => '<string>',
                            'Isp' => '<string>',
                            'Org' => '<string>',
                        ],
                    ],
                    'ServiceName' => '<string>',
                ],
                'DnsRequestAction' => [
                    'Blocked' => true || false,
                    'Domain' => '<string>',
                    'Protocol' => '<string>',
                ],
                'NetworkConnectionAction' => [
                    'Blocked' => true || false,
                    'ConnectionDirection' => '<string>',
                    'LocalPortDetails' => [
                        'Port' => <integer>,
                        'PortName' => '<string>',
                    ],
                    'Protocol' => '<string>',
                    'RemoteIpDetails' => [
                        'City' => [
                            'CityName' => '<string>',
                        ],
                        'Country' => [
                            'CountryCode' => '<string>',
                            'CountryName' => '<string>',
                        ],
                        'GeoLocation' => [
                            'Lat' => <float>,
                            'Lon' => <float>,
                        ],
                        'IpAddressV4' => '<string>',
                        'Organization' => [
                            'Asn' => <integer>,
                            'AsnOrg' => '<string>',
                            'Isp' => '<string>',
                            'Org' => '<string>',
                        ],
                    ],
                    'RemotePortDetails' => [
                        'Port' => <integer>,
                        'PortName' => '<string>',
                    ],
                ],
                'PortProbeAction' => [
                    'Blocked' => true || false,
                    'PortProbeDetails' => [
                        [
                            'LocalIpDetails' => [
                                'IpAddressV4' => '<string>',
                            ],
                            'LocalPortDetails' => [
                                'Port' => <integer>,
                                'PortName' => '<string>',
                            ],
                            'RemoteIpDetails' => [
                                'City' => [
                                    'CityName' => '<string>',
                                ],
                                'Country' => [
                                    'CountryCode' => '<string>',
                                    'CountryName' => '<string>',
                                ],
                                'GeoLocation' => [
                                    'Lat' => <float>,
                                    'Lon' => <float>,
                                ],
                                'IpAddressV4' => '<string>',
                                'Organization' => [
                                    'Asn' => <integer>,
                                    'AsnOrg' => '<string>',
                                    'Isp' => '<string>',
                                    'Org' => '<string>',
                                ],
                            ],
                        ],
                        // ...
                    ],
                ],
            ],
            'AwsAccountId' => '<string>', // REQUIRED
            'AwsAccountName' => '<string>',
            'CompanyName' => '<string>',
            'Compliance' => [
                'AssociatedStandards' => [
                    [
                        'StandardsId' => '<string>',
                    ],
                    // ...
                ],
                'RelatedRequirements' => ['<string>', ...],
                'SecurityControlId' => '<string>',
                'SecurityControlParameters' => [
                    [
                        'Name' => '<string>',
                        'Value' => ['<string>', ...],
                    ],
                    // ...
                ],
                'Status' => 'PASSED|WARNING|FAILED|NOT_AVAILABLE',
                'StatusReasons' => [
                    [
                        'Description' => '<string>',
                        'ReasonCode' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
            ],
            'Confidence' => <integer>,
            'CreatedAt' => '<string>', // REQUIRED
            'Criticality' => <integer>,
            'Description' => '<string>', // REQUIRED
            'Detection' => [
                'Sequence' => [
                    'Actors' => [
                        [
                            'Id' => '<string>',
                            'Session' => [
                                'CreatedTime' => <integer>,
                                'Issuer' => '<string>',
                                'MfaStatus' => 'ENABLED|DISABLED',
                                'Uid' => '<string>',
                            ],
                            'User' => [
                                'Account' => [
                                    'Name' => '<string>',
                                    'Uid' => '<string>',
                                ],
                                'CredentialUid' => '<string>',
                                'Name' => '<string>',
                                'Type' => '<string>',
                                'Uid' => '<string>',
                            ],
                        ],
                        // ...
                    ],
                    'Endpoints' => [
                        [
                            'AutonomousSystem' => [
                                'Name' => '<string>',
                                'Number' => <integer>,
                            ],
                            'Connection' => [
                                'Direction' => 'INBOUND|OUTBOUND',
                            ],
                            'Domain' => '<string>',
                            'Id' => '<string>',
                            'Ip' => '<string>',
                            'Location' => [
                                'City' => '<string>',
                                'Country' => '<string>',
                                'Lat' => <float>,
                                'Lon' => <float>,
                            ],
                            'Port' => <integer>,
                        ],
                        // ...
                    ],
                    'SequenceIndicators' => [
                        [
                            'Key' => '<string>',
                            'Title' => '<string>',
                            'Type' => '<string>',
                            'Values' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'Signals' => [
                        [
                            'ActorIds' => ['<string>', ...],
                            'Count' => <integer>,
                            'CreatedAt' => <integer>,
                            'EndpointIds' => ['<string>', ...],
                            'FirstSeenAt' => <integer>,
                            'Id' => '<string>',
                            'LastSeenAt' => <integer>,
                            'Name' => '<string>',
                            'ProductArn' => '<string>',
                            'ResourceIds' => ['<string>', ...],
                            'Severity' => <float>,
                            'SignalIndicators' => [
                                [
                                    'Key' => '<string>',
                                    'Title' => '<string>',
                                    'Type' => '<string>',
                                    'Values' => ['<string>', ...],
                                ],
                                // ...
                            ],
                            'Title' => '<string>',
                            'Type' => '<string>',
                            'UpdatedAt' => <integer>,
                        ],
                        // ...
                    ],
                    'Uid' => '<string>',
                ],
            ],
            'FindingProviderFields' => [
                'Confidence' => <integer>,
                'Criticality' => <integer>,
                'RelatedFindings' => [
                    [
                        'Id' => '<string>', // REQUIRED
                        'ProductArn' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'Severity' => [
                    'Label' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
                    'Original' => '<string>',
                ],
                'Types' => ['<string>', ...],
            ],
            'FirstObservedAt' => '<string>',
            'GeneratorDetails' => [
                'Description' => '<string>',
                'Labels' => ['<string>', ...],
                'Name' => '<string>',
            ],
            'GeneratorId' => '<string>', // REQUIRED
            'Id' => '<string>', // REQUIRED
            'LastObservedAt' => '<string>',
            'Malware' => [
                [
                    'Name' => '<string>', // REQUIRED
                    'Path' => '<string>',
                    'State' => 'OBSERVED|REMOVAL_FAILED|REMOVED',
                    'Type' => 'ADWARE|BLENDED_THREAT|BOTNET_AGENT|COIN_MINER|EXPLOIT_KIT|KEYLOGGER|MACRO|POTENTIALLY_UNWANTED|SPYWARE|RANSOMWARE|REMOTE_ACCESS|ROOTKIT|TROJAN|VIRUS|WORM',
                ],
                // ...
            ],
            'Network' => [
                'DestinationDomain' => '<string>',
                'DestinationIpV4' => '<string>',
                'DestinationIpV6' => '<string>',
                'DestinationPort' => <integer>,
                'Direction' => 'IN|OUT',
                'OpenPortRange' => [
                    'Begin' => <integer>,
                    'End' => <integer>,
                ],
                'Protocol' => '<string>',
                'SourceDomain' => '<string>',
                'SourceIpV4' => '<string>',
                'SourceIpV6' => '<string>',
                'SourceMac' => '<string>',
                'SourcePort' => <integer>,
            ],
            'NetworkPath' => [
                [
                    'ComponentId' => '<string>',
                    'ComponentType' => '<string>',
                    'Egress' => [
                        'Destination' => [
                            'Address' => ['<string>', ...],
                            'PortRanges' => [
                                [
                                    'Begin' => <integer>,
                                    'End' => <integer>,
                                ],
                                // ...
                            ],
                        ],
                        'Protocol' => '<string>',
                        'Source' => [
                            'Address' => ['<string>', ...],
                            'PortRanges' => [
                                [
                                    'Begin' => <integer>,
                                    'End' => <integer>,
                                ],
                                // ...
                            ],
                        ],
                    ],
                    'Ingress' => [
                        'Destination' => [
                            'Address' => ['<string>', ...],
                            'PortRanges' => [
                                [
                                    'Begin' => <integer>,
                                    'End' => <integer>,
                                ],
                                // ...
                            ],
                        ],
                        'Protocol' => '<string>',
                        'Source' => [
                            'Address' => ['<string>', ...],
                            'PortRanges' => [
                                [
                                    'Begin' => <integer>,
                                    'End' => <integer>,
                                ],
                                // ...
                            ],
                        ],
                    ],
                ],
                // ...
            ],
            'Note' => [
                'Text' => '<string>', // REQUIRED
                'UpdatedAt' => '<string>', // REQUIRED
                'UpdatedBy' => '<string>', // REQUIRED
            ],
            'PatchSummary' => [
                'FailedCount' => <integer>,
                'Id' => '<string>', // REQUIRED
                'InstalledCount' => <integer>,
                'InstalledOtherCount' => <integer>,
                'InstalledPendingReboot' => <integer>,
                'InstalledRejectedCount' => <integer>,
                'MissingCount' => <integer>,
                'Operation' => '<string>',
                'OperationEndTime' => '<string>',
                'OperationStartTime' => '<string>',
                'RebootOption' => '<string>',
            ],
            'Process' => [
                'LaunchedAt' => '<string>',
                'Name' => '<string>',
                'ParentPid' => <integer>,
                'Path' => '<string>',
                'Pid' => <integer>,
                'TerminatedAt' => '<string>',
            ],
            'ProcessedAt' => '<string>',
            'ProductArn' => '<string>', // REQUIRED
            'ProductFields' => ['<string>', ...],
            'ProductName' => '<string>',
            'RecordState' => 'ACTIVE|ARCHIVED',
            'Region' => '<string>',
            'RelatedFindings' => [
                [
                    'Id' => '<string>', // REQUIRED
                    'ProductArn' => '<string>', // REQUIRED
                ],
                // ...
            ],
            'Remediation' => [
                'Recommendation' => [
                    'Text' => '<string>',
                    'Url' => '<string>',
                ],
            ],
            'Resources' => [ // REQUIRED
                [
                    'ApplicationArn' => '<string>',
                    'ApplicationName' => '<string>',
                    'DataClassification' => [
                        'DetailedResultsLocation' => '<string>',
                        'Result' => [
                            'AdditionalOccurrences' => true || false,
                            'CustomDataIdentifiers' => [
                                'Detections' => [
                                    [
                                        'Arn' => '<string>',
                                        'Count' => <integer>,
                                        'Name' => '<string>',
                                        'Occurrences' => [
                                            'Cells' => [
                                                [
                                                    'CellReference' => '<string>',
                                                    'Column' => <integer>,
                                                    'ColumnName' => '<string>',
                                                    'Row' => <integer>,
                                                ],
                                                // ...
                                            ],
                                            'LineRanges' => [
                                                [
                                                    'End' => <integer>,
                                                    'Start' => <integer>,
                                                    'StartColumn' => <integer>,
                                                ],
                                                // ...
                                            ],
                                            'OffsetRanges' => [
                                                [
                                                    'End' => <integer>,
                                                    'Start' => <integer>,
                                                    'StartColumn' => <integer>,
                                                ],
                                                // ...
                                            ],
                                            'Pages' => [
                                                [
                                                    'LineRange' => [
                                                        'End' => <integer>,
                                                        'Start' => <integer>,
                                                        'StartColumn' => <integer>,
                                                    ],
                                                    'OffsetRange' => [
                                                        'End' => <integer>,
                                                        'Start' => <integer>,
                                                        'StartColumn' => <integer>,
                                                    ],
                                                    'PageNumber' => <integer>,
                                                ],
                                                // ...
                                            ],
                                            'Records' => [
                                                [
                                                    'JsonPath' => '<string>',
                                                    'RecordIndex' => <integer>,
                                                ],
                                                // ...
                                            ],
                                        ],
                                    ],
                                    // ...
                                ],
                                'TotalCount' => <integer>,
                            ],
                            'MimeType' => '<string>',
                            'SensitiveData' => [
                                [
                                    'Category' => '<string>',
                                    'Detections' => [
                                        [
                                            'Count' => <integer>,
                                            'Occurrences' => [
                                                'Cells' => [
                                                    [
                                                        'CellReference' => '<string>',
                                                        'Column' => <integer>,
                                                        'ColumnName' => '<string>',
                                                        'Row' => <integer>,
                                                    ],
                                                    // ...
                                                ],
                                                'LineRanges' => [
                                                    [
                                                        'End' => <integer>,
                                                        'Start' => <integer>,
                                                        'StartColumn' => <integer>,
                                                    ],
                                                    // ...
                                                ],
                                                'OffsetRanges' => [
                                                    [
                                                        'End' => <integer>,
                                                        'Start' => <integer>,
                                                        'StartColumn' => <integer>,
                                                    ],
                                                    // ...
                                                ],
                                                'Pages' => [
                                                    [
                                                        'LineRange' => [
                                                            'End' => <integer>,
                                                            'Start' => <integer>,
                                                            'StartColumn' => <integer>,
                                                        ],
                                                        'OffsetRange' => [
                                                            'End' => <integer>,
                                                            'Start' => <integer>,
                                                            'StartColumn' => <integer>,
                                                        ],
                                                        'PageNumber' => <integer>,
                                                    ],
                                                    // ...
                                                ],
                                                'Records' => [
                                                    [
                                                        'JsonPath' => '<string>',
                                                        'RecordIndex' => <integer>,
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                            'Type' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'TotalCount' => <integer>,
                                ],
                                // ...
                            ],
                            'SizeClassified' => <integer>,
                            'Status' => [
                                'Code' => '<string>',
                                'Reason' => '<string>',
                            ],
                        ],
                    ],
                    'Details' => [
                        'AwsAmazonMqBroker' => [
                            'AuthenticationStrategy' => '<string>',
                            'AutoMinorVersionUpgrade' => true || false,
                            'BrokerArn' => '<string>',
                            'BrokerId' => '<string>',
                            'BrokerName' => '<string>',
                            'DeploymentMode' => '<string>',
                            'EncryptionOptions' => [
                                'KmsKeyId' => '<string>',
                                'UseAwsOwnedKey' => true || false,
                            ],
                            'EngineType' => '<string>',
                            'EngineVersion' => '<string>',
                            'HostInstanceType' => '<string>',
                            'LdapServerMetadata' => [
                                'Hosts' => ['<string>', ...],
                                'RoleBase' => '<string>',
                                'RoleName' => '<string>',
                                'RoleSearchMatching' => '<string>',
                                'RoleSearchSubtree' => true || false,
                                'ServiceAccountUsername' => '<string>',
                                'UserBase' => '<string>',
                                'UserRoleName' => '<string>',
                                'UserSearchMatching' => '<string>',
                                'UserSearchSubtree' => true || false,
                            ],
                            'Logs' => [
                                'Audit' => true || false,
                                'AuditLogGroup' => '<string>',
                                'General' => true || false,
                                'GeneralLogGroup' => '<string>',
                                'Pending' => [
                                    'Audit' => true || false,
                                    'General' => true || false,
                                ],
                            ],
                            'MaintenanceWindowStartTime' => [
                                'DayOfWeek' => '<string>',
                                'TimeOfDay' => '<string>',
                                'TimeZone' => '<string>',
                            ],
                            'PubliclyAccessible' => true || false,
                            'SecurityGroups' => ['<string>', ...],
                            'StorageType' => '<string>',
                            'SubnetIds' => ['<string>', ...],
                            'Users' => [
                                [
                                    'PendingChange' => '<string>',
                                    'Username' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsApiGatewayRestApi' => [
                            'ApiKeySource' => '<string>',
                            'BinaryMediaTypes' => ['<string>', ...],
                            'CreatedDate' => '<string>',
                            'Description' => '<string>',
                            'EndpointConfiguration' => [
                                'Types' => ['<string>', ...],
                            ],
                            'Id' => '<string>',
                            'MinimumCompressionSize' => <integer>,
                            'Name' => '<string>',
                            'Version' => '<string>',
                        ],
                        'AwsApiGatewayStage' => [
                            'AccessLogSettings' => [
                                'DestinationArn' => '<string>',
                                'Format' => '<string>',
                            ],
                            'CacheClusterEnabled' => true || false,
                            'CacheClusterSize' => '<string>',
                            'CacheClusterStatus' => '<string>',
                            'CanarySettings' => [
                                'DeploymentId' => '<string>',
                                'PercentTraffic' => <float>,
                                'StageVariableOverrides' => ['<string>', ...],
                                'UseStageCache' => true || false,
                            ],
                            'ClientCertificateId' => '<string>',
                            'CreatedDate' => '<string>',
                            'DeploymentId' => '<string>',
                            'Description' => '<string>',
                            'DocumentationVersion' => '<string>',
                            'LastUpdatedDate' => '<string>',
                            'MethodSettings' => [
                                [
                                    'CacheDataEncrypted' => true || false,
                                    'CacheTtlInSeconds' => <integer>,
                                    'CachingEnabled' => true || false,
                                    'DataTraceEnabled' => true || false,
                                    'HttpMethod' => '<string>',
                                    'LoggingLevel' => '<string>',
                                    'MetricsEnabled' => true || false,
                                    'RequireAuthorizationForCacheControl' => true || false,
                                    'ResourcePath' => '<string>',
                                    'ThrottlingBurstLimit' => <integer>,
                                    'ThrottlingRateLimit' => <float>,
                                    'UnauthorizedCacheControlHeaderStrategy' => '<string>',
                                ],
                                // ...
                            ],
                            'StageName' => '<string>',
                            'TracingEnabled' => true || false,
                            'Variables' => ['<string>', ...],
                            'WebAclArn' => '<string>',
                        ],
                        'AwsApiGatewayV2Api' => [
                            'ApiEndpoint' => '<string>',
                            'ApiId' => '<string>',
                            'ApiKeySelectionExpression' => '<string>',
                            'CorsConfiguration' => [
                                'AllowCredentials' => true || false,
                                'AllowHeaders' => ['<string>', ...],
                                'AllowMethods' => ['<string>', ...],
                                'AllowOrigins' => ['<string>', ...],
                                'ExposeHeaders' => ['<string>', ...],
                                'MaxAge' => <integer>,
                            ],
                            'CreatedDate' => '<string>',
                            'Description' => '<string>',
                            'Name' => '<string>',
                            'ProtocolType' => '<string>',
                            'RouteSelectionExpression' => '<string>',
                            'Version' => '<string>',
                        ],
                        'AwsApiGatewayV2Stage' => [
                            'AccessLogSettings' => [
                                'DestinationArn' => '<string>',
                                'Format' => '<string>',
                            ],
                            'ApiGatewayManaged' => true || false,
                            'AutoDeploy' => true || false,
                            'ClientCertificateId' => '<string>',
                            'CreatedDate' => '<string>',
                            'DefaultRouteSettings' => [
                                'DataTraceEnabled' => true || false,
                                'DetailedMetricsEnabled' => true || false,
                                'LoggingLevel' => '<string>',
                                'ThrottlingBurstLimit' => <integer>,
                                'ThrottlingRateLimit' => <float>,
                            ],
                            'DeploymentId' => '<string>',
                            'Description' => '<string>',
                            'LastDeploymentStatusMessage' => '<string>',
                            'LastUpdatedDate' => '<string>',
                            'RouteSettings' => [
                                'DataTraceEnabled' => true || false,
                                'DetailedMetricsEnabled' => true || false,
                                'LoggingLevel' => '<string>',
                                'ThrottlingBurstLimit' => <integer>,
                                'ThrottlingRateLimit' => <float>,
                            ],
                            'StageName' => '<string>',
                            'StageVariables' => ['<string>', ...],
                        ],
                        'AwsAppSyncGraphQlApi' => [
                            'AdditionalAuthenticationProviders' => [
                                [
                                    'AuthenticationType' => '<string>',
                                    'LambdaAuthorizerConfig' => [
                                        'AuthorizerResultTtlInSeconds' => <integer>,
                                        'AuthorizerUri' => '<string>',
                                        'IdentityValidationExpression' => '<string>',
                                    ],
                                    'OpenIdConnectConfig' => [
                                        'AuthTtL' => <integer>,
                                        'ClientId' => '<string>',
                                        'IatTtL' => <integer>,
                                        'Issuer' => '<string>',
                                    ],
                                    'UserPoolConfig' => [
                                        'AppIdClientRegex' => '<string>',
                                        'AwsRegion' => '<string>',
                                        'DefaultAction' => '<string>',
                                        'UserPoolId' => '<string>',
                                    ],
                                ],
                                // ...
                            ],
                            'ApiId' => '<string>',
                            'Arn' => '<string>',
                            'AuthenticationType' => '<string>',
                            'Id' => '<string>',
                            'LambdaAuthorizerConfig' => [
                                'AuthorizerResultTtlInSeconds' => <integer>,
                                'AuthorizerUri' => '<string>',
                                'IdentityValidationExpression' => '<string>',
                            ],
                            'LogConfig' => [
                                'CloudWatchLogsRoleArn' => '<string>',
                                'ExcludeVerboseContent' => true || false,
                                'FieldLogLevel' => '<string>',
                            ],
                            'Name' => '<string>',
                            'OpenIdConnectConfig' => [
                                'AuthTtL' => <integer>,
                                'ClientId' => '<string>',
                                'IatTtL' => <integer>,
                                'Issuer' => '<string>',
                            ],
                            'UserPoolConfig' => [
                                'AppIdClientRegex' => '<string>',
                                'AwsRegion' => '<string>',
                                'DefaultAction' => '<string>',
                                'UserPoolId' => '<string>',
                            ],
                            'WafWebAclArn' => '<string>',
                            'XrayEnabled' => true || false,
                        ],
                        'AwsAthenaWorkGroup' => [
                            'Configuration' => [
                                'ResultConfiguration' => [
                                    'EncryptionConfiguration' => [
                                        'EncryptionOption' => '<string>',
                                        'KmsKey' => '<string>',
                                    ],
                                ],
                            ],
                            'Description' => '<string>',
                            'Name' => '<string>',
                            'State' => '<string>',
                        ],
                        'AwsAutoScalingAutoScalingGroup' => [
                            'AvailabilityZones' => [
                                [
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'CapacityRebalance' => true || false,
                            'CreatedTime' => '<string>',
                            'HealthCheckGracePeriod' => <integer>,
                            'HealthCheckType' => '<string>',
                            'LaunchConfigurationName' => '<string>',
                            'LaunchTemplate' => [
                                'LaunchTemplateId' => '<string>',
                                'LaunchTemplateName' => '<string>',
                                'Version' => '<string>',
                            ],
                            'LoadBalancerNames' => ['<string>', ...],
                            'MixedInstancesPolicy' => [
                                'InstancesDistribution' => [
                                    'OnDemandAllocationStrategy' => '<string>',
                                    'OnDemandBaseCapacity' => <integer>,
                                    'OnDemandPercentageAboveBaseCapacity' => <integer>,
                                    'SpotAllocationStrategy' => '<string>',
                                    'SpotInstancePools' => <integer>,
                                    'SpotMaxPrice' => '<string>',
                                ],
                                'LaunchTemplate' => [
                                    'LaunchTemplateSpecification' => [
                                        'LaunchTemplateId' => '<string>',
                                        'LaunchTemplateName' => '<string>',
                                        'Version' => '<string>',
                                    ],
                                    'Overrides' => [
                                        [
                                            'InstanceType' => '<string>',
                                            'WeightedCapacity' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                            ],
                        ],
                        'AwsAutoScalingLaunchConfiguration' => [
                            'AssociatePublicIpAddress' => true || false,
                            'BlockDeviceMappings' => [
                                [
                                    'DeviceName' => '<string>',
                                    'Ebs' => [
                                        'DeleteOnTermination' => true || false,
                                        'Encrypted' => true || false,
                                        'Iops' => <integer>,
                                        'SnapshotId' => '<string>',
                                        'VolumeSize' => <integer>,
                                        'VolumeType' => '<string>',
                                    ],
                                    'NoDevice' => true || false,
                                    'VirtualName' => '<string>',
                                ],
                                // ...
                            ],
                            'ClassicLinkVpcId' => '<string>',
                            'ClassicLinkVpcSecurityGroups' => ['<string>', ...],
                            'CreatedTime' => '<string>',
                            'EbsOptimized' => true || false,
                            'IamInstanceProfile' => '<string>',
                            'ImageId' => '<string>',
                            'InstanceMonitoring' => [
                                'Enabled' => true || false,
                            ],
                            'InstanceType' => '<string>',
                            'KernelId' => '<string>',
                            'KeyName' => '<string>',
                            'LaunchConfigurationName' => '<string>',
                            'MetadataOptions' => [
                                'HttpEndpoint' => '<string>',
                                'HttpPutResponseHopLimit' => <integer>,
                                'HttpTokens' => '<string>',
                            ],
                            'PlacementTenancy' => '<string>',
                            'RamdiskId' => '<string>',
                            'SecurityGroups' => ['<string>', ...],
                            'SpotPrice' => '<string>',
                            'UserData' => '<string>',
                        ],
                        'AwsBackupBackupPlan' => [
                            'BackupPlan' => [
                                'AdvancedBackupSettings' => [
                                    [
                                        'BackupOptions' => ['<string>', ...],
                                        'ResourceType' => '<string>',
                                    ],
                                    // ...
                                ],
                                'BackupPlanName' => '<string>',
                                'BackupPlanRule' => [
                                    [
                                        'CompletionWindowMinutes' => <integer>,
                                        'CopyActions' => [
                                            [
                                                'DestinationBackupVaultArn' => '<string>',
                                                'Lifecycle' => [
                                                    'DeleteAfterDays' => <integer>,
                                                    'MoveToColdStorageAfterDays' => <integer>,
                                                ],
                                            ],
                                            // ...
                                        ],
                                        'EnableContinuousBackup' => true || false,
                                        'Lifecycle' => [
                                            'DeleteAfterDays' => <integer>,
                                            'MoveToColdStorageAfterDays' => <integer>,
                                        ],
                                        'RuleId' => '<string>',
                                        'RuleName' => '<string>',
                                        'ScheduleExpression' => '<string>',
                                        'StartWindowMinutes' => <integer>,
                                        'TargetBackupVault' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'BackupPlanArn' => '<string>',
                            'BackupPlanId' => '<string>',
                            'VersionId' => '<string>',
                        ],
                        'AwsBackupBackupVault' => [
                            'AccessPolicy' => '<string>',
                            'BackupVaultArn' => '<string>',
                            'BackupVaultName' => '<string>',
                            'EncryptionKeyArn' => '<string>',
                            'Notifications' => [
                                'BackupVaultEvents' => ['<string>', ...],
                                'SnsTopicArn' => '<string>',
                            ],
                        ],
                        'AwsBackupRecoveryPoint' => [
                            'BackupSizeInBytes' => <integer>,
                            'BackupVaultArn' => '<string>',
                            'BackupVaultName' => '<string>',
                            'CalculatedLifecycle' => [
                                'DeleteAt' => '<string>',
                                'MoveToColdStorageAt' => '<string>',
                            ],
                            'CompletionDate' => '<string>',
                            'CreatedBy' => [
                                'BackupPlanArn' => '<string>',
                                'BackupPlanId' => '<string>',
                                'BackupPlanVersion' => '<string>',
                                'BackupRuleId' => '<string>',
                            ],
                            'CreationDate' => '<string>',
                            'EncryptionKeyArn' => '<string>',
                            'IamRoleArn' => '<string>',
                            'IsEncrypted' => true || false,
                            'LastRestoreTime' => '<string>',
                            'Lifecycle' => [
                                'DeleteAfterDays' => <integer>,
                                'MoveToColdStorageAfterDays' => <integer>,
                            ],
                            'RecoveryPointArn' => '<string>',
                            'ResourceArn' => '<string>',
                            'ResourceType' => '<string>',
                            'SourceBackupVaultArn' => '<string>',
                            'Status' => '<string>',
                            'StatusMessage' => '<string>',
                            'StorageClass' => '<string>',
                        ],
                        'AwsCertificateManagerCertificate' => [
                            'CertificateAuthorityArn' => '<string>',
                            'CreatedAt' => '<string>',
                            'DomainName' => '<string>',
                            'DomainValidationOptions' => [
                                [
                                    'DomainName' => '<string>',
                                    'ResourceRecord' => [
                                        'Name' => '<string>',
                                        'Type' => '<string>',
                                        'Value' => '<string>',
                                    ],
                                    'ValidationDomain' => '<string>',
                                    'ValidationEmails' => ['<string>', ...],
                                    'ValidationMethod' => '<string>',
                                    'ValidationStatus' => '<string>',
                                ],
                                // ...
                            ],
                            'ExtendedKeyUsages' => [
                                [
                                    'Name' => '<string>',
                                    'OId' => '<string>',
                                ],
                                // ...
                            ],
                            'FailureReason' => '<string>',
                            'ImportedAt' => '<string>',
                            'InUseBy' => ['<string>', ...],
                            'IssuedAt' => '<string>',
                            'Issuer' => '<string>',
                            'KeyAlgorithm' => '<string>',
                            'KeyUsages' => [
                                [
                                    'Name' => '<string>',
                                ],
                                // ...
                            ],
                            'NotAfter' => '<string>',
                            'NotBefore' => '<string>',
                            'Options' => [
                                'CertificateTransparencyLoggingPreference' => '<string>',
                            ],
                            'RenewalEligibility' => '<string>',
                            'RenewalSummary' => [
                                'DomainValidationOptions' => [
                                    [
                                        'DomainName' => '<string>',
                                        'ResourceRecord' => [
                                            'Name' => '<string>',
                                            'Type' => '<string>',
                                            'Value' => '<string>',
                                        ],
                                        'ValidationDomain' => '<string>',
                                        'ValidationEmails' => ['<string>', ...],
                                        'ValidationMethod' => '<string>',
                                        'ValidationStatus' => '<string>',
                                    ],
                                    // ...
                                ],
                                'RenewalStatus' => '<string>',
                                'RenewalStatusReason' => '<string>',
                                'UpdatedAt' => '<string>',
                            ],
                            'Serial' => '<string>',
                            'SignatureAlgorithm' => '<string>',
                            'Status' => '<string>',
                            'Subject' => '<string>',
                            'SubjectAlternativeNames' => ['<string>', ...],
                            'Type' => '<string>',
                        ],
                        'AwsCloudFormationStack' => [
                            'Capabilities' => ['<string>', ...],
                            'CreationTime' => '<string>',
                            'Description' => '<string>',
                            'DisableRollback' => true || false,
                            'DriftInformation' => [
                                'StackDriftStatus' => '<string>',
                            ],
                            'EnableTerminationProtection' => true || false,
                            'LastUpdatedTime' => '<string>',
                            'NotificationArns' => ['<string>', ...],
                            'Outputs' => [
                                [
                                    'Description' => '<string>',
                                    'OutputKey' => '<string>',
                                    'OutputValue' => '<string>',
                                ],
                                // ...
                            ],
                            'RoleArn' => '<string>',
                            'StackId' => '<string>',
                            'StackName' => '<string>',
                            'StackStatus' => '<string>',
                            'StackStatusReason' => '<string>',
                            'TimeoutInMinutes' => <integer>,
                        ],
                        'AwsCloudFrontDistribution' => [
                            'CacheBehaviors' => [
                                'Items' => [
                                    [
                                        'ViewerProtocolPolicy' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'DefaultCacheBehavior' => [
                                'ViewerProtocolPolicy' => '<string>',
                            ],
                            'DefaultRootObject' => '<string>',
                            'DomainName' => '<string>',
                            'ETag' => '<string>',
                            'LastModifiedTime' => '<string>',
                            'Logging' => [
                                'Bucket' => '<string>',
                                'Enabled' => true || false,
                                'IncludeCookies' => true || false,
                                'Prefix' => '<string>',
                            ],
                            'OriginGroups' => [
                                'Items' => [
                                    [
                                        'FailoverCriteria' => [
                                            'StatusCodes' => [
                                                'Items' => [<integer>, ...],
                                                'Quantity' => <integer>,
                                            ],
                                        ],
                                    ],
                                    // ...
                                ],
                            ],
                            'Origins' => [
                                'Items' => [
                                    [
                                        'CustomOriginConfig' => [
                                            'HttpPort' => <integer>,
                                            'HttpsPort' => <integer>,
                                            'OriginKeepaliveTimeout' => <integer>,
                                            'OriginProtocolPolicy' => '<string>',
                                            'OriginReadTimeout' => <integer>,
                                            'OriginSslProtocols' => [
                                                'Items' => ['<string>', ...],
                                                'Quantity' => <integer>,
                                            ],
                                        ],
                                        'DomainName' => '<string>',
                                        'Id' => '<string>',
                                        'OriginPath' => '<string>',
                                        'S3OriginConfig' => [
                                            'OriginAccessIdentity' => '<string>',
                                        ],
                                    ],
                                    // ...
                                ],
                            ],
                            'Status' => '<string>',
                            'ViewerCertificate' => [
                                'AcmCertificateArn' => '<string>',
                                'Certificate' => '<string>',
                                'CertificateSource' => '<string>',
                                'CloudFrontDefaultCertificate' => true || false,
                                'IamCertificateId' => '<string>',
                                'MinimumProtocolVersion' => '<string>',
                                'SslSupportMethod' => '<string>',
                            ],
                            'WebAclId' => '<string>',
                        ],
                        'AwsCloudTrailTrail' => [
                            'CloudWatchLogsLogGroupArn' => '<string>',
                            'CloudWatchLogsRoleArn' => '<string>',
                            'HasCustomEventSelectors' => true || false,
                            'HomeRegion' => '<string>',
                            'IncludeGlobalServiceEvents' => true || false,
                            'IsMultiRegionTrail' => true || false,
                            'IsOrganizationTrail' => true || false,
                            'KmsKeyId' => '<string>',
                            'LogFileValidationEnabled' => true || false,
                            'Name' => '<string>',
                            'S3BucketName' => '<string>',
                            'S3KeyPrefix' => '<string>',
                            'SnsTopicArn' => '<string>',
                            'SnsTopicName' => '<string>',
                            'TrailArn' => '<string>',
                        ],
                        'AwsCloudWatchAlarm' => [
                            'ActionsEnabled' => true || false,
                            'AlarmActions' => ['<string>', ...],
                            'AlarmArn' => '<string>',
                            'AlarmConfigurationUpdatedTimestamp' => '<string>',
                            'AlarmDescription' => '<string>',
                            'AlarmName' => '<string>',
                            'ComparisonOperator' => '<string>',
                            'DatapointsToAlarm' => <integer>,
                            'Dimensions' => [
                                [
                                    'Name' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'EvaluateLowSampleCountPercentile' => '<string>',
                            'EvaluationPeriods' => <integer>,
                            'ExtendedStatistic' => '<string>',
                            'InsufficientDataActions' => ['<string>', ...],
                            'MetricName' => '<string>',
                            'Namespace' => '<string>',
                            'OkActions' => ['<string>', ...],
                            'Period' => <integer>,
                            'Statistic' => '<string>',
                            'Threshold' => <float>,
                            'ThresholdMetricId' => '<string>',
                            'TreatMissingData' => '<string>',
                            'Unit' => '<string>',
                        ],
                        'AwsCodeBuildProject' => [
                            'Artifacts' => [
                                [
                                    'ArtifactIdentifier' => '<string>',
                                    'EncryptionDisabled' => true || false,
                                    'Location' => '<string>',
                                    'Name' => '<string>',
                                    'NamespaceType' => '<string>',
                                    'OverrideArtifactName' => true || false,
                                    'Packaging' => '<string>',
                                    'Path' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'EncryptionKey' => '<string>',
                            'Environment' => [
                                'Certificate' => '<string>',
                                'EnvironmentVariables' => [
                                    [
                                        'Name' => '<string>',
                                        'Type' => '<string>',
                                        'Value' => '<string>',
                                    ],
                                    // ...
                                ],
                                'ImagePullCredentialsType' => '<string>',
                                'PrivilegedMode' => true || false,
                                'RegistryCredential' => [
                                    'Credential' => '<string>',
                                    'CredentialProvider' => '<string>',
                                ],
                                'Type' => '<string>',
                            ],
                            'LogsConfig' => [
                                'CloudWatchLogs' => [
                                    'GroupName' => '<string>',
                                    'Status' => '<string>',
                                    'StreamName' => '<string>',
                                ],
                                'S3Logs' => [
                                    'EncryptionDisabled' => true || false,
                                    'Location' => '<string>',
                                    'Status' => '<string>',
                                ],
                            ],
                            'Name' => '<string>',
                            'SecondaryArtifacts' => [
                                [
                                    'ArtifactIdentifier' => '<string>',
                                    'EncryptionDisabled' => true || false,
                                    'Location' => '<string>',
                                    'Name' => '<string>',
                                    'NamespaceType' => '<string>',
                                    'OverrideArtifactName' => true || false,
                                    'Packaging' => '<string>',
                                    'Path' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'ServiceRole' => '<string>',
                            'Source' => [
                                'GitCloneDepth' => <integer>,
                                'InsecureSsl' => true || false,
                                'Location' => '<string>',
                                'Type' => '<string>',
                            ],
                            'VpcConfig' => [
                                'SecurityGroupIds' => ['<string>', ...],
                                'Subnets' => ['<string>', ...],
                                'VpcId' => '<string>',
                            ],
                        ],
                        'AwsDmsEndpoint' => [
                            'CertificateArn' => '<string>',
                            'DatabaseName' => '<string>',
                            'EndpointArn' => '<string>',
                            'EndpointIdentifier' => '<string>',
                            'EndpointType' => '<string>',
                            'EngineName' => '<string>',
                            'ExternalId' => '<string>',
                            'ExtraConnectionAttributes' => '<string>',
                            'KmsKeyId' => '<string>',
                            'Port' => <integer>,
                            'ServerName' => '<string>',
                            'SslMode' => '<string>',
                            'Username' => '<string>',
                        ],
                        'AwsDmsReplicationInstance' => [
                            'AllocatedStorage' => <integer>,
                            'AutoMinorVersionUpgrade' => true || false,
                            'AvailabilityZone' => '<string>',
                            'EngineVersion' => '<string>',
                            'KmsKeyId' => '<string>',
                            'MultiAZ' => true || false,
                            'PreferredMaintenanceWindow' => '<string>',
                            'PubliclyAccessible' => true || false,
                            'ReplicationInstanceClass' => '<string>',
                            'ReplicationInstanceIdentifier' => '<string>',
                            'ReplicationSubnetGroup' => [
                                'ReplicationSubnetGroupIdentifier' => '<string>',
                            ],
                            'VpcSecurityGroups' => [
                                [
                                    'VpcSecurityGroupId' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsDmsReplicationTask' => [
                            'CdcStartPosition' => '<string>',
                            'CdcStartTime' => '<string>',
                            'CdcStopPosition' => '<string>',
                            'Id' => '<string>',
                            'MigrationType' => '<string>',
                            'ReplicationInstanceArn' => '<string>',
                            'ReplicationTaskIdentifier' => '<string>',
                            'ReplicationTaskSettings' => '<string>',
                            'ResourceIdentifier' => '<string>',
                            'SourceEndpointArn' => '<string>',
                            'TableMappings' => '<string>',
                            'TargetEndpointArn' => '<string>',
                            'TaskData' => '<string>',
                        ],
                        'AwsDynamoDbTable' => [
                            'AttributeDefinitions' => [
                                [
                                    'AttributeName' => '<string>',
                                    'AttributeType' => '<string>',
                                ],
                                // ...
                            ],
                            'BillingModeSummary' => [
                                'BillingMode' => '<string>',
                                'LastUpdateToPayPerRequestDateTime' => '<string>',
                            ],
                            'CreationDateTime' => '<string>',
                            'DeletionProtectionEnabled' => true || false,
                            'GlobalSecondaryIndexes' => [
                                [
                                    'Backfilling' => true || false,
                                    'IndexArn' => '<string>',
                                    'IndexName' => '<string>',
                                    'IndexSizeBytes' => <integer>,
                                    'IndexStatus' => '<string>',
                                    'ItemCount' => <integer>,
                                    'KeySchema' => [
                                        [
                                            'AttributeName' => '<string>',
                                            'KeyType' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Projection' => [
                                        'NonKeyAttributes' => ['<string>', ...],
                                        'ProjectionType' => '<string>',
                                    ],
                                    'ProvisionedThroughput' => [
                                        'LastDecreaseDateTime' => '<string>',
                                        'LastIncreaseDateTime' => '<string>',
                                        'NumberOfDecreasesToday' => <integer>,
                                        'ReadCapacityUnits' => <integer>,
                                        'WriteCapacityUnits' => <integer>,
                                    ],
                                ],
                                // ...
                            ],
                            'GlobalTableVersion' => '<string>',
                            'ItemCount' => <integer>,
                            'KeySchema' => [
                                [
                                    'AttributeName' => '<string>',
                                    'KeyType' => '<string>',
                                ],
                                // ...
                            ],
                            'LatestStreamArn' => '<string>',
                            'LatestStreamLabel' => '<string>',
                            'LocalSecondaryIndexes' => [
                                [
                                    'IndexArn' => '<string>',
                                    'IndexName' => '<string>',
                                    'KeySchema' => [
                                        [
                                            'AttributeName' => '<string>',
                                            'KeyType' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Projection' => [
                                        'NonKeyAttributes' => ['<string>', ...],
                                        'ProjectionType' => '<string>',
                                    ],
                                ],
                                // ...
                            ],
                            'ProvisionedThroughput' => [
                                'LastDecreaseDateTime' => '<string>',
                                'LastIncreaseDateTime' => '<string>',
                                'NumberOfDecreasesToday' => <integer>,
                                'ReadCapacityUnits' => <integer>,
                                'WriteCapacityUnits' => <integer>,
                            ],
                            'Replicas' => [
                                [
                                    'GlobalSecondaryIndexes' => [
                                        [
                                            'IndexName' => '<string>',
                                            'ProvisionedThroughputOverride' => [
                                                'ReadCapacityUnits' => <integer>,
                                            ],
                                        ],
                                        // ...
                                    ],
                                    'KmsMasterKeyId' => '<string>',
                                    'ProvisionedThroughputOverride' => [
                                        'ReadCapacityUnits' => <integer>,
                                    ],
                                    'RegionName' => '<string>',
                                    'ReplicaStatus' => '<string>',
                                    'ReplicaStatusDescription' => '<string>',
                                ],
                                // ...
                            ],
                            'RestoreSummary' => [
                                'RestoreDateTime' => '<string>',
                                'RestoreInProgress' => true || false,
                                'SourceBackupArn' => '<string>',
                                'SourceTableArn' => '<string>',
                            ],
                            'SseDescription' => [
                                'InaccessibleEncryptionDateTime' => '<string>',
                                'KmsMasterKeyArn' => '<string>',
                                'SseType' => '<string>',
                                'Status' => '<string>',
                            ],
                            'StreamSpecification' => [
                                'StreamEnabled' => true || false,
                                'StreamViewType' => '<string>',
                            ],
                            'TableId' => '<string>',
                            'TableName' => '<string>',
                            'TableSizeBytes' => <integer>,
                            'TableStatus' => '<string>',
                        ],
                        'AwsEc2ClientVpnEndpoint' => [
                            'AuthenticationOptions' => [
                                [
                                    'ActiveDirectory' => [
                                        'DirectoryId' => '<string>',
                                    ],
                                    'FederatedAuthentication' => [
                                        'SamlProviderArn' => '<string>',
                                        'SelfServiceSamlProviderArn' => '<string>',
                                    ],
                                    'MutualAuthentication' => [
                                        'ClientRootCertificateChain' => '<string>',
                                    ],
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'ClientCidrBlock' => '<string>',
                            'ClientConnectOptions' => [
                                'Enabled' => true || false,
                                'LambdaFunctionArn' => '<string>',
                                'Status' => [
                                    'Code' => '<string>',
                                    'Message' => '<string>',
                                ],
                            ],
                            'ClientLoginBannerOptions' => [
                                'BannerText' => '<string>',
                                'Enabled' => true || false,
                            ],
                            'ClientVpnEndpointId' => '<string>',
                            'ConnectionLogOptions' => [
                                'CloudwatchLogGroup' => '<string>',
                                'CloudwatchLogStream' => '<string>',
                                'Enabled' => true || false,
                            ],
                            'Description' => '<string>',
                            'DnsServer' => ['<string>', ...],
                            'SecurityGroupIdSet' => ['<string>', ...],
                            'SelfServicePortalUrl' => '<string>',
                            'ServerCertificateArn' => '<string>',
                            'SessionTimeoutHours' => <integer>,
                            'SplitTunnel' => true || false,
                            'TransportProtocol' => '<string>',
                            'VpcId' => '<string>',
                            'VpnPort' => <integer>,
                        ],
                        'AwsEc2Eip' => [
                            'AllocationId' => '<string>',
                            'AssociationId' => '<string>',
                            'Domain' => '<string>',
                            'InstanceId' => '<string>',
                            'NetworkBorderGroup' => '<string>',
                            'NetworkInterfaceId' => '<string>',
                            'NetworkInterfaceOwnerId' => '<string>',
                            'PrivateIpAddress' => '<string>',
                            'PublicIp' => '<string>',
                            'PublicIpv4Pool' => '<string>',
                        ],
                        'AwsEc2Instance' => [
                            'IamInstanceProfileArn' => '<string>',
                            'ImageId' => '<string>',
                            'IpV4Addresses' => ['<string>', ...],
                            'IpV6Addresses' => ['<string>', ...],
                            'KeyName' => '<string>',
                            'LaunchedAt' => '<string>',
                            'MetadataOptions' => [
                                'HttpEndpoint' => '<string>',
                                'HttpProtocolIpv6' => '<string>',
                                'HttpPutResponseHopLimit' => <integer>,
                                'HttpTokens' => '<string>',
                                'InstanceMetadataTags' => '<string>',
                            ],
                            'Monitoring' => [
                                'State' => '<string>',
                            ],
                            'NetworkInterfaces' => [
                                [
                                    'NetworkInterfaceId' => '<string>',
                                ],
                                // ...
                            ],
                            'SubnetId' => '<string>',
                            'Type' => '<string>',
                            'VirtualizationType' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2LaunchTemplate' => [
                            'DefaultVersionNumber' => <integer>,
                            'Id' => '<string>',
                            'LatestVersionNumber' => <integer>,
                            'LaunchTemplateData' => [
                                'BlockDeviceMappingSet' => [
                                    [
                                        'DeviceName' => '<string>',
                                        'Ebs' => [
                                            'DeleteOnTermination' => true || false,
                                            'Encrypted' => true || false,
                                            'Iops' => <integer>,
                                            'KmsKeyId' => '<string>',
                                            'SnapshotId' => '<string>',
                                            'Throughput' => <integer>,
                                            'VolumeSize' => <integer>,
                                            'VolumeType' => '<string>',
                                        ],
                                        'NoDevice' => '<string>',
                                        'VirtualName' => '<string>',
                                    ],
                                    // ...
                                ],
                                'CapacityReservationSpecification' => [
                                    'CapacityReservationPreference' => '<string>',
                                    'CapacityReservationTarget' => [
                                        'CapacityReservationId' => '<string>',
                                        'CapacityReservationResourceGroupArn' => '<string>',
                                    ],
                                ],
                                'CpuOptions' => [
                                    'CoreCount' => <integer>,
                                    'ThreadsPerCore' => <integer>,
                                ],
                                'CreditSpecification' => [
                                    'CpuCredits' => '<string>',
                                ],
                                'DisableApiStop' => true || false,
                                'DisableApiTermination' => true || false,
                                'EbsOptimized' => true || false,
                                'ElasticGpuSpecificationSet' => [
                                    [
                                        'Type' => '<string>',
                                    ],
                                    // ...
                                ],
                                'ElasticInferenceAcceleratorSet' => [
                                    [
                                        'Count' => <integer>,
                                        'Type' => '<string>',
                                    ],
                                    // ...
                                ],
                                'EnclaveOptions' => [
                                    'Enabled' => true || false,
                                ],
                                'HibernationOptions' => [
                                    'Configured' => true || false,
                                ],
                                'IamInstanceProfile' => [
                                    'Arn' => '<string>',
                                    'Name' => '<string>',
                                ],
                                'ImageId' => '<string>',
                                'InstanceInitiatedShutdownBehavior' => '<string>',
                                'InstanceMarketOptions' => [
                                    'MarketType' => '<string>',
                                    'SpotOptions' => [
                                        'BlockDurationMinutes' => <integer>,
                                        'InstanceInterruptionBehavior' => '<string>',
                                        'MaxPrice' => '<string>',
                                        'SpotInstanceType' => '<string>',
                                        'ValidUntil' => '<string>',
                                    ],
                                ],
                                'InstanceRequirements' => [
                                    'AcceleratorCount' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                    'AcceleratorManufacturers' => ['<string>', ...],
                                    'AcceleratorNames' => ['<string>', ...],
                                    'AcceleratorTotalMemoryMiB' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                    'AcceleratorTypes' => ['<string>', ...],
                                    'BareMetal' => '<string>',
                                    'BaselineEbsBandwidthMbps' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                    'BurstablePerformance' => '<string>',
                                    'CpuManufacturers' => ['<string>', ...],
                                    'ExcludedInstanceTypes' => ['<string>', ...],
                                    'InstanceGenerations' => ['<string>', ...],
                                    'LocalStorage' => '<string>',
                                    'LocalStorageTypes' => ['<string>', ...],
                                    'MemoryGiBPerVCpu' => [
                                        'Max' => <float>,
                                        'Min' => <float>,
                                    ],
                                    'MemoryMiB' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                    'NetworkInterfaceCount' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                    'OnDemandMaxPricePercentageOverLowestPrice' => <integer>,
                                    'RequireHibernateSupport' => true || false,
                                    'SpotMaxPricePercentageOverLowestPrice' => <integer>,
                                    'TotalLocalStorageGB' => [
                                        'Max' => <float>,
                                        'Min' => <float>,
                                    ],
                                    'VCpuCount' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                ],
                                'InstanceType' => '<string>',
                                'KernelId' => '<string>',
                                'KeyName' => '<string>',
                                'LicenseSet' => [
                                    [
                                        'LicenseConfigurationArn' => '<string>',
                                    ],
                                    // ...
                                ],
                                'MaintenanceOptions' => [
                                    'AutoRecovery' => '<string>',
                                ],
                                'MetadataOptions' => [
                                    'HttpEndpoint' => '<string>',
                                    'HttpProtocolIpv6' => '<string>',
                                    'HttpPutResponseHopLimit' => <integer>,
                                    'HttpTokens' => '<string>',
                                    'InstanceMetadataTags' => '<string>',
                                ],
                                'Monitoring' => [
                                    'Enabled' => true || false,
                                ],
                                'NetworkInterfaceSet' => [
                                    [
                                        'AssociateCarrierIpAddress' => true || false,
                                        'AssociatePublicIpAddress' => true || false,
                                        'DeleteOnTermination' => true || false,
                                        'Description' => '<string>',
                                        'DeviceIndex' => <integer>,
                                        'Groups' => ['<string>', ...],
                                        'InterfaceType' => '<string>',
                                        'Ipv4PrefixCount' => <integer>,
                                        'Ipv4Prefixes' => [
                                            [
                                                'Ipv4Prefix' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'Ipv6AddressCount' => <integer>,
                                        'Ipv6Addresses' => [
                                            [
                                                'Ipv6Address' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'Ipv6PrefixCount' => <integer>,
                                        'Ipv6Prefixes' => [
                                            [
                                                'Ipv6Prefix' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'NetworkCardIndex' => <integer>,
                                        'NetworkInterfaceId' => '<string>',
                                        'PrivateIpAddress' => '<string>',
                                        'PrivateIpAddresses' => [
                                            [
                                                'Primary' => true || false,
                                                'PrivateIpAddress' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'SecondaryPrivateIpAddressCount' => <integer>,
                                        'SubnetId' => '<string>',
                                    ],
                                    // ...
                                ],
                                'Placement' => [
                                    'Affinity' => '<string>',
                                    'AvailabilityZone' => '<string>',
                                    'GroupName' => '<string>',
                                    'HostId' => '<string>',
                                    'HostResourceGroupArn' => '<string>',
                                    'PartitionNumber' => <integer>,
                                    'SpreadDomain' => '<string>',
                                    'Tenancy' => '<string>',
                                ],
                                'PrivateDnsNameOptions' => [
                                    'EnableResourceNameDnsAAAARecord' => true || false,
                                    'EnableResourceNameDnsARecord' => true || false,
                                    'HostnameType' => '<string>',
                                ],
                                'RamDiskId' => '<string>',
                                'SecurityGroupIdSet' => ['<string>', ...],
                                'SecurityGroupSet' => ['<string>', ...],
                                'UserData' => '<string>',
                            ],
                            'LaunchTemplateName' => '<string>',
                        ],
                        'AwsEc2NetworkAcl' => [
                            'Associations' => [
                                [
                                    'NetworkAclAssociationId' => '<string>',
                                    'NetworkAclId' => '<string>',
                                    'SubnetId' => '<string>',
                                ],
                                // ...
                            ],
                            'Entries' => [
                                [
                                    'CidrBlock' => '<string>',
                                    'Egress' => true || false,
                                    'IcmpTypeCode' => [
                                        'Code' => <integer>,
                                        'Type' => <integer>,
                                    ],
                                    'Ipv6CidrBlock' => '<string>',
                                    'PortRange' => [
                                        'From' => <integer>,
                                        'To' => <integer>,
                                    ],
                                    'Protocol' => '<string>',
                                    'RuleAction' => '<string>',
                                    'RuleNumber' => <integer>,
                                ],
                                // ...
                            ],
                            'IsDefault' => true || false,
                            'NetworkAclId' => '<string>',
                            'OwnerId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2NetworkInterface' => [
                            'Attachment' => [
                                'AttachTime' => '<string>',
                                'AttachmentId' => '<string>',
                                'DeleteOnTermination' => true || false,
                                'DeviceIndex' => <integer>,
                                'InstanceId' => '<string>',
                                'InstanceOwnerId' => '<string>',
                                'Status' => '<string>',
                            ],
                            'IpV6Addresses' => [
                                [
                                    'IpV6Address' => '<string>',
                                ],
                                // ...
                            ],
                            'NetworkInterfaceId' => '<string>',
                            'PrivateIpAddresses' => [
                                [
                                    'PrivateDnsName' => '<string>',
                                    'PrivateIpAddress' => '<string>',
                                ],
                                // ...
                            ],
                            'PublicDnsName' => '<string>',
                            'PublicIp' => '<string>',
                            'SecurityGroups' => [
                                [
                                    'GroupId' => '<string>',
                                    'GroupName' => '<string>',
                                ],
                                // ...
                            ],
                            'SourceDestCheck' => true || false,
                        ],
                        'AwsEc2RouteTable' => [
                            'AssociationSet' => [
                                [
                                    'AssociationState' => [
                                        'State' => '<string>',
                                        'StatusMessage' => '<string>',
                                    ],
                                    'GatewayId' => '<string>',
                                    'Main' => true || false,
                                    'RouteTableAssociationId' => '<string>',
                                    'RouteTableId' => '<string>',
                                    'SubnetId' => '<string>',
                                ],
                                // ...
                            ],
                            'OwnerId' => '<string>',
                            'PropagatingVgwSet' => [
                                [
                                    'GatewayId' => '<string>',
                                ],
                                // ...
                            ],
                            'RouteSet' => [
                                [
                                    'CarrierGatewayId' => '<string>',
                                    'CoreNetworkArn' => '<string>',
                                    'DestinationCidrBlock' => '<string>',
                                    'DestinationIpv6CidrBlock' => '<string>',
                                    'DestinationPrefixListId' => '<string>',
                                    'EgressOnlyInternetGatewayId' => '<string>',
                                    'GatewayId' => '<string>',
                                    'InstanceId' => '<string>',
                                    'InstanceOwnerId' => '<string>',
                                    'LocalGatewayId' => '<string>',
                                    'NatGatewayId' => '<string>',
                                    'NetworkInterfaceId' => '<string>',
                                    'Origin' => '<string>',
                                    'State' => '<string>',
                                    'TransitGatewayId' => '<string>',
                                    'VpcPeeringConnectionId' => '<string>',
                                ],
                                // ...
                            ],
                            'RouteTableId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2SecurityGroup' => [
                            'GroupId' => '<string>',
                            'GroupName' => '<string>',
                            'IpPermissions' => [
                                [
                                    'FromPort' => <integer>,
                                    'IpProtocol' => '<string>',
                                    'IpRanges' => [
                                        [
                                            'CidrIp' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Ipv6Ranges' => [
                                        [
                                            'CidrIpv6' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'PrefixListIds' => [
                                        [
                                            'PrefixListId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'ToPort' => <integer>,
                                    'UserIdGroupPairs' => [
                                        [
                                            'GroupId' => '<string>',
                                            'GroupName' => '<string>',
                                            'PeeringStatus' => '<string>',
                                            'UserId' => '<string>',
                                            'VpcId' => '<string>',
                                            'VpcPeeringConnectionId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                                // ...
                            ],
                            'IpPermissionsEgress' => [
                                [
                                    'FromPort' => <integer>,
                                    'IpProtocol' => '<string>',
                                    'IpRanges' => [
                                        [
                                            'CidrIp' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Ipv6Ranges' => [
                                        [
                                            'CidrIpv6' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'PrefixListIds' => [
                                        [
                                            'PrefixListId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'ToPort' => <integer>,
                                    'UserIdGroupPairs' => [
                                        [
                                            'GroupId' => '<string>',
                                            'GroupName' => '<string>',
                                            'PeeringStatus' => '<string>',
                                            'UserId' => '<string>',
                                            'VpcId' => '<string>',
                                            'VpcPeeringConnectionId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                                // ...
                            ],
                            'OwnerId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2Subnet' => [
                            'AssignIpv6AddressOnCreation' => true || false,
                            'AvailabilityZone' => '<string>',
                            'AvailabilityZoneId' => '<string>',
                            'AvailableIpAddressCount' => <integer>,
                            'CidrBlock' => '<string>',
                            'DefaultForAz' => true || false,
                            'Ipv6CidrBlockAssociationSet' => [
                                [
                                    'AssociationId' => '<string>',
                                    'CidrBlockState' => '<string>',
                                    'Ipv6CidrBlock' => '<string>',
                                ],
                                // ...
                            ],
                            'MapPublicIpOnLaunch' => true || false,
                            'OwnerId' => '<string>',
                            'State' => '<string>',
                            'SubnetArn' => '<string>',
                            'SubnetId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2TransitGateway' => [
                            'AmazonSideAsn' => <integer>,
                            'AssociationDefaultRouteTableId' => '<string>',
                            'AutoAcceptSharedAttachments' => '<string>',
                            'DefaultRouteTableAssociation' => '<string>',
                            'DefaultRouteTablePropagation' => '<string>',
                            'Description' => '<string>',
                            'DnsSupport' => '<string>',
                            'Id' => '<string>',
                            'MulticastSupport' => '<string>',
                            'PropagationDefaultRouteTableId' => '<string>',
                            'TransitGatewayCidrBlocks' => ['<string>', ...],
                            'VpnEcmpSupport' => '<string>',
                        ],
                        'AwsEc2Volume' => [
                            'Attachments' => [
                                [
                                    'AttachTime' => '<string>',
                                    'DeleteOnTermination' => true || false,
                                    'InstanceId' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'CreateTime' => '<string>',
                            'DeviceName' => '<string>',
                            'Encrypted' => true || false,
                            'KmsKeyId' => '<string>',
                            'Size' => <integer>,
                            'SnapshotId' => '<string>',
                            'Status' => '<string>',
                            'VolumeId' => '<string>',
                            'VolumeScanStatus' => '<string>',
                            'VolumeType' => '<string>',
                        ],
                        'AwsEc2Vpc' => [
                            'CidrBlockAssociationSet' => [
                                [
                                    'AssociationId' => '<string>',
                                    'CidrBlock' => '<string>',
                                    'CidrBlockState' => '<string>',
                                ],
                                // ...
                            ],
                            'DhcpOptionsId' => '<string>',
                            'Ipv6CidrBlockAssociationSet' => [
                                [
                                    'AssociationId' => '<string>',
                                    'CidrBlockState' => '<string>',
                                    'Ipv6CidrBlock' => '<string>',
                                ],
                                // ...
                            ],
                            'State' => '<string>',
                        ],
                        'AwsEc2VpcEndpointService' => [
                            'AcceptanceRequired' => true || false,
                            'AvailabilityZones' => ['<string>', ...],
                            'BaseEndpointDnsNames' => ['<string>', ...],
                            'GatewayLoadBalancerArns' => ['<string>', ...],
                            'ManagesVpcEndpoints' => true || false,
                            'NetworkLoadBalancerArns' => ['<string>', ...],
                            'PrivateDnsName' => '<string>',
                            'ServiceId' => '<string>',
                            'ServiceName' => '<string>',
                            'ServiceState' => '<string>',
                            'ServiceType' => [
                                [
                                    'ServiceType' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsEc2VpcPeeringConnection' => [
                            'AccepterVpcInfo' => [
                                'CidrBlock' => '<string>',
                                'CidrBlockSet' => [
                                    [
                                        'CidrBlock' => '<string>',
                                    ],
                                    // ...
                                ],
                                'Ipv6CidrBlockSet' => [
                                    [
                                        'Ipv6CidrBlock' => '<string>',
                                    ],
                                    // ...
                                ],
                                'OwnerId' => '<string>',
                                'PeeringOptions' => [
                                    'AllowDnsResolutionFromRemoteVpc' => true || false,
                                    'AllowEgressFromLocalClassicLinkToRemoteVpc' => true || false,
                                    'AllowEgressFromLocalVpcToRemoteClassicLink' => true || false,
                                ],
                                'Region' => '<string>',
                                'VpcId' => '<string>',
                            ],
                            'ExpirationTime' => '<string>',
                            'RequesterVpcInfo' => [
                                'CidrBlock' => '<string>',
                                'CidrBlockSet' => [
                                    [
                                        'CidrBlock' => '<string>',
                                    ],
                                    // ...
                                ],
                                'Ipv6CidrBlockSet' => [
                                    [
                                        'Ipv6CidrBlock' => '<string>',
                                    ],
                                    // ...
                                ],
                                'OwnerId' => '<string>',
                                'PeeringOptions' => [
                                    'AllowDnsResolutionFromRemoteVpc' => true || false,
                                    'AllowEgressFromLocalClassicLinkToRemoteVpc' => true || false,
                                    'AllowEgressFromLocalVpcToRemoteClassicLink' => true || false,
                                ],
                                'Region' => '<string>',
                                'VpcId' => '<string>',
                            ],
                            'Status' => [
                                'Code' => '<string>',
                                'Message' => '<string>',
                            ],
                            'VpcPeeringConnectionId' => '<string>',
                        ],
                        'AwsEc2VpnConnection' => [
                            'Category' => '<string>',
                            'CustomerGatewayConfiguration' => '<string>',
                            'CustomerGatewayId' => '<string>',
                            'Options' => [
                                'StaticRoutesOnly' => true || false,
                                'TunnelOptions' => [
                                    [
                                        'DpdTimeoutSeconds' => <integer>,
                                        'IkeVersions' => ['<string>', ...],
                                        'OutsideIpAddress' => '<string>',
                                        'Phase1DhGroupNumbers' => [<integer>, ...],
                                        'Phase1EncryptionAlgorithms' => ['<string>', ...],
                                        'Phase1IntegrityAlgorithms' => ['<string>', ...],
                                        'Phase1LifetimeSeconds' => <integer>,
                                        'Phase2DhGroupNumbers' => [<integer>, ...],
                                        'Phase2EncryptionAlgorithms' => ['<string>', ...],
                                        'Phase2IntegrityAlgorithms' => ['<string>', ...],
                                        'Phase2LifetimeSeconds' => <integer>,
                                        'PreSharedKey' => '<string>',
                                        'RekeyFuzzPercentage' => <integer>,
                                        'RekeyMarginTimeSeconds' => <integer>,
                                        'ReplayWindowSize' => <integer>,
                                        'TunnelInsideCidr' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'Routes' => [
                                [
                                    'DestinationCidrBlock' => '<string>',
                                    'State' => '<string>',
                                ],
                                // ...
                            ],
                            'State' => '<string>',
                            'TransitGatewayId' => '<string>',
                            'Type' => '<string>',
                            'VgwTelemetry' => [
                                [
                                    'AcceptedRouteCount' => <integer>,
                                    'CertificateArn' => '<string>',
                                    'LastStatusChange' => '<string>',
                                    'OutsideIpAddress' => '<string>',
                                    'Status' => '<string>',
                                    'StatusMessage' => '<string>',
                                ],
                                // ...
                            ],
                            'VpnConnectionId' => '<string>',
                            'VpnGatewayId' => '<string>',
                        ],
                        'AwsEcrContainerImage' => [
                            'Architecture' => '<string>',
                            'ImageDigest' => '<string>',
                            'ImagePublishedAt' => '<string>',
                            'ImageTags' => ['<string>', ...],
                            'RegistryId' => '<string>',
                            'RepositoryName' => '<string>',
                        ],
                        'AwsEcrRepository' => [
                            'Arn' => '<string>',
                            'ImageScanningConfiguration' => [
                                'ScanOnPush' => true || false,
                            ],
                            'ImageTagMutability' => '<string>',
                            'LifecyclePolicy' => [
                                'LifecyclePolicyText' => '<string>',
                                'RegistryId' => '<string>',
                            ],
                            'RepositoryName' => '<string>',
                            'RepositoryPolicyText' => '<string>',
                        ],
                        'AwsEcsCluster' => [
                            'ActiveServicesCount' => <integer>,
                            'CapacityProviders' => ['<string>', ...],
                            'ClusterArn' => '<string>',
                            'ClusterName' => '<string>',
                            'ClusterSettings' => [
                                [
                                    'Name' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'Configuration' => [
                                'ExecuteCommandConfiguration' => [
                                    'KmsKeyId' => '<string>',
                                    'LogConfiguration' => [
                                        'CloudWatchEncryptionEnabled' => true || false,
                                        'CloudWatchLogGroupName' => '<string>',
                                        'S3BucketName' => '<string>',
                                        'S3EncryptionEnabled' => true || false,
                                        'S3KeyPrefix' => '<string>',
                                    ],
                                    'Logging' => '<string>',
                                ],
                            ],
                            'DefaultCapacityProviderStrategy' => [
                                [
                                    'Base' => <integer>,
                                    'CapacityProvider' => '<string>',
                                    'Weight' => <integer>,
                                ],
                                // ...
                            ],
                            'RegisteredContainerInstancesCount' => <integer>,
                            'RunningTasksCount' => <integer>,
                            'Status' => '<string>',
                        ],
                        'AwsEcsContainer' => [
                            'Image' => '<string>',
                            'MountPoints' => [
                                [
                                    'ContainerPath' => '<string>',
                                    'SourceVolume' => '<string>',
                                ],
                                // ...
                            ],
                            'Name' => '<string>',
                            'Privileged' => true || false,
                        ],
                        'AwsEcsService' => [
                            'CapacityProviderStrategy' => [
                                [
                                    'Base' => <integer>,
                                    'CapacityProvider' => '<string>',
                                    'Weight' => <integer>,
                                ],
                                // ...
                            ],
                            'Cluster' => '<string>',
                            'DeploymentConfiguration' => [
                                'DeploymentCircuitBreaker' => [
                                    'Enable' => true || false,
                                    'Rollback' => true || false,
                                ],
                                'MaximumPercent' => <integer>,
                                'MinimumHealthyPercent' => <integer>,
                            ],
                            'DeploymentController' => [
                                'Type' => '<string>',
                            ],
                            'DesiredCount' => <integer>,
                            'EnableEcsManagedTags' => true || false,
                            'EnableExecuteCommand' => true || false,
                            'HealthCheckGracePeriodSeconds' => <integer>,
                            'LaunchType' => '<string>',
                            'LoadBalancers' => [
                                [
                                    'ContainerName' => '<string>',
                                    'ContainerPort' => <integer>,
                                    'LoadBalancerName' => '<string>',
                                    'TargetGroupArn' => '<string>',
                                ],
                                // ...
                            ],
                            'Name' => '<string>',
                            'NetworkConfiguration' => [
                                'AwsVpcConfiguration' => [
                                    'AssignPublicIp' => '<string>',
                                    'SecurityGroups' => ['<string>', ...],
                                    'Subnets' => ['<string>', ...],
                                ],
                            ],
                            'PlacementConstraints' => [
                                [
                                    'Expression' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'PlacementStrategies' => [
                                [
                                    'Field' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'PlatformVersion' => '<string>',
                            'PropagateTags' => '<string>',
                            'Role' => '<string>',
                            'SchedulingStrategy' => '<string>',
                            'ServiceArn' => '<string>',
                            'ServiceName' => '<string>',
                            'ServiceRegistries' => [
                                [
                                    'ContainerName' => '<string>',
                                    'ContainerPort' => <integer>,
                                    'Port' => <integer>,
                                    'RegistryArn' => '<string>',
                                ],
                                // ...
                            ],
                            'TaskDefinition' => '<string>',
                        ],
                        'AwsEcsTask' => [
                            'ClusterArn' => '<string>',
                            'Containers' => [
                                [
                                    'Image' => '<string>',
                                    'MountPoints' => [
                                        [
                                            'ContainerPath' => '<string>',
                                            'SourceVolume' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Name' => '<string>',
                                    'Privileged' => true || false,
                                ],
                                // ...
                            ],
                            'CreatedAt' => '<string>',
                            'Group' => '<string>',
                            'StartedAt' => '<string>',
                            'StartedBy' => '<string>',
                            'TaskDefinitionArn' => '<string>',
                            'Version' => '<string>',
                            'Volumes' => [
                                [
                                    'Host' => [
                                        'SourcePath' => '<string>',
                                    ],
                                    'Name' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsEcsTaskDefinition' => [
                            'ContainerDefinitions' => [
                                [
                                    'Command' => ['<string>', ...],
                                    'Cpu' => <integer>,
                                    'DependsOn' => [
                                        [
                                            'Condition' => '<string>',
                                            'ContainerName' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'DisableNetworking' => true || false,
                                    'DnsSearchDomains' => ['<string>', ...],
                                    'DnsServers' => ['<string>', ...],
                                    'DockerLabels' => ['<string>', ...],
                                    'DockerSecurityOptions' => ['<string>', ...],
                                    'EntryPoint' => ['<string>', ...],
                                    'Environment' => [
                                        [
                                            'Name' => '<string>',
                                            'Value' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'EnvironmentFiles' => [
                                        [
                                            'Type' => '<string>',
                                            'Value' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Essential' => true || false,
                                    'ExtraHosts' => [
                                        [
                                            'Hostname' => '<string>',
                                            'IpAddress' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'FirelensConfiguration' => [
                                        'Options' => ['<string>', ...],
                                        'Type' => '<string>',
                                    ],
                                    'HealthCheck' => [
                                        'Command' => ['<string>', ...],
                                        'Interval' => <integer>,
                                        'Retries' => <integer>,
                                        'StartPeriod' => <integer>,
                                        'Timeout' => <integer>,
                                    ],
                                    'Hostname' => '<string>',
                                    'Image' => '<string>',
                                    'Interactive' => true || false,
                                    'Links' => ['<string>', ...],
                                    'LinuxParameters' => [
                                        'Capabilities' => [
                                            'Add' => ['<string>', ...],
                                            'Drop' => ['<string>', ...],
                                        ],
                                        'Devices' => [
                                            [
                                                'ContainerPath' => '<string>',
                                                'HostPath' => '<string>',
                                                'Permissions' => ['<string>', ...],
                                            ],
                                            // ...
                                        ],
                                        'InitProcessEnabled' => true || false,
                                        'MaxSwap' => <integer>,
                                        'SharedMemorySize' => <integer>,
                                        'Swappiness' => <integer>,
                                        'Tmpfs' => [
                                            [
                                                'ContainerPath' => '<string>',
                                                'MountOptions' => ['<string>', ...],
                                                'Size' => <integer>,
                                            ],
                                            // ...
                                        ],
                                    ],
                                    'LogConfiguration' => [
                                        'LogDriver' => '<string>',
                                        'Options' => ['<string>', ...],
                                        'SecretOptions' => [
                                            [
                                                'Name' => '<string>',
                                                'ValueFrom' => '<string>',
                                            ],
                                            // ...
                                        ],
                                    ],
                                    'Memory' => <integer>,
                                    'MemoryReservation' => <integer>,
                                    'MountPoints' => [
                                        [
                                            'ContainerPath' => '<string>',
                                            'ReadOnly' => true || false,
                                            'SourceVolume' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Name' => '<string>',
                                    'PortMappings' => [
                                        [
                                            'ContainerPort' => <integer>,
                                            'HostPort' => <integer>,
                                            'Protocol' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Privileged' => true || false,
                                    'PseudoTerminal' => true || false,
                                    'ReadonlyRootFilesystem' => true || false,
                                    'RepositoryCredentials' => [
                                        'CredentialsParameter' => '<string>',
                                    ],
                                    'ResourceRequirements' => [
                                        [
                                            'Type' => '<string>',
                                            'Value' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Secrets' => [
                                        [
                                            'Name' => '<string>',
                                            'ValueFrom' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'StartTimeout' => <integer>,
                                    'StopTimeout' => <integer>,
                                    'SystemControls' => [
                                        [
                                            'Namespace' => '<string>',
                                            'Value' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Ulimits' => [
                                        [
                                            'HardLimit' => <integer>,
                                            'Name' => '<string>',
                                            'SoftLimit' => <integer>,
                                        ],
                                        // ...
                                    ],
                                    'User' => '<string>',
                                    'VolumesFrom' => [
                                        [
                                            'ReadOnly' => true || false,
                                            'SourceContainer' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'WorkingDirectory' => '<string>',
                                ],
                                // ...
                            ],
                            'Cpu' => '<string>',
                            'ExecutionRoleArn' => '<string>',
                            'Family' => '<string>',
                            'InferenceAccelerators' => [
                                [
                                    'DeviceName' => '<string>',
                                    'DeviceType' => '<string>',
                                ],
                                // ...
                            ],
                            'IpcMode' => '<string>',
                            'Memory' => '<string>',
                            'NetworkMode' => '<string>',
                            'PidMode' => '<string>',
                            'PlacementConstraints' => [
                                [
                                    'Expression' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'ProxyConfiguration' => [
                                'ContainerName' => '<string>',
                                'ProxyConfigurationProperties' => [
                                    [
                                        'Name' => '<string>',
                                        'Value' => '<string>',
                                    ],
                                    // ...
                                ],
                                'Type' => '<string>',
                            ],
                            'RequiresCompatibilities' => ['<string>', ...],
                            'Status' => '<string>',
                            'TaskRoleArn' => '<string>',
                            'Volumes' => [
                                [
                                    'DockerVolumeConfiguration' => [
                                        'Autoprovision' => true || false,
                                        'Driver' => '<string>',
                                        'DriverOpts' => ['<string>', ...],
                                        'Labels' => ['<string>', ...],
                                        'Scope' => '<string>',
                                    ],
                                    'EfsVolumeConfiguration' => [
                                        'AuthorizationConfig' => [
                                            'AccessPointId' => '<string>',
                                            'Iam' => '<string>',
                                        ],
                                        'FilesystemId' => '<string>',
                                        'RootDirectory' => '<string>',
                                        'TransitEncryption' => '<string>',
                                        'TransitEncryptionPort' => <integer>,
                                    ],
                                    'Host' => [
                                        'SourcePath' => '<string>',
                                    ],
                                    'Name' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsEfsAccessPoint' => [
                            'AccessPointId' => '<string>',
                            'Arn' => '<string>',
                            'ClientToken' => '<string>',
                            'FileSystemId' => '<string>',
                            'PosixUser' => [
                                'Gid' => '<string>',
                                'SecondaryGids' => ['<string>', ...],
                                'Uid' => '<string>',
                            ],
                            'RootDirectory' => [
                                'CreationInfo' => [
                                    'OwnerGid' => '<string>',
                                    'OwnerUid' => '<string>',
                                    'Permissions' => '<string>',
                                ],
                                'Path' => '<string>',
                            ],
                        ],
                        'AwsEksCluster' => [
                            'Arn' => '<string>',
                            'CertificateAuthorityData' => '<string>',
                            'ClusterStatus' => '<string>',
                            'Endpoint' => '<string>',
                            'Logging' => [
                                'ClusterLogging' => [
                                    [
                                        'Enabled' => true || false,
                                        'Types' => ['<string>', ...],
                                    ],
                                    // ...
                                ],
                            ],
                            'Name' => '<string>',
                            'ResourcesVpcConfig' => [
                                'EndpointPublicAccess' => true || false,
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                            ],
                            'RoleArn' => '<string>',
                            'Version' => '<string>',
                        ],
                        'AwsElasticBeanstalkEnvironment' => [
                            'ApplicationName' => '<string>',
                            'Cname' => '<string>',
                            'DateCreated' => '<string>',
                            'DateUpdated' => '<string>',
                            'Description' => '<string>',
                            'EndpointUrl' => '<string>',
                            'EnvironmentArn' => '<string>',
                            'EnvironmentId' => '<string>',
                            'EnvironmentLinks' => [
                                [
                                    'EnvironmentName' => '<string>',
                                    'LinkName' => '<string>',
                                ],
                                // ...
                            ],
                            'EnvironmentName' => '<string>',
                            'OptionSettings' => [
                                [
                                    'Namespace' => '<string>',
                                    'OptionName' => '<string>',
                                    'ResourceName' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'PlatformArn' => '<string>',
                            'SolutionStackName' => '<string>',
                            'Status' => '<string>',
                            'Tier' => [
                                'Name' => '<string>',
                                'Type' => '<string>',
                                'Version' => '<string>',
                            ],
                            'VersionLabel' => '<string>',
                        ],
                        'AwsElasticsearchDomain' => [
                            'AccessPolicies' => '<string>',
                            'DomainEndpointOptions' => [
                                'EnforceHTTPS' => true || false,
                                'TLSSecurityPolicy' => '<string>',
                            ],
                            'DomainId' => '<string>',
                            'DomainName' => '<string>',
                            'ElasticsearchClusterConfig' => [
                                'DedicatedMasterCount' => <integer>,
                                'DedicatedMasterEnabled' => true || false,
                                'DedicatedMasterType' => '<string>',
                                'InstanceCount' => <integer>,
                                'InstanceType' => '<string>',
                                'ZoneAwarenessConfig' => [
                                    'AvailabilityZoneCount' => <integer>,
                                ],
                                'ZoneAwarenessEnabled' => true || false,
                            ],
                            'ElasticsearchVersion' => '<string>',
                            'EncryptionAtRestOptions' => [
                                'Enabled' => true || false,
                                'KmsKeyId' => '<string>',
                            ],
                            'Endpoint' => '<string>',
                            'Endpoints' => ['<string>', ...],
                            'LogPublishingOptions' => [
                                'AuditLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                                'IndexSlowLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                                'SearchSlowLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                            ],
                            'NodeToNodeEncryptionOptions' => [
                                'Enabled' => true || false,
                            ],
                            'ServiceSoftwareOptions' => [
                                'AutomatedUpdateDate' => '<string>',
                                'Cancellable' => true || false,
                                'CurrentVersion' => '<string>',
                                'Description' => '<string>',
                                'NewVersion' => '<string>',
                                'UpdateAvailable' => true || false,
                                'UpdateStatus' => '<string>',
                            ],
                            'VPCOptions' => [
                                'AvailabilityZones' => ['<string>', ...],
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                                'VPCId' => '<string>',
                            ],
                        ],
                        'AwsElbLoadBalancer' => [
                            'AvailabilityZones' => ['<string>', ...],
                            'BackendServerDescriptions' => [
                                [
                                    'InstancePort' => <integer>,
                                    'PolicyNames' => ['<string>', ...],
                                ],
                                // ...
                            ],
                            'CanonicalHostedZoneName' => '<string>',
                            'CanonicalHostedZoneNameID' => '<string>',
                            'CreatedTime' => '<string>',
                            'DnsName' => '<string>',
                            'HealthCheck' => [
                                'HealthyThreshold' => <integer>,
                                'Interval' => <integer>,
                                'Target' => '<string>',
                                'Timeout' => <integer>,
                                'UnhealthyThreshold' => <integer>,
                            ],
                            'Instances' => [
                                [
                                    'InstanceId' => '<string>',
                                ],
                                // ...
                            ],
                            'ListenerDescriptions' => [
                                [
                                    'Listener' => [
                                        'InstancePort' => <integer>,
                                        'InstanceProtocol' => '<string>',
                                        'LoadBalancerPort' => <integer>,
                                        'Protocol' => '<string>',
                                        'SslCertificateId' => '<string>',
                                    ],
                                    'PolicyNames' => ['<string>', ...],
                                ],
                                // ...
                            ],
                            'LoadBalancerAttributes' => [
                                'AccessLog' => [
                                    'EmitInterval' => <integer>,
                                    'Enabled' => true || false,
                                    'S3BucketName' => '<string>',
                                    'S3BucketPrefix' => '<string>',
                                ],
                                'AdditionalAttributes' => [
                                    [
                                        'Key' => '<string>',
                                        'Value' => '<string>',
                                    ],
                                    // ...
                                ],
                                'ConnectionDraining' => [
                                    'Enabled' => true || false,
                                    'Timeout' => <integer>,
                                ],
                                'ConnectionSettings' => [
                                    'IdleTimeout' => <integer>,
                                ],
                                'CrossZoneLoadBalancing' => [
                                    'Enabled' => true || false,
                                ],
                            ],
                            'LoadBalancerName' => '<string>',
                            'Policies' => [
                                'AppCookieStickinessPolicies' => [
                                    [
                                        'CookieName' => '<string>',
                                        'PolicyName' => '<string>',
                                    ],
                                    // ...
                                ],
                                'LbCookieStickinessPolicies' => [
                                    [
                                        'CookieExpirationPeriod' => <integer>,
                                        'PolicyName' => '<string>',
                                    ],
                                    // ...
                                ],
                                'OtherPolicies' => ['<string>', ...],
                            ],
                            'Scheme' => '<string>',
                            'SecurityGroups' => ['<string>', ...],
                            'SourceSecurityGroup' => [
                                'GroupName' => '<string>',
                                'OwnerAlias' => '<string>',
                            ],
                            'Subnets' => ['<string>', ...],
                            'VpcId' => '<string>',
                        ],
                        'AwsElbv2LoadBalancer' => [
                            'AvailabilityZones' => [
                                [
                                    'SubnetId' => '<string>',
                                    'ZoneName' => '<string>',
                                ],
                                // ...
                            ],
                            'CanonicalHostedZoneId' => '<string>',
                            'CreatedTime' => '<string>',
                            'DNSName' => '<string>',
                            'IpAddressType' => '<string>',
                            'LoadBalancerAttributes' => [
                                [
                                    'Key' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'Scheme' => '<string>',
                            'SecurityGroups' => ['<string>', ...],
                            'State' => [
                                'Code' => '<string>',
                                'Reason' => '<string>',
                            ],
                            'Type' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEventSchemasRegistry' => [
                            'Description' => '<string>',
                            'RegistryArn' => '<string>',
                            'RegistryName' => '<string>',
                        ],
                        'AwsEventsEndpoint' => [
                            'Arn' => '<string>',
                            'Description' => '<string>',
                            'EndpointId' => '<string>',
                            'EndpointUrl' => '<string>',
                            'EventBuses' => [
                                [
                                    'EventBusArn' => '<string>',
                                ],
                                // ...
                            ],
                            'Name' => '<string>',
                            'ReplicationConfig' => [
                                'State' => '<string>',
                            ],
                            'RoleArn' => '<string>',
                            'RoutingConfig' => [
                                'FailoverConfig' => [
                                    'Primary' => [
                                        'HealthCheck' => '<string>',
                                    ],
                                    'Secondary' => [
                                        'Route' => '<string>',
                                    ],
                                ],
                            ],
                            'State' => '<string>',
                            'StateReason' => '<string>',
                        ],
                        'AwsEventsEventbus' => [
                            'Arn' => '<string>',
                            'Name' => '<string>',
                            'Policy' => '<string>',
                        ],
                        'AwsGuardDutyDetector' => [
                            'DataSources' => [
                                'CloudTrail' => [
                                    'Status' => '<string>',
                                ],
                                'DnsLogs' => [
                                    'Status' => '<string>',
                                ],
                                'FlowLogs' => [
                                    'Status' => '<string>',
                                ],
                                'Kubernetes' => [
                                    'AuditLogs' => [
                                        'Status' => '<string>',
                                    ],
                                ],
                                'MalwareProtection' => [
                                    'ScanEc2InstanceWithFindings' => [
                                        'EbsVolumes' => [
                                            'Reason' => '<string>',
                                            'Status' => '<string>',
                                        ],
                                    ],
                                    'ServiceRole' => '<string>',
                                ],
                                'S3Logs' => [
                                    'Status' => '<string>',
                                ],
                            ],
                            'Features' => [
                                [
                                    'Name' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'FindingPublishingFrequency' => '<string>',
                            'ServiceRole' => '<string>',
                            'Status' => '<string>',
                        ],
                        'AwsIamAccessKey' => [
                            'AccessKeyId' => '<string>',
                            'AccountId' => '<string>',
                            'CreatedAt' => '<string>',
                            'PrincipalId' => '<string>',
                            'PrincipalName' => '<string>',
                            'PrincipalType' => '<string>',
                            'SessionContext' => [
                                'Attributes' => [
                                    'CreationDate' => '<string>',
                                    'MfaAuthenticated' => true || false,
                                ],
                                'SessionIssuer' => [
                                    'AccountId' => '<string>',
                                    'Arn' => '<string>',
                                    'PrincipalId' => '<string>',
                                    'Type' => '<string>',
                                    'UserName' => '<string>',
                                ],
                            ],
                            'Status' => 'Active|Inactive',
                            'UserName' => '<string>',
                        ],
                        'AwsIamGroup' => [
                            'AttachedManagedPolicies' => [
                                [
                                    'PolicyArn' => '<string>',
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                            'CreateDate' => '<string>',
                            'GroupId' => '<string>',
                            'GroupName' => '<string>',
                            'GroupPolicyList' => [
                                [
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                            'Path' => '<string>',
                        ],
                        'AwsIamPolicy' => [
                            'AttachmentCount' => <integer>,
                            'CreateDate' => '<string>',
                            'DefaultVersionId' => '<string>',
                            'Description' => '<string>',
                            'IsAttachable' => true || false,
                            'Path' => '<string>',
                            'PermissionsBoundaryUsageCount' => <integer>,
                            'PolicyId' => '<string>',
                            'PolicyName' => '<string>',
                            'PolicyVersionList' => [
                                [
                                    'CreateDate' => '<string>',
                                    'IsDefaultVersion' => true || false,
                                    'VersionId' => '<string>',
                                ],
                                // ...
                            ],
                            'UpdateDate' => '<string>',
                        ],
                        'AwsIamRole' => [
                            'AssumeRolePolicyDocument' => '<string>',
                            'AttachedManagedPolicies' => [
                                [
                                    'PolicyArn' => '<string>',
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                            'CreateDate' => '<string>',
                            'InstanceProfileList' => [
                                [
                                    'Arn' => '<string>',
                                    'CreateDate' => '<string>',
                                    'InstanceProfileId' => '<string>',
                                    'InstanceProfileName' => '<string>',
                                    'Path' => '<string>',
                                    'Roles' => [
                                        [
                                            'Arn' => '<string>',
                                            'AssumeRolePolicyDocument' => '<string>',
                                            'CreateDate' => '<string>',
                                            'Path' => '<string>',
                                            'RoleId' => '<string>',
                                            'RoleName' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                                // ...
                            ],
                            'MaxSessionDuration' => <integer>,
                            'Path' => '<string>',
                            'PermissionsBoundary' => [
                                'PermissionsBoundaryArn' => '<string>',
                                'PermissionsBoundaryType' => '<string>',
                            ],
                            'RoleId' => '<string>',
                            'RoleName' => '<string>',
                            'RolePolicyList' => [
                                [
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsIamUser' => [
                            'AttachedManagedPolicies' => [
                                [
                                    'PolicyArn' => '<string>',
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                            'CreateDate' => '<string>',
                            'GroupList' => ['<string>', ...],
                            'Path' => '<string>',
                            'PermissionsBoundary' => [
                                'PermissionsBoundaryArn' => '<string>',
                                'PermissionsBoundaryType' => '<string>',
                            ],
                            'UserId' => '<string>',
                            'UserName' => '<string>',
                            'UserPolicyList' => [
                                [
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsKinesisStream' => [
                            'Arn' => '<string>',
                            'Name' => '<string>',
                            'RetentionPeriodHours' => <integer>,
                            'ShardCount' => <integer>,
                            'StreamEncryption' => [
                                'EncryptionType' => '<string>',
                                'KeyId' => '<string>',
                            ],
                        ],
                        'AwsKmsKey' => [
                            'AWSAccountId' => '<string>',
                            'CreationDate' => <float>,
                            'Description' => '<string>',
                            'KeyId' => '<string>',
                            'KeyManager' => '<string>',
                            'KeyRotationStatus' => true || false,
                            'KeyState' => '<string>',
                            'Origin' => '<string>',
                        ],
                        'AwsLambdaFunction' => [
                            'Architectures' => ['<string>', ...],
                            'Code' => [
                                'S3Bucket' => '<string>',
                                'S3Key' => '<string>',
                                'S3ObjectVersion' => '<string>',
                                'ZipFile' => '<string>',
                            ],
                            'CodeSha256' => '<string>',
                            'DeadLetterConfig' => [
                                'TargetArn' => '<string>',
                            ],
                            'Environment' => [
                                'Error' => [
                                    'ErrorCode' => '<string>',
                                    'Message' => '<string>',
                                ],
                                'Variables' => ['<string>', ...],
                            ],
                            'FunctionName' => '<string>',
                            'Handler' => '<string>',
                            'KmsKeyArn' => '<string>',
                            'LastModified' => '<string>',
                            'Layers' => [
                                [
                                    'Arn' => '<string>',
                                    'CodeSize' => <integer>,
                                ],
                                // ...
                            ],
                            'MasterArn' => '<string>',
                            'MemorySize' => <integer>,
                            'PackageType' => '<string>',
                            'RevisionId' => '<string>',
                            'Role' => '<string>',
                            'Runtime' => '<string>',
                            'Timeout' => <integer>,
                            'TracingConfig' => [
                                'Mode' => '<string>',
                            ],
                            'Version' => '<string>',
                            'VpcConfig' => [
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                                'VpcId' => '<string>',
                            ],
                        ],
                        'AwsLambdaLayerVersion' => [
                            'CompatibleRuntimes' => ['<string>', ...],
                            'CreatedDate' => '<string>',
                            'Version' => <integer>,
                        ],
                        'AwsMskCluster' => [
                            'ClusterInfo' => [
                                'ClientAuthentication' => [
                                    'Sasl' => [
                                        'Iam' => [
                                            'Enabled' => true || false,
                                        ],
                                        'Scram' => [
                                            'Enabled' => true || false,
                                        ],
                                    ],
                                    'Tls' => [
                                        'CertificateAuthorityArnList' => ['<string>', ...],
                                        'Enabled' => true || false,
                                    ],
                                    'Unauthenticated' => [
                                        'Enabled' => true || false,
                                    ],
                                ],
                                'ClusterName' => '<string>',
                                'CurrentVersion' => '<string>',
                                'EncryptionInfo' => [
                                    'EncryptionAtRest' => [
                                        'DataVolumeKMSKeyId' => '<string>',
                                    ],
                                    'EncryptionInTransit' => [
                                        'ClientBroker' => '<string>',
                                        'InCluster' => true || false,
                                    ],
                                ],
                                'EnhancedMonitoring' => '<string>',
                                'NumberOfBrokerNodes' => <integer>,
                            ],
                        ],
                        'AwsNetworkFirewallFirewall' => [
                            'DeleteProtection' => true || false,
                            'Description' => '<string>',
                            'FirewallArn' => '<string>',
                            'FirewallId' => '<string>',
                            'FirewallName' => '<string>',
                            'FirewallPolicyArn' => '<string>',
                            'FirewallPolicyChangeProtection' => true || false,
                            'SubnetChangeProtection' => true || false,
                            'SubnetMappings' => [
                                [
                                    'SubnetId' => '<string>',
                                ],
                                // ...
                            ],
                            'VpcId' => '<string>',
                        ],
                        'AwsNetworkFirewallFirewallPolicy' => [
                            'Description' => '<string>',
                            'FirewallPolicy' => [
                                'StatefulRuleGroupReferences' => [
                                    [
                                        'ResourceArn' => '<string>',
                                    ],
                                    // ...
                                ],
                                'StatelessCustomActions' => [
                                    [
                                        'ActionDefinition' => [
                                            'PublishMetricAction' => [
                                                'Dimensions' => [
                                                    [
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'ActionName' => '<string>',
                                    ],
                                    // ...
                                ],
                                'StatelessDefaultActions' => ['<string>', ...],
                                'StatelessFragmentDefaultActions' => ['<string>', ...],
                                'StatelessRuleGroupReferences' => [
                                    [
                                        'Priority' => <integer>,
                                        'ResourceArn' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'FirewallPolicyArn' => '<string>',
                            'FirewallPolicyId' => '<string>',
                            'FirewallPolicyName' => '<string>',
                        ],
                        'AwsNetworkFirewallRuleGroup' => [
                            'Capacity' => <integer>,
                            'Description' => '<string>',
                            'RuleGroup' => [
                                'RuleVariables' => [
                                    'IpSets' => [
                                        'Definition' => ['<string>', ...],
                                    ],
                                    'PortSets' => [
                                        'Definition' => ['<string>', ...],
                                    ],
                                ],
                                'RulesSource' => [
                                    'RulesSourceList' => [
                                        'GeneratedRulesType' => '<string>',
                                        'TargetTypes' => ['<string>', ...],
                                        'Targets' => ['<string>', ...],
                                    ],
                                    'RulesString' => '<string>',
                                    'StatefulRules' => [
                                        [
                                            'Action' => '<string>',
                                            'Header' => [
                                                'Destination' => '<string>',
                                                'DestinationPort' => '<string>',
                                                'Direction' => '<string>',
                                                'Protocol' => '<string>',
                                                'Source' => '<string>',
                                                'SourcePort' => '<string>',
                                            ],
                                            'RuleOptions' => [
                                                [
                                                    'Keyword' => '<string>',
                                                    'Settings' => ['<string>', ...],
                                                ],
                                                // ...
                                            ],
                                        ],
                                        // ...
                                    ],
                                    'StatelessRulesAndCustomActions' => [
                                        'CustomActions' => [
                                            [
                                                'ActionDefinition' => [
                                                    'PublishMetricAction' => [
                                                        'Dimensions' => [
                                                            [
                                                                'Value' => '<string>',
                                                            ],
                                                            // ...
                                                        ],
                                                    ],
                                                ],
                                                'ActionName' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'StatelessRules' => [
                                            [
                                                'Priority' => <integer>,
                                                'RuleDefinition' => [
                                                    'Actions' => ['<string>', ...],
                                                    'MatchAttributes' => [
                                                        'DestinationPorts' => [
                                                            [
                                                                'FromPort' => <integer>,
                                                                'ToPort' => <integer>,
                                                            ],
                                                            // ...
                                                        ],
                                                        'Destinations' => [
                                                            [
                                                                'AddressDefinition' => '<string>',
                                                            ],
                                                            // ...
                                                        ],
                                                        'Protocols' => [<integer>, ...],
                                                        'SourcePorts' => [
                                                            [
                                                                'FromPort' => <integer>,
                                                                'ToPort' => <integer>,
                                                            ],
                                                            // ...
                                                        ],
                                                        'Sources' => [
                                                            [
                                                                'AddressDefinition' => '<string>',
                                                            ],
                                                            // ...
                                                        ],
                                                        'TcpFlags' => [
                                                            [
                                                                'Flags' => ['<string>', ...],
                                                                'Masks' => ['<string>', ...],
                                                            ],
                                                            // ...
                                                        ],
                                                    ],
                                                ],
                                            ],
                                            // ...
                                        ],
                                    ],
                                ],
                            ],
                            'RuleGroupArn' => '<string>',
                            'RuleGroupId' => '<string>',
                            'RuleGroupName' => '<string>',
                            'Type' => '<string>',
                        ],
                        'AwsOpenSearchServiceDomain' => [
                            'AccessPolicies' => '<string>',
                            'AdvancedSecurityOptions' => [
                                'Enabled' => true || false,
                                'InternalUserDatabaseEnabled' => true || false,
                                'MasterUserOptions' => [
                                    'MasterUserArn' => '<string>',
                                    'MasterUserName' => '<string>',
                                    'MasterUserPassword' => '<string>',
                                ],
                            ],
                            'Arn' => '<string>',
                            'ClusterConfig' => [
                                'DedicatedMasterCount' => <integer>,
                                'DedicatedMasterEnabled' => true || false,
                                'DedicatedMasterType' => '<string>',
                                'InstanceCount' => <integer>,
                                'InstanceType' => '<string>',
                                'WarmCount' => <integer>,
                                'WarmEnabled' => true || false,
                                'WarmType' => '<string>',
                                'ZoneAwarenessConfig' => [
                                    'AvailabilityZoneCount' => <integer>,
                                ],
                                'ZoneAwarenessEnabled' => true || false,
                            ],
                            'DomainEndpoint' => '<string>',
                            'DomainEndpointOptions' => [
                                'CustomEndpoint' => '<string>',
                                'CustomEndpointCertificateArn' => '<string>',
                                'CustomEndpointEnabled' => true || false,
                                'EnforceHTTPS' => true || false,
                                'TLSSecurityPolicy' => '<string>',
                            ],
                            'DomainEndpoints' => ['<string>', ...],
                            'DomainName' => '<string>',
                            'EncryptionAtRestOptions' => [
                                'Enabled' => true || false,
                                'KmsKeyId' => '<string>',
                            ],
                            'EngineVersion' => '<string>',
                            'Id' => '<string>',
                            'LogPublishingOptions' => [
                                'AuditLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                                'IndexSlowLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                                'SearchSlowLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                            ],
                            'NodeToNodeEncryptionOptions' => [
                                'Enabled' => true || false,
                            ],
                            'ServiceSoftwareOptions' => [
                                'AutomatedUpdateDate' => '<string>',
                                'Cancellable' => true || false,
                                'CurrentVersion' => '<string>',
                                'Description' => '<string>',
                                'NewVersion' => '<string>',
                                'OptionalDeployment' => true || false,
                                'UpdateAvailable' => true || false,
                                'UpdateStatus' => '<string>',
                            ],
                            'VpcOptions' => [
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                            ],
                        ],
                        'AwsRdsDbCluster' => [
                            'ActivityStreamStatus' => '<string>',
                            'AllocatedStorage' => <integer>,
                            'AssociatedRoles' => [
                                [
                                    'RoleArn' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'AutoMinorVersionUpgrade' => true || false,
                            'AvailabilityZones' => ['<string>', ...],
                            'BackupRetentionPeriod' => <integer>,
                            'ClusterCreateTime' => '<string>',
                            'CopyTagsToSnapshot' => true || false,
                            'CrossAccountClone' => true || false,
                            'CustomEndpoints' => ['<string>', ...],
                            'DatabaseName' => '<string>',
                            'DbClusterIdentifier' => '<string>',
                            'DbClusterMembers' => [
                                [
                                    'DbClusterParameterGroupStatus' => '<string>',
                                    'DbInstanceIdentifier' => '<string>',
                                    'IsClusterWriter' => true || false,
                                    'PromotionTier' => <integer>,
                                ],
                                // ...
                            ],
                            'DbClusterOptionGroupMemberships' => [
                                [
                                    'DbClusterOptionGroupName' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'DbClusterParameterGroup' => '<string>',
                            'DbClusterResourceId' => '<string>',
                            'DbSubnetGroup' => '<string>',
                            'DeletionProtection' => true || false,
                            'DomainMemberships' => [
                                [
                                    'Domain' => '<string>',
                                    'Fqdn' => '<string>',
                                    'IamRoleName' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'EnabledCloudWatchLogsExports' => ['<string>', ...],
                            'Endpoint' => '<string>',
                            'Engine' => '<string>',
                            'EngineMode' => '<string>',
                            'EngineVersion' => '<string>',
                            'HostedZoneId' => '<string>',
                            'HttpEndpointEnabled' => true || false,
                            'IamDatabaseAuthenticationEnabled' => true || false,
                            'KmsKeyId' => '<string>',
                            'MasterUsername' => '<string>',
                            'MultiAz' => true || false,
                            'Port' => <integer>,
                            'PreferredBackupWindow' => '<string>',
                            'PreferredMaintenanceWindow' => '<string>',
                            'ReadReplicaIdentifiers' => ['<string>', ...],
                            'ReaderEndpoint' => '<string>',
                            'Status' => '<string>',
                            'StorageEncrypted' => true || false,
                            'VpcSecurityGroups' => [
                                [
                                    'Status' => '<string>',
                                    'VpcSecurityGroupId' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsRdsDbClusterSnapshot' => [
                            'AllocatedStorage' => <integer>,
                            'AvailabilityZones' => ['<string>', ...],
                            'ClusterCreateTime' => '<string>',
                            'DbClusterIdentifier' => '<string>',
                            'DbClusterSnapshotAttributes' => [
                                [
                                    'AttributeName' => '<string>',
                                    'AttributeValues' => ['<string>', ...],
                                ],
                                // ...
                            ],
                            'DbClusterSnapshotIdentifier' => '<string>',
                            'Engine' => '<string>',
                            'EngineVersion' => '<string>',
                            'IamDatabaseAuthenticationEnabled' => true || false,
                            'KmsKeyId' => '<string>',
                            'LicenseModel' => '<string>',
                            'MasterUsername' => '<string>',
                            'PercentProgress' => <integer>,
                            'Port' => <integer>,
                            'SnapshotCreateTime' => '<string>',
                            'SnapshotType' => '<string>',
                            'Status' => '<string>',
                            'StorageEncrypted' => true || false,
                            'VpcId' => '<string>',
                        ],
                        'AwsRdsDbInstance' => [
                            'AllocatedStorage' => <integer>,
                            'AssociatedRoles' => [
                                [
                                    'FeatureName' => '<string>',
                                    'RoleArn' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'AutoMinorVersionUpgrade' => true || false,
                            'AvailabilityZone' => '<string>',
                            'BackupRetentionPeriod' => <integer>,
                            'CACertificateIdentifier' => '<string>',
                            'CharacterSetName' => '<string>',
                            'CopyTagsToSnapshot' => true || false,
                            'DBClusterIdentifier' => '<string>',
                            'DBInstanceClass' => '<string>',
                            'DBInstanceIdentifier' => '<string>',
                            'DBName' => '<string>',
                            'DbInstancePort' => <integer>,
                            'DbInstanceStatus' => '<string>',
                            'DbParameterGroups' => [
                                [
                                    'DbParameterGroupName' => '<string>',
                                    'ParameterApplyStatus' => '<string>',
                                ],
                                // ...
                            ],
                            'DbSecurityGroups' => ['<string>', ...],
                            'DbSubnetGroup' => [
                                'DbSubnetGroupArn' => '<string>',
                                'DbSubnetGroupDescription' => '<string>',
                                'DbSubnetGroupName' => '<string>',
                                'SubnetGroupStatus' => '<string>',
                                'Subnets' => [
                                    [
                                        'SubnetAvailabilityZone' => [
                                            'Name' => '<string>',
                                        ],
                                        'SubnetIdentifier' => '<string>',
                                        'SubnetStatus' => '<string>',
                                    ],
                                    // ...
                                ],
                                'VpcId' => '<string>',
                            ],
                            'DbiResourceId' => '<string>',
                            'DeletionProtection' => true || false,
                            'DomainMemberships' => [
                                [
                                    'Domain' => '<string>',
                                    'Fqdn' => '<string>',
                                    'IamRoleName' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'EnabledCloudWatchLogsExports' => ['<string>', ...],
                            'Endpoint' => [
                                'Address' => '<string>',
                                'HostedZoneId' => '<string>',
                                'Port' => <integer>,
                            ],
                            'Engine' => '<string>',
                            'EngineVersion' => '<string>',
                            'EnhancedMonitoringResourceArn' => '<string>',
                            'IAMDatabaseAuthenticationEnabled' => true || false,
                            'InstanceCreateTime' => '<string>',
                            'Iops' => <integer>,
                            'KmsKeyId' => '<string>',
                            'LatestRestorableTime' => '<string>',
                            'LicenseModel' => '<string>',
                            'ListenerEndpoint' => [
                                'Address' => '<string>',
                                'HostedZoneId' => '<string>',
                                'Port' => <integer>,
                            ],
                            'MasterUsername' => '<string>',
                            'MaxAllocatedStorage' => <integer>,
                            'MonitoringInterval' => <integer>,
                            'MonitoringRoleArn' => '<string>',
                            'MultiAz' => true || false,
                            'OptionGroupMemberships' => [
                                [
                                    'OptionGroupName' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'PendingModifiedValues' => [
                                'AllocatedStorage' => <integer>,
                                'BackupRetentionPeriod' => <integer>,
                                'CaCertificateIdentifier' => '<string>',
                                'DbInstanceClass' => '<string>',
                                'DbInstanceIdentifier' => '<string>',
                                'DbSubnetGroupName' => '<string>',
                                'EngineVersion' => '<string>',
                                'Iops' => <integer>,
                                'LicenseModel' => '<string>',
                                'MasterUserPassword' => '<string>',
                                'MultiAZ' => true || false,
                                'PendingCloudWatchLogsExports' => [
                                    'LogTypesToDisable' => ['<string>', ...],
                                    'LogTypesToEnable' => ['<string>', ...],
                                ],
                                'Port' => <integer>,
                                'ProcessorFeatures' => [
                                    [
                                        'Name' => '<string>',
                                        'Value' => '<string>',
                                    ],
                                    // ...
                                ],
                                'StorageType' => '<string>',
                            ],
                            'PerformanceInsightsEnabled' => true || false,
                            'PerformanceInsightsKmsKeyId' => '<string>',
                            'PerformanceInsightsRetentionPeriod' => <integer>,
                            'PreferredBackupWindow' => '<string>',
                            'PreferredMaintenanceWindow' => '<string>',
                            'ProcessorFeatures' => [
                                [
                                    'Name' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'PromotionTier' => <integer>,
                            'PubliclyAccessible' => true || false,
                            'ReadReplicaDBClusterIdentifiers' => ['<string>', ...],
                            'ReadReplicaDBInstanceIdentifiers' => ['<string>', ...],
                            'ReadReplicaSourceDBInstanceIdentifier' => '<string>',
                            'SecondaryAvailabilityZone' => '<string>',
                            'StatusInfos' => [
                                [
                                    'Message' => '<string>',
                                    'Normal' => true || false,
                                    'Status' => '<string>',
                                    'StatusType' => '<string>',
                                ],
                                // ...
                            ],
                            'StorageEncrypted' => true || false,
                            'StorageType' => '<string>',
                            'TdeCredentialArn' => '<string>',
                            'Timezone' => '<string>',
                            'VpcSecurityGroups' => [
                                [
                                    'Status' => '<string>',
                                    'VpcSecurityGroupId' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsRdsDbSecurityGroup' => [
                            'DbSecurityGroupArn' => '<string>',
                            'DbSecurityGroupDescription' => '<string>',
                            'DbSecurityGroupName' => '<string>',
                            'Ec2SecurityGroups' => [
                                [
                                    'Ec2SecurityGroupId' => '<string>',
                                    'Ec2SecurityGroupName' => '<string>',
                                    'Ec2SecurityGroupOwnerId' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'IpRanges' => [
                                [
                                    'CidrIp' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'OwnerId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsRdsDbSnapshot' => [
                            'AllocatedStorage' => <integer>,
                            'AvailabilityZone' => '<string>',
                            'DbInstanceIdentifier' => '<string>',
                            'DbSnapshotIdentifier' => '<string>',
                            'DbiResourceId' => '<string>',
                            'Encrypted' => true || false,
                            'Engine' => '<string>',
                            'EngineVersion' => '<string>',
                            'IamDatabaseAuthenticationEnabled' => true || false,
                            'InstanceCreateTime' => '<string>',
                            'Iops' => <integer>,
                            'KmsKeyId' => '<string>',
                            'LicenseModel' => '<string>',
                            'MasterUsername' => '<string>',
                            'OptionGroupName' => '<string>',
                            'PercentProgress' => <integer>,
                            'Port' => <integer>,
                            'ProcessorFeatures' => [
                                [
                                    'Name' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'SnapshotCreateTime' => '<string>',
                            'SnapshotType' => '<string>',
                            'SourceDbSnapshotIdentifier' => '<string>',
                            'SourceRegion' => '<string>',
                            'Status' => '<string>',
                            'StorageType' => '<string>',
                            'TdeCredentialArn' => '<string>',
                            'Timezone' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsRdsEventSubscription' => [
                            'CustSubscriptionId' => '<string>',
                            'CustomerAwsId' => '<string>',
                            'Enabled' => true || false,
                            'EventCategoriesList' => ['<string>', ...],
                            'EventSubscriptionArn' => '<string>',
                            'SnsTopicArn' => '<string>',
                            'SourceIdsList' => ['<string>', ...],
                            'SourceType' => '<string>',
                            'Status' => '<string>',
                            'SubscriptionCreationTime' => '<string>',
                        ],
                        'AwsRedshiftCluster' => [
                            'AllowVersionUpgrade' => true || false,
                            'AutomatedSnapshotRetentionPeriod' => <integer>,
                            'AvailabilityZone' => '<string>',
                            'ClusterAvailabilityStatus' => '<string>',
                            'ClusterCreateTime' => '<string>',
                            'ClusterIdentifier' => '<string>',
                            'ClusterNodes' => [
                                [
                                    'NodeRole' => '<string>',
                                    'PrivateIpAddress' => '<string>',
                                    'PublicIpAddress' => '<string>',
                                ],
                                // ...
                            ],
                            'ClusterParameterGroups' => [
                                [
                                    'ClusterParameterStatusList' => [
                                        [
                                            'ParameterApplyErrorDescription' => '<string>',
                                            'ParameterApplyStatus' => '<string>',
                                            'ParameterName' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'ParameterApplyStatus' => '<string>',
                                    'ParameterGroupName' => '<string>',
                                ],
                                // ...
                            ],
                            'ClusterPublicKey' => '<string>',
                            'ClusterRevisionNumber' => '<string>',
                            'ClusterSecurityGroups' => [
                                [
                                    'ClusterSecurityGroupName' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'ClusterSnapshotCopyStatus' => [
                                'DestinationRegion' => '<string>',
                                'ManualSnapshotRetentionPeriod' => <integer>,
                                'RetentionPeriod' => <integer>,
                                'SnapshotCopyGrantName' => '<string>',
                            ],
                            'ClusterStatus' => '<string>',
                            'ClusterSubnetGroupName' => '<string>',
                            'ClusterVersion' => '<string>',
                            'DBName' => '<string>',
                            'DeferredMaintenanceWindows' => [
                                [
                                    'DeferMaintenanceEndTime' => '<string>',
                                    'DeferMaintenanceIdentifier' => '<string>',
                                    'DeferMaintenanceStartTime' => '<string>',
                                ],
                                // ...
                            ],
                            'ElasticIpStatus' => [
                                'ElasticIp' => '<string>',
                                'Status' => '<string>',
                            ],
                            'ElasticResizeNumberOfNodeOptions' => '<string>',
                            'Encrypted' => true || false,
                            'Endpoint' => [
                                'Address' => '<string>',
                                'Port' => <integer>,
                            ],
                            'EnhancedVpcRouting' => true || false,
                            'ExpectedNextSnapshotScheduleTime' => '<string>',
                            'ExpectedNextSnapshotScheduleTimeStatus' => '<string>',
                            'HsmStatus' => [
                                'HsmClientCertificateIdentifier' => '<string>',
                                'HsmConfigurationIdentifier' => '<string>',
                                'Status' => '<string>',
                            ],
                            'IamRoles' => [
                                [
                                    'ApplyStatus' => '<string>',
                                    'IamRoleArn' => '<string>',
                                ],
                                // ...
                            ],
                            'KmsKeyId' => '<string>',
                            'LoggingStatus' => [
                                'BucketName' => '<string>',
                                'LastFailureMessage' => '<string>',
                                'LastFailureTime' => '<string>',
                                'LastSuccessfulDeliveryTime' => '<string>',
                                'LoggingEnabled' => true || false,
                                'S3KeyPrefix' => '<string>',
                            ],
                            'MaintenanceTrackName' => '<string>',
                            'ManualSnapshotRetentionPeriod' => <integer>,
                            'MasterUsername' => '<string>',
                            'NextMaintenanceWindowStartTime' => '<string>',
                            'NodeType' => '<string>',
                            'NumberOfNodes' => <integer>,
                            'PendingActions' => ['<string>', ...],
                            'PendingModifiedValues' => [
                                'AutomatedSnapshotRetentionPeriod' => <integer>,
                                'ClusterIdentifier' => '<string>',
                                'ClusterType' => '<string>',
                                'ClusterVersion' => '<string>',
                                'EncryptionType' => '<string>',
                                'EnhancedVpcRouting' => true || false,
                                'MaintenanceTrackName' => '<string>',
                                'MasterUserPassword' => '<string>',
                                'NodeType' => '<string>',
                                'NumberOfNodes' => <integer>,
                                'PubliclyAccessible' => true || false,
                            ],
                            'PreferredMaintenanceWindow' => '<string>',
                            'PubliclyAccessible' => true || false,
                            'ResizeInfo' => [
                                'AllowCancelResize' => true || false,
                                'ResizeType' => '<string>',
                            ],
                            'RestoreStatus' => [
                                'CurrentRestoreRateInMegaBytesPerSecond' => <float>,
                                'ElapsedTimeInSeconds' => <integer>,
                                'EstimatedTimeToCompletionInSeconds' => <integer>,
                                'ProgressInMegaBytes' => <integer>,
                                'SnapshotSizeInMegaBytes' => <integer>,
                                'Status' => '<string>',
                            ],
                            'SnapshotScheduleIdentifier' => '<string>',
                            'SnapshotScheduleState' => '<string>',
                            'VpcId' => '<string>',
                            'VpcSecurityGroups' => [
                                [
                                    'Status' => '<string>',
                                    'VpcSecurityGroupId' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsRoute53HostedZone' => [
                            'HostedZone' => [
                                'Config' => [
                                    'Comment' => '<string>',
                                ],
                                'Id' => '<string>',
                                'Name' => '<string>',
                            ],
                            'NameServers' => ['<string>', ...],
                            'QueryLoggingConfig' => [
                                'CloudWatchLogsLogGroupArn' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'HostedZoneId' => '<string>',
                                    'Id' => '<string>',
                                ],
                            ],
                            'Vpcs' => [
                                [
                                    'Id' => '<string>',
                                    'Region' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsS3AccessPoint' => [
                            'AccessPointArn' => '<string>',
                            'Alias' => '<string>',
                            'Bucket' => '<string>',
                            'BucketAccountId' => '<string>',
                            'Name' => '<string>',
                            'NetworkOrigin' => '<string>',
                            'PublicAccessBlockConfiguration' => [
                                'BlockPublicAcls' => true || false,
                                'BlockPublicPolicy' => true || false,
                                'IgnorePublicAcls' => true || false,
                                'RestrictPublicBuckets' => true || false,
                            ],
                            'VpcConfiguration' => [
                                'VpcId' => '<string>',
                            ],
                        ],
                        'AwsS3AccountPublicAccessBlock' => [
                            'BlockPublicAcls' => true || false,
                            'BlockPublicPolicy' => true || false,
                            'IgnorePublicAcls' => true || false,
                            'RestrictPublicBuckets' => true || false,
                        ],
                        'AwsS3Bucket' => [
                            'AccessControlList' => '<string>',
                            'BucketLifecycleConfiguration' => [
                                'Rules' => [
                                    [
                                        'AbortIncompleteMultipartUpload' => [
                                            'DaysAfterInitiation' => <integer>,
                                        ],
                                        'ExpirationDate' => '<string>',
                                        'ExpirationInDays' => <integer>,
                                        'ExpiredObjectDeleteMarker' => true || false,
                                        'Filter' => [
                                            'Predicate' => [
                                                'Operands' => [
                                                    [
                                                        'Prefix' => '<string>',
                                                        'Tag' => [
                                                            'Key' => '<string>',
                                                            'Value' => '<string>',
                                                        ],
                                                        'Type' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                                'Prefix' => '<string>',
                                                'Tag' => [
                                                    'Key' => '<string>',
                                                    'Value' => '<string>',
                                                ],
                                                'Type' => '<string>',
                                            ],
                                        ],
                                        'ID' => '<string>',
                                        'NoncurrentVersionExpirationInDays' => <integer>,
                                        'NoncurrentVersionTransitions' => [
                                            [
                                                'Days' => <integer>,
                                                'StorageClass' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'Prefix' => '<string>',
                                        'Status' => '<string>',
                                        'Transitions' => [
                                            [
                                                'Date' => '<string>',
                                                'Days' => <integer>,
                                                'StorageClass' => '<string>',
                                            ],
                                            // ...
                                        ],
                                    ],
                                    // ...
                                ],
                            ],
                            'BucketLoggingConfiguration' => [
                                'DestinationBucketName' => '<string>',
                                'LogFilePrefix' => '<string>',
                            ],
                            'BucketNotificationConfiguration' => [
                                'Configurations' => [
                                    [
                                        'Destination' => '<string>',
                                        'Events' => ['<string>', ...],
                                        'Filter' => [
                                            'S3KeyFilter' => [
                                                'FilterRules' => [
                                                    [
                                                        'Name' => 'Prefix|Suffix',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Type' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'BucketVersioningConfiguration' => [
                                'IsMfaDeleteEnabled' => true || false,
                                'Status' => '<string>',
                            ],
                            'BucketWebsiteConfiguration' => [
                                'ErrorDocument' => '<string>',
                                'IndexDocumentSuffix' => '<string>',
                                'RedirectAllRequestsTo' => [
                                    'Hostname' => '<string>',
                                    'Protocol' => '<string>',
                                ],
                                'RoutingRules' => [
                                    [
                                        'Condition' => [
                                            'HttpErrorCodeReturnedEquals' => '<string>',
                                            'KeyPrefixEquals' => '<string>',
                                        ],
                                        'Redirect' => [
                                            'Hostname' => '<string>',
                                            'HttpRedirectCode' => '<string>',
                                            'Protocol' => '<string>',
                                            'ReplaceKeyPrefixWith' => '<string>',
                                            'ReplaceKeyWith' => '<string>',
                                        ],
                                    ],
                                    // ...
                                ],
                            ],
                            'CreatedAt' => '<string>',
                            'Name' => '<string>',
                            'ObjectLockConfiguration' => [
                                'ObjectLockEnabled' => '<string>',
                                'Rule' => [
                                    'DefaultRetention' => [
                                        'Days' => <integer>,
                                        'Mode' => '<string>',
                                        'Years' => <integer>,
                                    ],
                                ],
                            ],
                            'OwnerAccountId' => '<string>',
                            'OwnerId' => '<string>',
                            'OwnerName' => '<string>',
                            'PublicAccessBlockConfiguration' => [
                                'BlockPublicAcls' => true || false,
                                'BlockPublicPolicy' => true || false,
                                'IgnorePublicAcls' => true || false,
                                'RestrictPublicBuckets' => true || false,
                            ],
                            'ServerSideEncryptionConfiguration' => [
                                'Rules' => [
                                    [
                                        'ApplyServerSideEncryptionByDefault' => [
                                            'KMSMasterKeyID' => '<string>',
                                            'SSEAlgorithm' => '<string>',
                                        ],
                                    ],
                                    // ...
                                ],
                            ],
                        ],
                        'AwsS3Object' => [
                            'ContentType' => '<string>',
                            'ETag' => '<string>',
                            'LastModified' => '<string>',
                            'SSEKMSKeyId' => '<string>',
                            'ServerSideEncryption' => '<string>',
                            'VersionId' => '<string>',
                        ],
                        'AwsSageMakerNotebookInstance' => [
                            'AcceleratorTypes' => ['<string>', ...],
                            'AdditionalCodeRepositories' => ['<string>', ...],
                            'DefaultCodeRepository' => '<string>',
                            'DirectInternetAccess' => '<string>',
                            'FailureReason' => '<string>',
                            'InstanceMetadataServiceConfiguration' => [
                                'MinimumInstanceMetadataServiceVersion' => '<string>',
                            ],
                            'InstanceType' => '<string>',
                            'KmsKeyId' => '<string>',
                            'NetworkInterfaceId' => '<string>',
                            'NotebookInstanceArn' => '<string>',
                            'NotebookInstanceLifecycleConfigName' => '<string>',
                            'NotebookInstanceName' => '<string>',
                            'NotebookInstanceStatus' => '<string>',
                            'PlatformIdentifier' => '<string>',
                            'RoleArn' => '<string>',
                            'RootAccess' => '<string>',
                            'SecurityGroups' => ['<string>', ...],
                            'SubnetId' => '<string>',
                            'Url' => '<string>',
                            'VolumeSizeInGB' => <integer>,
                        ],
                        'AwsSecretsManagerSecret' => [
                            'Deleted' => true || false,
                            'Description' => '<string>',
                            'KmsKeyId' => '<string>',
                            'Name' => '<string>',
                            'RotationEnabled' => true || false,
                            'RotationLambdaArn' => '<string>',
                            'RotationOccurredWithinFrequency' => true || false,
                            'RotationRules' => [
                                'AutomaticallyAfterDays' => <integer>,
                            ],
                        ],
                        'AwsSnsTopic' => [
                            'ApplicationSuccessFeedbackRoleArn' => '<string>',
                            'FirehoseFailureFeedbackRoleArn' => '<string>',
                            'FirehoseSuccessFeedbackRoleArn' => '<string>',
                            'HttpFailureFeedbackRoleArn' => '<string>',
                            'HttpSuccessFeedbackRoleArn' => '<string>',
                            'KmsMasterKeyId' => '<string>',
                            'Owner' => '<string>',
                            'SqsFailureFeedbackRoleArn' => '<string>',
                            'SqsSuccessFeedbackRoleArn' => '<string>',
                            'Subscription' => [
                                [
                                    'Endpoint' => '<string>',
                                    'Protocol' => '<string>',
                                ],
                                // ...
                            ],
                            'TopicName' => '<string>',
                        ],
                        'AwsSqsQueue' => [
                            'DeadLetterTargetArn' => '<string>',
                            'KmsDataKeyReusePeriodSeconds' => <integer>,
                            'KmsMasterKeyId' => '<string>',
                            'QueueName' => '<string>',
                        ],
                        'AwsSsmPatchCompliance' => [
                            'Patch' => [
                                'ComplianceSummary' => [
                                    'ComplianceType' => '<string>',
                                    'CompliantCriticalCount' => <integer>,
                                    'CompliantHighCount' => <integer>,
                                    'CompliantInformationalCount' => <integer>,
                                    'CompliantLowCount' => <integer>,
                                    'CompliantMediumCount' => <integer>,
                                    'CompliantUnspecifiedCount' => <integer>,
                                    'ExecutionType' => '<string>',
                                    'NonCompliantCriticalCount' => <integer>,
                                    'NonCompliantHighCount' => <integer>,
                                    'NonCompliantInformationalCount' => <integer>,
                                    'NonCompliantLowCount' => <integer>,
                                    'NonCompliantMediumCount' => <integer>,
                                    'NonCompliantUnspecifiedCount' => <integer>,
                                    'OverallSeverity' => '<string>',
                                    'PatchBaselineId' => '<string>',
                                    'PatchGroup' => '<string>',
                                    'Status' => '<string>',
                                ],
                            ],
                        ],
                        'AwsStepFunctionStateMachine' => [
                            'Label' => '<string>',
                            'LoggingConfiguration' => [
                                'Destinations' => [
                                    [
                                        'CloudWatchLogsLogGroup' => [
                                            'LogGroupArn' => '<string>',
                                        ],
                                    ],
                                    // ...
                                ],
                                'IncludeExecutionData' => true || false,
                                'Level' => '<string>',
                            ],
                            'Name' => '<string>',
                            'RoleArn' => '<string>',
                            'StateMachineArn' => '<string>',
                            'Status' => '<string>',
                            'TracingConfiguration' => [
                                'Enabled' => true || false,
                            ],
                            'Type' => '<string>',
                        ],
                        'AwsWafRateBasedRule' => [
                            'MatchPredicates' => [
                                [
                                    'DataId' => '<string>',
                                    'Negated' => true || false,
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'RateKey' => '<string>',
                            'RateLimit' => <integer>,
                            'RuleId' => '<string>',
                        ],
                        'AwsWafRegionalRateBasedRule' => [
                            'MatchPredicates' => [
                                [
                                    'DataId' => '<string>',
                                    'Negated' => true || false,
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'RateKey' => '<string>',
                            'RateLimit' => <integer>,
                            'RuleId' => '<string>',
                        ],
                        'AwsWafRegionalRule' => [
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'PredicateList' => [
                                [
                                    'DataId' => '<string>',
                                    'Negated' => true || false,
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'RuleId' => '<string>',
                        ],
                        'AwsWafRegionalRuleGroup' => [
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'RuleGroupId' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Type' => '<string>',
                                    ],
                                    'Priority' => <integer>,
                                    'RuleId' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsWafRegionalWebAcl' => [
                            'DefaultAction' => '<string>',
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'RulesList' => [
                                [
                                    'Action' => [
                                        'Type' => '<string>',
                                    ],
                                    'OverrideAction' => [
                                        'Type' => '<string>',
                                    ],
                                    'Priority' => <integer>,
                                    'RuleId' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'WebAclId' => '<string>',
                        ],
                        'AwsWafRule' => [
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'PredicateList' => [
                                [
                                    'DataId' => '<string>',
                                    'Negated' => true || false,
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'RuleId' => '<string>',
                        ],
                        'AwsWafRuleGroup' => [
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'RuleGroupId' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Type' => '<string>',
                                    ],
                                    'Priority' => <integer>,
                                    'RuleId' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsWafWebAcl' => [
                            'DefaultAction' => '<string>',
                            'Name' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Type' => '<string>',
                                    ],
                                    'ExcludedRules' => [
                                        [
                                            'RuleId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'OverrideAction' => [
                                        'Type' => '<string>',
                                    ],
                                    'Priority' => <integer>,
                                    'RuleId' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'WebAclId' => '<string>',
                        ],
                        'AwsWafv2RuleGroup' => [
                            'Arn' => '<string>',
                            'Capacity' => <integer>,
                            'Description' => '<string>',
                            'Id' => '<string>',
                            'Name' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Allow' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Block' => [
                                            'CustomResponse' => [
                                                'CustomResponseBodyKey' => '<string>',
                                                'ResponseCode' => <integer>,
                                                'ResponseHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Captcha' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Count' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                    ],
                                    'Name' => '<string>',
                                    'OverrideAction' => '<string>',
                                    'Priority' => <integer>,
                                    'VisibilityConfig' => [
                                        'CloudWatchMetricsEnabled' => true || false,
                                        'MetricName' => '<string>',
                                        'SampledRequestsEnabled' => true || false,
                                    ],
                                ],
                                // ...
                            ],
                            'Scope' => '<string>',
                            'VisibilityConfig' => [
                                'CloudWatchMetricsEnabled' => true || false,
                                'MetricName' => '<string>',
                                'SampledRequestsEnabled' => true || false,
                            ],
                        ],
                        'AwsWafv2WebAcl' => [
                            'Arn' => '<string>',
                            'Capacity' => <integer>,
                            'CaptchaConfig' => [
                                'ImmunityTimeProperty' => [
                                    'ImmunityTime' => <integer>,
                                ],
                            ],
                            'DefaultAction' => [
                                'Allow' => [
                                    'CustomRequestHandling' => [
                                        'InsertHeaders' => [
                                            [
                                                'Name' => '<string>',
                                                'Value' => '<string>',
                                            ],
                                            // ...
                                        ],
                                    ],
                                ],
                                'Block' => [
                                    'CustomResponse' => [
                                        'CustomResponseBodyKey' => '<string>',
                                        'ResponseCode' => <integer>,
                                        'ResponseHeaders' => [
                                            [
                                                'Name' => '<string>',
                                                'Value' => '<string>',
                                            ],
                                            // ...
                                        ],
                                    ],
                                ],
                            ],
                            'Description' => '<string>',
                            'Id' => '<string>',
                            'ManagedbyFirewallManager' => true || false,
                            'Name' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Allow' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Block' => [
                                            'CustomResponse' => [
                                                'CustomResponseBodyKey' => '<string>',
                                                'ResponseCode' => <integer>,
                                                'ResponseHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Captcha' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Count' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                    ],
                                    'Name' => '<string>',
                                    'OverrideAction' => '<string>',
                                    'Priority' => <integer>,
                                    'VisibilityConfig' => [
                                        'CloudWatchMetricsEnabled' => true || false,
                                        'MetricName' => '<string>',
                                        'SampledRequestsEnabled' => true || false,
                                    ],
                                ],
                                // ...
                            ],
                            'VisibilityConfig' => [
                                'CloudWatchMetricsEnabled' => true || false,
                                'MetricName' => '<string>',
                                'SampledRequestsEnabled' => true || false,
                            ],
                        ],
                        'AwsXrayEncryptionConfig' => [
                            'KeyId' => '<string>',
                            'Status' => '<string>',
                            'Type' => '<string>',
                        ],
                        'Container' => [
                            'ContainerRuntime' => '<string>',
                            'ImageId' => '<string>',
                            'ImageName' => '<string>',
                            'LaunchedAt' => '<string>',
                            'Name' => '<string>',
                            'Privileged' => true || false,
                            'VolumeMounts' => [
                                [
                                    'MountPath' => '<string>',
                                    'Name' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'Other' => ['<string>', ...],
                    ],
                    'Id' => '<string>', // REQUIRED
                    'Partition' => 'aws|aws-cn|aws-us-gov',
                    'Region' => '<string>',
                    'ResourceRole' => '<string>',
                    'Tags' => ['<string>', ...],
                    'Type' => '<string>', // REQUIRED
                ],
                // ...
            ],
            'Sample' => true || false,
            'SchemaVersion' => '<string>', // REQUIRED
            'Severity' => [
                'Label' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
                'Normalized' => <integer>,
                'Original' => '<string>',
                'Product' => <float>,
            ],
            'SourceUrl' => '<string>',
            'ThreatIntelIndicators' => [
                [
                    'Category' => 'BACKDOOR|CARD_STEALER|COMMAND_AND_CONTROL|DROP_SITE|EXPLOIT_SITE|KEYLOGGER',
                    'LastObservedAt' => '<string>',
                    'Source' => '<string>',
                    'SourceUrl' => '<string>',
                    'Type' => 'DOMAIN|EMAIL_ADDRESS|HASH_MD5|HASH_SHA1|HASH_SHA256|HASH_SHA512|IPV4_ADDRESS|IPV6_ADDRESS|MUTEX|PROCESS|URL',
                    'Value' => '<string>',
                ],
                // ...
            ],
            'Threats' => [
                [
                    'FilePaths' => [
                        [
                            'FileName' => '<string>',
                            'FilePath' => '<string>',
                            'Hash' => '<string>',
                            'ResourceId' => '<string>',
                        ],
                        // ...
                    ],
                    'ItemCount' => <integer>,
                    'Name' => '<string>',
                    'Severity' => '<string>',
                ],
                // ...
            ],
            'Title' => '<string>', // REQUIRED
            'Types' => ['<string>', ...],
            'UpdatedAt' => '<string>', // REQUIRED
            'UserDefinedFields' => ['<string>', ...],
            'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
            'Vulnerabilities' => [
                [
                    'CodeVulnerabilities' => [
                        [
                            'Cwes' => ['<string>', ...],
                            'FilePath' => [
                                'EndLine' => <integer>,
                                'FileName' => '<string>',
                                'FilePath' => '<string>',
                                'StartLine' => <integer>,
                            ],
                            'SourceArn' => '<string>',
                        ],
                        // ...
                    ],
                    'Cvss' => [
                        [
                            'Adjustments' => [
                                [
                                    'Metric' => '<string>',
                                    'Reason' => '<string>',
                                ],
                                // ...
                            ],
                            'BaseScore' => <float>,
                            'BaseVector' => '<string>',
                            'Source' => '<string>',
                            'Version' => '<string>',
                        ],
                        // ...
                    ],
                    'EpssScore' => <float>,
                    'ExploitAvailable' => 'YES|NO',
                    'FixAvailable' => 'YES|NO|PARTIAL',
                    'Id' => '<string>', // REQUIRED
                    'LastKnownExploitAt' => '<string>',
                    'ReferenceUrls' => ['<string>', ...],
                    'RelatedVulnerabilities' => ['<string>', ...],
                    'Vendor' => [
                        'Name' => '<string>', // REQUIRED
                        'Url' => '<string>',
                        'VendorCreatedAt' => '<string>',
                        'VendorSeverity' => '<string>',
                        'VendorUpdatedAt' => '<string>',
                    ],
                    'VulnerablePackages' => [
                        [
                            'Architecture' => '<string>',
                            'Epoch' => '<string>',
                            'FilePath' => '<string>',
                            'FixedInVersion' => '<string>',
                            'Name' => '<string>',
                            'PackageManager' => '<string>',
                            'Release' => '<string>',
                            'Remediation' => '<string>',
                            'SourceLayerArn' => '<string>',
                            'SourceLayerHash' => '<string>',
                            'Version' => '<string>',
                        ],
                        // ...
                    ],
                ],
                // ...
            ],
            'Workflow' => [
                'Status' => 'NEW|NOTIFIED|RESOLVED|SUPPRESSED',
            ],
            'WorkflowState' => 'NEW|ASSIGNED|IN_PROGRESS|DEFERRED|RESOLVED',
        ],
        // ...
    ],
]);

Parameter Details

Members
Findings
Required: Yes
Type: Array of AwsSecurityFinding structures

A list of findings to import. To successfully import a finding, it must follow the Amazon Web Services Security Finding Format. Maximum of 100 findings per request.

Result Syntax

[
    'FailedCount' => <integer>,
    'FailedFindings' => [
        [
            'ErrorCode' => '<string>',
            'ErrorMessage' => '<string>',
            'Id' => '<string>',
        ],
        // ...
    ],
    'SuccessCount' => <integer>,
]

Result Details

Members
FailedCount
Required: Yes
Type: int

The number of findings that failed to import.

FailedFindings
Type: Array of ImportFindingsError structures

The list of findings that failed to import.

SuccessCount
Required: Yes
Type: int

The number of findings that were successfully imported.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

Examples

Example 1: To import security findings from a third party provider to Security Hub

The following example imports findings from a third party provider to Security Hub.

$result = $client->batchImportFindings([
    'Findings' => [
        [
            'AwsAccountId' => '123456789012',
            'CreatedAt' => '2020-05-27T17:05:54.832Z',
            'Description' => 'Vulnerability in a CloudTrail trail',
            'FindingProviderFields' => [
                'Severity' => [
                    'Label' => 'LOW',
                    'Original' => '10',
                ],
                'Types' => [
                    'Software and Configuration Checks/Vulnerabilities/CVE',
                ],
            ],
            'GeneratorId' => 'TestGeneratorId',
            'Id' => 'Id1',
            'ProductArn' => 'arn:aws:securityhub:us-west-1:123456789012:product/123456789012/default',
            'Resources' => [
                [
                    'Id' => 'arn:aws:cloudtrail:us-west-1:123456789012:trail/TrailName',
                    'Partition' => 'aws',
                    'Region' => 'us-west-1',
                    'Type' => 'AwsCloudTrailTrail',
                ],
            ],
            'SchemaVersion' => '2018-10-08',
            'Title' => 'CloudTrail trail vulnerability',
            'UpdatedAt' => '2020-06-02T16:05:54.832Z',
        ],
    ],
]);

Result syntax:

[
    'FailedCount' => 123,
    'FailedFindings' => [
    ],
    'SuccessCount' => 123,
]

BatchUpdateAutomationRules

$result = $client->batchUpdateAutomationRules([/* ... */]);
$promise = $client->batchUpdateAutomationRulesAsync([/* ... */]);

Updates one or more automation rules based on rule Amazon Resource Names (ARNs) and input parameters.

Parameter Syntax

$result = $client->batchUpdateAutomationRules([
    'UpdateAutomationRulesRequestItems' => [ // REQUIRED
        [
            'Actions' => [
                [
                    'FindingFieldsUpdate' => [
                        'Confidence' => <integer>,
                        'Criticality' => <integer>,
                        'Note' => [
                            'Text' => '<string>', // REQUIRED
                            'UpdatedBy' => '<string>', // REQUIRED
                        ],
                        'RelatedFindings' => [
                            [
                                'Id' => '<string>', // REQUIRED
                                'ProductArn' => '<string>', // REQUIRED
                            ],
                            // ...
                        ],
                        'Severity' => [
                            'Label' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
                            'Normalized' => <integer>,
                            'Product' => <float>,
                        ],
                        'Types' => ['<string>', ...],
                        'UserDefinedFields' => ['<string>', ...],
                        'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
                        'Workflow' => [
                            'Status' => 'NEW|NOTIFIED|RESOLVED|SUPPRESSED',
                        ],
                    ],
                    'Type' => 'FINDING_FIELDS_UPDATE',
                ],
                // ...
            ],
            'Criteria' => [
                'AwsAccountId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'AwsAccountName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'CompanyName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceAssociatedStandardsId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceSecurityControlId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceStatus' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Confidence' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'CreatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'Criticality' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'Description' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'FirstObservedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'GeneratorId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Id' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'LastObservedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'NoteText' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NoteUpdatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'NoteUpdatedBy' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProductArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProductName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RecordState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RelatedFindingsId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RelatedFindingsProductArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceApplicationArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceApplicationName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceDetailsOther' => [
                    [
                        'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourcePartition' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceRegion' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceTags' => [
                    [
                        'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceType' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'SeverityLabel' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'SourceUrl' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Title' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Type' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'UpdatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'UserDefinedFields' => [
                    [
                        'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'VerificationState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'WorkflowStatus' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
            ],
            'Description' => '<string>',
            'IsTerminal' => true || false,
            'RuleArn' => '<string>', // REQUIRED
            'RuleName' => '<string>',
            'RuleOrder' => <integer>,
            'RuleStatus' => 'ENABLED|DISABLED',
        ],
        // ...
    ],
]);

Parameter Details

Members
UpdateAutomationRulesRequestItems
Required: Yes
Type: Array of UpdateAutomationRulesRequestItem structures

An array of ARNs for the rules that are to be updated. Optionally, you can also include RuleStatus and RuleOrder.

Result Syntax

[
    'ProcessedAutomationRules' => ['<string>', ...],
    'UnprocessedAutomationRules' => [
        [
            'ErrorCode' => <integer>,
            'ErrorMessage' => '<string>',
            'RuleArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
ProcessedAutomationRules
Type: Array of strings

A list of properly processed rule ARNs.

UnprocessedAutomationRules
Type: Array of UnprocessedAutomationRule structures

A list of objects containing RuleArn, ErrorCode, and ErrorMessage. This parameter tells you which automation rules the request didn't update and why.

Errors

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To update one ore more automation rules

The following example updates the specified automation rules.

$result = $client->batchUpdateAutomationRules([
    'UpdateAutomationRulesRequestItems' => [
        [
            'RuleArn' => 'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'RuleOrder' => 15,
            'RuleStatus' => 'ENABLED',
        ],
        [
            'RuleArn' => 'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222',
            'RuleStatus' => 'DISABLED',
        ],
    ],
]);

Result syntax:

[
    'ProcessedAutomationRules' => [
        'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
        'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222',
    ],
]

BatchUpdateFindings

$result = $client->batchUpdateFindings([/* ... */]);
$promise = $client->batchUpdateFindingsAsync([/* ... */]);

Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.

Updates from BatchUpdateFindings don't affect the value of UpdatedAt for a finding.

Administrator and member accounts can use BatchUpdateFindings to update the following finding fields and objects.

  • Confidence

  • Criticality

  • Note

  • RelatedFindings

  • Severity

  • Types

  • UserDefinedFields

  • VerificationState

  • Workflow

You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the Security Hub User Guide.

Parameter Syntax

$result = $client->batchUpdateFindings([
    'Confidence' => <integer>,
    'Criticality' => <integer>,
    'FindingIdentifiers' => [ // REQUIRED
        [
            'Id' => '<string>', // REQUIRED
            'ProductArn' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'Note' => [
        'Text' => '<string>', // REQUIRED
        'UpdatedBy' => '<string>', // REQUIRED
    ],
    'RelatedFindings' => [
        [
            'Id' => '<string>', // REQUIRED
            'ProductArn' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'Severity' => [
        'Label' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
        'Normalized' => <integer>,
        'Product' => <float>,
    ],
    'Types' => ['<string>', ...],
    'UserDefinedFields' => ['<string>', ...],
    'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
    'Workflow' => [
        'Status' => 'NEW|NOTIFIED|RESOLVED|SUPPRESSED',
    ],
]);

Parameter Details

Members
Confidence
Type: int

The updated value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

Criticality
Type: int

The updated value for the level of importance assigned to the resources associated with the findings.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

FindingIdentifiers
Required: Yes
Type: Array of AwsSecurityFindingIdentifier structures

The list of findings to update. BatchUpdateFindings can be used to update up to 100 findings at a time.

For each finding, the list provides the finding identifier and the ARN of the finding provider.

Note
Type: NoteUpdate structure

The updated note.

RelatedFindings
Type: Array of RelatedFinding structures

A list of findings that are related to the updated findings.

Severity
Type: SeverityUpdate structure

Used to update the finding severity.

Types
Type: Array of strings

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are as follows.

  • Software and Configuration Checks

  • TTPs

  • Effects

  • Unusual Behaviors

  • Sensitive Data Identifications

UserDefinedFields
Type: Associative array of custom strings keys (NonEmptyString) to strings

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

VerificationState
Type: string

Indicates the veracity of a finding.

The available values for VerificationState are as follows.

  • UNKNOWN – The default disposition of a security finding

  • TRUE_POSITIVE – The security finding is confirmed

  • FALSE_POSITIVE – The security finding was determined to be a false alarm

  • BENIGN_POSITIVE – A special case of TRUE_POSITIVE where the finding doesn't pose any threat, is expected, or both

Workflow
Type: WorkflowUpdate structure

Used to update the workflow status of a finding.

The workflow status indicates the progress of the investigation into the finding.

Result Syntax

[
    'ProcessedFindings' => [
        [
            'Id' => '<string>',
            'ProductArn' => '<string>',
        ],
        // ...
    ],
    'UnprocessedFindings' => [
        [
            'ErrorCode' => '<string>',
            'ErrorMessage' => '<string>',
            'FindingIdentifier' => [
                'Id' => '<string>',
                'ProductArn' => '<string>',
            ],
        ],
        // ...
    ],
]

Result Details

Members
ProcessedFindings
Required: Yes
Type: Array of AwsSecurityFindingIdentifier structures

The list of findings that were updated successfully.

UnprocessedFindings
Required: Yes
Type: Array of BatchUpdateFindingsUnprocessedFinding structures

The list of findings that were not updated.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

Examples

Example 1: To update Security Hub findings

The following example updates Security Hub findings. The finding identifier parameter specifies which findings to update. Only specific finding fields can be updated with this operation.

$result = $client->batchUpdateFindings([
    'Confidence' => 80,
    'Criticality' => 80,
    'FindingIdentifiers' => [
        [
            'Id' => 'arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'ProductArn' => 'arn:aws:securityhub:us-west-1::product/aws/securityhub',
        ],
        [
            'Id' => 'arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222',
            'ProductArn' => 'arn:aws:securityhub:us-west-1::product/aws/securityhub',
        ],
    ],
    'Note' => [
        'Text' => 'Known issue that is not a risk.',
        'UpdatedBy' => 'user1',
    ],
    'RelatedFindings' => [
        [
            'Id' => 'arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE33333',
            'ProductArn' => 'arn:aws:securityhub:us-west-1::product/aws/securityhub',
        ],
    ],
    'Severity' => [
        'Label' => 'LOW',
    ],
    'Types' => [
        'Software and Configuration Checks/Vulnerabilities/CVE',
    ],
    'UserDefinedFields' => [
        'reviewedByCio' => 'true',
    ],
    'VerificationState' => 'TRUE_POSITIVE',
    'Workflow' => [
        'Status' => 'RESOLVED',
    ],
]);

Result syntax:

[
    'ProcessedFindings' => [
        [
            'Id' => 'arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'ProductArn' => 'arn:aws:securityhub:us-west-1::product/aws/securityhub',
        ],
        [
            'Id' => 'arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1/PCI.Lambda.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222',
            'ProductArn' => 'arn:aws:securityhub:us-west-1::product/aws/securityhub',
        ],
    ],
    'UnprocessedFindings' => [
    ],
]

BatchUpdateStandardsControlAssociations

$result = $client->batchUpdateStandardsControlAssociations([/* ... */]);
$promise = $client->batchUpdateStandardsControlAssociationsAsync([/* ... */]);

For a batch of security controls and standards, this operation updates the enablement status of a control in a standard.

Parameter Syntax

$result = $client->batchUpdateStandardsControlAssociations([
    'StandardsControlAssociationUpdates' => [ // REQUIRED
        [
            'AssociationStatus' => 'ENABLED|DISABLED', // REQUIRED
            'SecurityControlId' => '<string>', // REQUIRED
            'StandardsArn' => '<string>', // REQUIRED
            'UpdatedReason' => '<string>',
        ],
        // ...
    ],
]);

Parameter Details

Members
StandardsControlAssociationUpdates
Required: Yes
Type: Array of StandardsControlAssociationUpdate structures

Updates the enablement status of a security control in a specified standard.

Result Syntax

[
    'UnprocessedAssociationUpdates' => [
        [
            'ErrorCode' => 'INVALID_INPUT|ACCESS_DENIED|NOT_FOUND|LIMIT_EXCEEDED',
            'ErrorReason' => '<string>',
            'StandardsControlAssociationUpdate' => [
                'AssociationStatus' => 'ENABLED|DISABLED',
                'SecurityControlId' => '<string>',
                'StandardsArn' => '<string>',
                'UpdatedReason' => '<string>',
            ],
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAssociationUpdates

A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) whose enablement status in a specified standard couldn't be updated.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To update enablement status of a batch of controls

The following example disables CloudWatch.12 in CIS AWS Foundations Benchmark v1.2.0. The example returns an error for CloudTrail.1 because an invalid standard ARN is provided.

$result = $client->batchUpdateStandardsControlAssociations([
    'StandardsControlAssociationUpdates' => [
        [
            'AssociationStatus' => 'DISABLED',
            'SecurityControlId' => 'CloudTrail.1',
            'StandardsArn' => 'arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0',
            'UpdatedReason' => 'Not relevant to environment',
        ],
        [
            'AssociationStatus' => 'DISABLED',
            'SecurityControlId' => 'CloudWatch.12',
            'StandardsArn' => 'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0',
            'UpdatedReason' => 'Not relevant to environment',
        ],
    ],
]);

Result syntax:

[
    'UnprocessedAssociationUpdates' => [
        [
            'ErrorCode' => 'INVALID_INPUT',
            'ErrorReason' => 'Invalid Standards Arn: 'arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0'',
            'StandardsControlAssociationUpdate' => [
                'AssociationStatus' => 'DISABLED',
                'SecurityControlId' => 'CloudTrail.1',
                'StandardsArn' => 'arn:aws:securityhub:::ruleset/sample-standard/v/1.1.0',
                'UpdatedReason' => 'Test Reason',
            ],
        ],
    ],
]

CreateActionTarget

$result = $client->createActionTarget([/* ... */]);
$promise = $client->createActionTargetAsync([/* ... */]);

Creates a custom action target in Security Hub.

You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.

Parameter Syntax

$result = $client->createActionTarget([
    'Description' => '<string>', // REQUIRED
    'Id' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
Description
Required: Yes
Type: string

The description for the custom action target.

Id
Required: Yes
Type: string

The ID for the custom action target. Can contain up to 20 alphanumeric characters.

Name
Required: Yes
Type: string

The name of the custom action target. Can contain up to 20 characters.

Result Syntax

[
    'ActionTargetArn' => '<string>',
]

Result Details

Members
ActionTargetArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) for the custom action target.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceConflictException:

The resource specified in the request conflicts with an existing resource.

Examples

Example 1: To create a custom action target

The following example creates a custom action target in Security Hub. Custom actions on findings and insights automatically trigger actions in Amazon CloudWatch Events.

$result = $client->createActionTarget([
    'Description' => 'Action to send the finding for remediation tracking',
    'Id' => 'Remediation',
    'Name' => 'Send to remediation',
]);

Result syntax:

[
    'ActionTargetArn' => 'arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation',
]

CreateAutomationRule

$result = $client->createAutomationRule([/* ... */]);
$promise = $client->createAutomationRuleAsync([/* ... */]);

Creates an automation rule based on input parameters.

Parameter Syntax

$result = $client->createAutomationRule([
    'Actions' => [ // REQUIRED
        [
            'FindingFieldsUpdate' => [
                'Confidence' => <integer>,
                'Criticality' => <integer>,
                'Note' => [
                    'Text' => '<string>', // REQUIRED
                    'UpdatedBy' => '<string>', // REQUIRED
                ],
                'RelatedFindings' => [
                    [
                        'Id' => '<string>', // REQUIRED
                        'ProductArn' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'Severity' => [
                    'Label' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
                    'Normalized' => <integer>,
                    'Product' => <float>,
                ],
                'Types' => ['<string>', ...],
                'UserDefinedFields' => ['<string>', ...],
                'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
                'Workflow' => [
                    'Status' => 'NEW|NOTIFIED|RESOLVED|SUPPRESSED',
                ],
            ],
            'Type' => 'FINDING_FIELDS_UPDATE',
        ],
        // ...
    ],
    'Criteria' => [ // REQUIRED
        'AwsAccountId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'AwsAccountName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'CompanyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceAssociatedStandardsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Confidence' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'CreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'Criticality' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'Description' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FirstObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'GeneratorId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Id' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'LastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'NoteText' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedBy' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecordState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceApplicationArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceApplicationName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceDetailsOther' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourcePartition' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceRegion' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceTags' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Title' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Type' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'UpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'UserDefinedFields' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VerificationState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
    ],
    'Description' => '<string>', // REQUIRED
    'IsTerminal' => true || false,
    'RuleName' => '<string>', // REQUIRED
    'RuleOrder' => <integer>, // REQUIRED
    'RuleStatus' => 'ENABLED|DISABLED',
    'Tags' => ['<string>', ...],
]);

Parameter Details

Members
Actions
Required: Yes
Type: Array of AutomationRulesAction structures

One or more actions to update finding fields if a finding matches the conditions specified in Criteria.

Criteria
Required: Yes
Type: AutomationRulesFindingFilters structure

A set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub applies the rule action to the finding.

Description
Required: Yes
Type: string

A description of the rule.

IsTerminal
Type: boolean

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.

RuleName
Required: Yes
Type: string

The name of the rule.

RuleOrder
Required: Yes
Type: int

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

RuleStatus
Type: string

Whether the rule is active after it is created. If this parameter is equal to ENABLED, Security Hub starts applying the rule to findings and finding updates after the rule is created. To change the value of this parameter after creating a rule, use BatchUpdateAutomationRules .

Tags
Type: Associative array of custom strings keys (TagKey) to strings

User-defined tags associated with an automation rule.

Result Syntax

[
    'RuleArn' => '<string>',
]

Result Details

Members
RuleArn
Type: string

The Amazon Resource Name (ARN) of the automation rule that you created.

Errors

AccessDeniedException:

You don't have permission to perform the action specified in the request.

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To create an automation rule

The following example creates an automation rule.

$result = $client->createAutomationRule([
    'Actions' => [
        [
            'FindingFieldsUpdate' => [
                'Note' => [
                    'Text' => 'This is a critical S3 bucket, please look into this ASAP',
                    'UpdatedBy' => 'test-user',
                ],
                'Severity' => [
                    'Label' => 'CRITICAL',
                ],
            ],
            'Type' => 'FINDING_FIELDS_UPDATE',
        ],
    ],
    'Criteria' => [
        'ComplianceStatus' => [
            [
                'Comparison' => 'EQUALS',
                'Value' => 'FAILED',
            ],
        ],
        'ProductName' => [
            [
                'Comparison' => 'EQUALS',
                'Value' => 'Security Hub',
            ],
        ],
        'RecordState' => [
            [
                'Comparison' => 'EQUALS',
                'Value' => 'ACTIVE',
            ],
        ],
        'ResourceId' => [
            [
                'Comparison' => 'EQUALS',
                'Value' => 'arn:aws:s3:::examplebucket/developers/design_info.doc',
            ],
        ],
        'WorkflowStatus' => [
            [
                'Comparison' => 'EQUALS',
                'Value' => 'NEW',
            ],
        ],
    ],
    'Description' => 'Elevate finding severity to Critical for important resources',
    'IsTerminal' => ,
    'RuleName' => 'Elevate severity for important resources',
    'RuleOrder' => 1,
    'RuleStatus' => 'ENABLED',
    'Tags' => [
        'important-resources-rule' => 's3-bucket',
    ],
]);

Result syntax:

[
    'RuleArn' => 'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
]

CreateConfigurationPolicy

$result = $client->createConfigurationPolicy([/* ... */]);
$promise = $client->createConfigurationPolicyAsync([/* ... */]);

Creates a configuration policy with the defined configuration. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Parameter Syntax

$result = $client->createConfigurationPolicy([
    'ConfigurationPolicy' => [ // REQUIRED
        'SecurityHub' => [
            'EnabledStandardIdentifiers' => ['<string>', ...],
            'SecurityControlsConfiguration' => [
                'DisabledSecurityControlIdentifiers' => ['<string>', ...],
                'EnabledSecurityControlIdentifiers' => ['<string>', ...],
                'SecurityControlCustomParameters' => [
                    [
                        'Parameters' => [
                            '<NonEmptyString>' => [
                                'Value' => [
                                    'Boolean' => true || false,
                                    'Double' => <float>,
                                    'Enum' => '<string>',
                                    'EnumList' => ['<string>', ...],
                                    'Integer' => <integer>,
                                    'IntegerList' => [<integer>, ...],
                                    'String' => '<string>',
                                    'StringList' => ['<string>', ...],
                                ],
                                'ValueType' => 'DEFAULT|CUSTOM', // REQUIRED
                            ],
                            // ...
                        ],
                        'SecurityControlId' => '<string>',
                    ],
                    // ...
                ],
            ],
            'ServiceEnabled' => true || false,
        ],
    ],
    'Description' => '<string>',
    'Name' => '<string>', // REQUIRED
    'Tags' => ['<string>', ...],
]);

Parameter Details

Members
ConfigurationPolicy
Required: Yes
Type: Policy structure

An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

Description
Type: string

The description of the configuration policy.

Name
Required: Yes
Type: string

The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, /.

Tags
Type: Associative array of custom strings keys (TagKey) to strings

User-defined tags associated with a configuration policy. For more information, see Tagging Security Hub resources in the Security Hub user guide.

Result Syntax

[
    'Arn' => '<string>',
    'ConfigurationPolicy' => [
        'SecurityHub' => [
            'EnabledStandardIdentifiers' => ['<string>', ...],
            'SecurityControlsConfiguration' => [
                'DisabledSecurityControlIdentifiers' => ['<string>', ...],
                'EnabledSecurityControlIdentifiers' => ['<string>', ...],
                'SecurityControlCustomParameters' => [
                    [
                        'Parameters' => [
                            '<NonEmptyString>' => [
                                'Value' => [
                                    'Boolean' => true || false,
                                    'Double' => <float>,
                                    'Enum' => '<string>',
                                    'EnumList' => ['<string>', ...],
                                    'Integer' => <integer>,
                                    'IntegerList' => [<integer>, ...],
                                    'String' => '<string>',
                                    'StringList' => ['<string>', ...],
                                ],
                                'ValueType' => 'DEFAULT|CUSTOM',
                            ],
                            // ...
                        ],
                        'SecurityControlId' => '<string>',
                    ],
                    // ...
                ],
            ],
            'ServiceEnabled' => true || false,
        ],
    ],
    'CreatedAt' => <DateTime>,
    'Description' => '<string>',
    'Id' => '<string>',
    'Name' => '<string>',
    'UpdatedAt' => <DateTime>,
]

Result Details

Members
Arn
Type: string

The Amazon Resource Name (ARN) of the configuration policy.

ConfigurationPolicy
Type: Policy structure

An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If the request included a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If the request included a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in UTC and ISO 8601 format, that the configuration policy was created.

Description
Type: string

The description of the configuration policy.

Id
Type: string

The universally unique identifier (UUID) of the configuration policy.

Name
Type: string

The name of the configuration policy.

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.

Errors

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

ResourceConflictException:

The resource specified in the request conflicts with an existing resource.

Examples

Example 1: To create a configuration policy

This operation creates a configuration policy in Security Hub.

$result = $client->createConfigurationPolicy([
    'ConfigurationPolicy' => [
        'SecurityHub' => [
            'EnabledStandardIdentifiers' => [
                'arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0',
                'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0',
            ],
            'SecurityControlsConfiguration' => [
                'DisabledSecurityControlIdentifiers' => [
                    'CloudWatch.1',
                ],
                'SecurityControlCustomParameters' => [
                    [
                        'Parameters' => [
                            'daysToExpiration' => [
                                'Value' => [
                                    'Integer' => 14,
                                ],
                                'ValueType' => 'CUSTOM',
                            ],
                        ],
                        'SecurityControlId' => 'ACM.1',
                    ],
                ],
            ],
            'ServiceEnabled' => 1,
        ],
    ],
    'Description' => 'Configuration policy for testing FSBP and CIS',
    'Name' => 'TestConfigurationPolicy',
]);

Result syntax:

[
    'Arn' => 'arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'ConfigurationPolicy' => [
        'SecurityHub' => [
            'EnabledStandardIdentifiers' => [
                'arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0',
                'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0',
            ],
            'SecurityControlsConfiguration' => [
                'DisabledSecurityControlIdentifiers' => [
                    'CloudWatch.1',
                ],
                'SecurityControlCustomParameters' => [
                    [
                        'Parameters' => [
                            'daysToExpiration' => [
                                'Value' => [
                                    'Integer' => 14,
                                ],
                                'ValueType' => 'CUSTOM',
                            ],
                        ],
                        'SecurityControlId' => 'ACM.1',
                    ],
                ],
            ],
            'ServiceEnabled' => 1,
        ],
    ],
    'CreatedAt' => ,
    'Description' => 'Configuration policy for testing FSBP and CIS',
    'Id' => 'a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'Name' => 'TestConfigurationPolicy',
    'UpdatedAt' => ,
]

CreateFindingAggregator

$result = $client->createFindingAggregator([/* ... */]);
$promise = $client->createFindingAggregatorAsync([/* ... */]);

The aggregation Region is now called the home Region.

Used to enable cross-Region aggregation. This operation can be invoked from the home Region only.

For information about how cross-Region aggregation works, see Understanding cross-Region aggregation in Security Hub in the Security Hub User Guide.

Parameter Syntax

$result = $client->createFindingAggregator([
    'RegionLinkingMode' => '<string>', // REQUIRED
    'Regions' => ['<string>', ...],
]);

Parameter Details

Members
RegionLinkingMode
Required: Yes
Type: string

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

The selected option also determines how to use the Regions provided in the Regions list.

The options are as follows:

  • ALL_REGIONS - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

  • ALL_REGIONS_EXCEPT_SPECIFIED - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

  • SPECIFIED_REGIONS - Aggregates findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.

  • NO_REGIONS - Aggregates no data because no Regions are selected as linked Regions.

Regions
Type: Array of strings

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do replicate and send findings to the home Region.

An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.

Result Syntax

[
    'FindingAggregationRegion' => '<string>',
    'FindingAggregatorArn' => '<string>',
    'RegionLinkingMode' => '<string>',
    'Regions' => ['<string>', ...],
]

Result Details

Members
FindingAggregationRegion
Type: string

The home Region. Findings generated in linked Regions are replicated and sent to the home Region.

FindingAggregatorArn
Type: string

The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop cross-Region aggregation.

RegionLinkingMode
Type: string

Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.

Regions
Type: Array of strings

The list of excluded Regions or included Regions.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

Examples

Example 1: To enable cross-Region aggregation

The following example creates a finding aggregator. This is required to enable cross-Region aggregation.

$result = $client->createFindingAggregator([
    'RegionLinkingMode' => 'SPECIFIED_REGIONS',
    'Regions' => [
        'us-west-1',
        'us-west-2',
    ],
]);

Result syntax:

[
    'FindingAggregationRegion' => 'us-east-1',
    'FindingAggregatorArn' => 'arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'RegionLinkingMode' => 'SPECIFIED_REGIONS',
    'Regions' => [
        'us-west-1',
        'us-west-2',
    ],
]

CreateInsight

$result = $client->createInsight([/* ... */]);
$promise = $client->createInsightAsync([/* ... */]);

Creates a custom insight in Security Hub. An insight is a consolidation of findings that relate to a security issue that requires attention or remediation.

To group the related findings in the insight, use the GroupByAttribute.

Parameter Syntax

$result = $client->createInsight([
    'Filters' => [ // REQUIRED
        'AwsAccountId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'AwsAccountName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'CompanyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceAssociatedStandardsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlParametersName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlParametersValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Confidence' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'CreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'Criticality' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'Description' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsConfidence' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'FindingProviderFieldsCriticality' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'FindingProviderFieldsRelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsRelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsSeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsSeverityOriginal' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsTypes' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FirstObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'GeneratorId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Id' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Keyword' => [
            [
                'Value' => '<string>',
            ],
            // ...
        ],
        'LastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'MalwareName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwarePath' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationPort' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NetworkDirection' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkProtocol' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceMac' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourcePort' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NoteText' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedBy' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProcessName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessParentPid' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessPath' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessPid' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessTerminatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductFields' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecommendationText' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecordState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Region' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceApplicationArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceApplicationName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV4Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV6Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceKeyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceSubnetId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceVpcId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyCreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyPrincipalName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamUserUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceDetailsOther' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourcePartition' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceRegion' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceTags' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Sample' => [
            [
                'Value' => true || false,
            ],
            // ...
        ],
        'SeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityNormalized' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SeverityProduct' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorCategory' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorLastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSource' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Title' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Type' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'UpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'UserDefinedFields' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VerificationState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VulnerabilitiesExploitAvailable' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VulnerabilitiesFixAvailable' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
    ],
    'GroupByAttribute' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
Filters
Required: Yes
Type: AwsSecurityFindingFilters structure

One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters.

GroupByAttribute
Required: Yes
Type: string

The attribute used to group the findings for the insight. The grouping attribute identifies the type of item that the insight applies to. For example, if an insight is grouped by resource identifier, then the insight produces a list of resource identifiers.

Name
Required: Yes
Type: string

The name of the custom insight to create.

Result Syntax

[
    'InsightArn' => '<string>',
]

Result Details

Members
InsightArn
Required: Yes
Type: string

The ARN of the insight created.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceConflictException:

The resource specified in the request conflicts with an existing resource.

Examples

Example 1: To create a custom insight

The following example creates a custom insight in Security Hub. An insight is a collection of findings that relate to a security issue.

$result = $client->createInsight([
    'Filters' => [
        'ResourceType' => [
            [
                'Comparison' => 'EQUALS',
                'Value' => 'AwsIamRole',
            ],
        ],
        'SeverityLabel' => [
            [
                'Comparison' => 'EQUALS',
                'Value' => 'CRITICAL',
            ],
        ],
    ],
    'GroupByAttribute' => 'ResourceId',
    'Name' => 'Critical role findings',
]);

Result syntax:

[
    'InsightArn' => 'arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
]

CreateMembers

$result = $client->createMembers([/* ... */]);
$promise = $client->createMembersAsync([/* ... */]);

Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.

CreateMembers is always used to add accounts that are not organization members.

For accounts that are managed using Organizations, CreateMembers is only used in the following cases:

  • Security Hub is not configured to automatically add new organization accounts.

  • The account was disassociated or deleted in Security Hub.

This action can only be used by an account that has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.

For accounts that are not organization members, you create the account association and then send an invitation to the member account. To send the invitation, you use the InviteMembers operation. If the account owner accepts the invitation, the account becomes a member account in Security Hub.

Accounts that are managed using Organizations don't receive an invitation. They automatically become a member account in Security Hub.

  • If the organization account does not have Security Hub enabled, then Security Hub and the default standards are automatically enabled. Note that Security Hub cannot be enabled automatically for the organization management account. The organization management account must enable Security Hub before the administrator account enables it as a member account.

  • For organization accounts that already have Security Hub enabled, Security Hub does not make any other changes to those accounts. It does not change their enabled standards or controls.

A permissions policy is added that permits the administrator account to view the findings generated in the member account.

To remove the association between the administrator and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.

Parameter Syntax

$result = $client->createMembers([
    'AccountDetails' => [ // REQUIRED
        [
            'AccountId' => '<string>', // REQUIRED
            'Email' => '<string>',
        ],
        // ...
    ],
]);

Parameter Details

Members
AccountDetails
Required: Yes
Type: Array of AccountDetails structures

The list of accounts to associate with the Security Hub administrator account. For each account, the list includes the account ID and optionally the email address.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
Type: Array of Result structures

The list of Amazon Web Services accounts that were not processed. For each account, the list includes the account ID and the email address.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceConflictException:

The resource specified in the request conflicts with an existing resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To add a member account

The following example creates a member association between the specified accounts and the administrator account (the account that makes the request). This operation is used to add accounts that aren't part of an organization.

$result = $client->createMembers([
    'AccountDetails' => [
        [
            'AccountId' => '123456789012',
        ],
        [
            'AccountId' => '111122223333',
        ],
    ],
]);

Result syntax:

[
    'UnprocessedAccounts' => [
    ],
]

DeclineInvitations

$result = $client->declineInvitations([/* ... */]);
$promise = $client->declineInvitationsAsync([/* ... */]);

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Declines invitations to become a Security Hub member account.

A prospective member account uses this operation to decline an invitation to become a member.

Only member accounts that aren't part of an Amazon Web Services organization should use this operation. Organization accounts don't receive invitations.

Parameter Syntax

$result = $client->declineInvitations([
    'AccountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AccountIds
Required: Yes
Type: Array of strings

The list of prospective member account IDs for which to decline an invitation.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
Type: Array of Result structures

The list of Amazon Web Services accounts that were not processed. For each account, the list includes the account ID and the email address.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To decline invitation to become a member account

The following example declines an invitation from the Security Hub administrator account to become a member account. The invited account makes the request.

$result = $client->declineInvitations([
    'AccountIds' => [
        '123456789012',
        '111122223333',
    ],
]);

Result syntax:

[
    'UnprocessedAccounts' => [
    ],
]

DeleteActionTarget

$result = $client->deleteActionTarget([/* ... */]);
$promise = $client->deleteActionTargetAsync([/* ... */]);

Deletes a custom action target from Security Hub.

Deleting a custom action target does not affect any findings or insights that were already sent to Amazon CloudWatch Events using the custom action.

Parameter Syntax

$result = $client->deleteActionTarget([
    'ActionTargetArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
ActionTargetArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the custom action target to delete.

Result Syntax

[
    'ActionTargetArn' => '<string>',
]

Result Details

Members
ActionTargetArn
Required: Yes
Type: string

The ARN of the custom action target that was deleted.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To delete a custom action target

The following example deletes a custom action target that triggers target actions in Amazon CloudWatch Events. Deleting a custom action target doesn't affect findings or insights that were already sent to CloudWatch Events based on the custom action.

$result = $client->deleteActionTarget([
    'ActionTargetArn' => 'arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation',
]);

Result syntax:

[
    'ActionTargetArn' => 'arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation',
]

DeleteConfigurationPolicy

$result = $client->deleteConfigurationPolicy([/* ... */]);
$promise = $client->deleteConfigurationPolicyAsync([/* ... */]);

Deletes a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region. For the deletion to succeed, you must first disassociate a configuration policy from target accounts, organizational units, or the root by invoking the StartConfigurationPolicyDisassociation operation.

Parameter Syntax

$result = $client->deleteConfigurationPolicy([
    'Identifier' => '<string>', // REQUIRED
]);

Parameter Details

Members
Identifier
Required: Yes
Type: string

The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

AccessDeniedException:

You don't have permission to perform the action specified in the request.

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

ResourceConflictException:

The resource specified in the request conflicts with an existing resource.

Examples

Example 1: To delete a configuration policy

This operation deletes the specified configuration policy.

$result = $client->deleteConfigurationPolicy([
    'Identifier' => 'arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
]);

DeleteFindingAggregator

$result = $client->deleteFindingAggregator([/* ... */]);
$promise = $client->deleteFindingAggregatorAsync([/* ... */]);

The aggregation Region is now called the home Region.

Deletes a finding aggregator. When you delete the finding aggregator, you stop cross-Region aggregation. Finding replication stops occurring from the linked Regions to the home Region.

When you stop cross-Region aggregation, findings that were already replicated and sent to the home Region are still visible from the home Region. However, new findings and finding updates are no longer replicated and sent to the home Region.

Parameter Syntax

$result = $client->deleteFindingAggregator([
    'FindingAggregatorArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
FindingAggregatorArn
Required: Yes
Type: string

The ARN of the finding aggregator to delete. To obtain the ARN, use ListFindingAggregators.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To delete a finding aggregator

The following example deletes a finding aggregator in Security Hub. Deleting the finding aggregator stops cross-Region aggregation. This operation produces no output.

$result = $client->deleteFindingAggregator([
    'FindingAggregatorArn' => 'arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
]);

DeleteInsight

$result = $client->deleteInsight([/* ... */]);
$promise = $client->deleteInsightAsync([/* ... */]);

Deletes the insight specified by the InsightArn.

Parameter Syntax

$result = $client->deleteInsight([
    'InsightArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
InsightArn
Required: Yes
Type: string

The ARN of the insight to delete.

Result Syntax

[
    'InsightArn' => '<string>',
]

Result Details

Members
InsightArn
Required: Yes
Type: string

The ARN of the insight that was deleted.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To delete a custom insight

The following example deletes a custom insight in Security Hub.

$result = $client->deleteInsight([
    'InsightArn' => 'arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
]);

Result syntax:

[
    'InsightArn' => 'arn:aws:securityhub:eu-central-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
]

DeleteInvitations

$result = $client->deleteInvitations([/* ... */]);
$promise = $client->deleteInvitationsAsync([/* ... */]);

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Deletes invitations to become a Security Hub member account.

A Security Hub administrator account can use this operation to delete invitations sent to one or more prospective member accounts.

This operation is only used to delete invitations that are sent to prospective member accounts that aren't part of an Amazon Web Services organization. Organization accounts don't receive invitations.

Parameter Syntax

$result = $client->deleteInvitations([
    'AccountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AccountIds
Required: Yes
Type: Array of strings

The list of member account IDs that received the invitations you want to delete.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
Type: Array of Result structures

The list of Amazon Web Services accounts for which the invitations were not deleted. For each account, the list includes the account ID and the email address.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

InvalidAccessException:

The account doesn't have permission to perform this action.

Examples

Example 1: To delete a custom insight

The following example deletes an invitation sent by the Security Hub administrator account to a prospective member account. This operation is used only for invitations sent to accounts that aren't part of an organization. Organization accounts don't receive invitations.

$result = $client->deleteInvitations([
    'AccountIds' => [
        '123456789012',
    ],
]);

Result syntax:

[
    'UnprocessedAccounts' => [
    ],
]

DeleteMembers

$result = $client->deleteMembers([/* ... */]);
$promise = $client->deleteMembersAsync([/* ... */]);

Deletes the specified member accounts from Security Hub.

You can invoke this API only to delete accounts that became members through invitation. You can't invoke this API to delete accounts that belong to an Organizations organization.

Parameter Syntax

$result = $client->deleteMembers([
    'AccountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AccountIds
Required: Yes
Type: Array of strings

The list of account IDs for the member accounts to delete.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
Type: Array of Result structures

The list of Amazon Web Services accounts that were not deleted. For each account, the list includes the account ID and the email address.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To delete a member account

The following example deletes the specified member account from Security Hub. This operation can be used to delete member accounts that are part of an organization or that were invited manually.

$result = $client->deleteMembers([
    'AccountIds' => [
        '123456789111',
        '123456789222',
    ],
]);

Result syntax:

[
    'UnprocessedAccounts' => [
    ],
]

DescribeActionTargets

$result = $client->describeActionTargets([/* ... */]);
$promise = $client->describeActionTargetsAsync([/* ... */]);

Returns a list of the custom action targets in Security Hub in your account.

Parameter Syntax

$result = $client->describeActionTargets([
    'ActionTargetArns' => ['<string>', ...],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
ActionTargetArns
Type: Array of strings

A list of custom action target ARNs for the custom action targets to retrieve.

MaxResults
Type: int

The maximum number of results to return.

NextToken
Type: string

The token that is required for pagination. On your first call to the DescribeActionTargets operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'ActionTargets' => [
        [
            'ActionTargetArn' => '<string>',
            'Description' => '<string>',
            'Name' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
ActionTargets
Required: Yes
Type: Array of ActionTarget structures

A list of ActionTarget objects. Each object includes the ActionTargetArn, Description, and Name of a custom action target available in Security Hub.

NextToken
Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To return custom action targets

The following example returns a list of custom action targets. You use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.

$result = $client->describeActionTargets([
    'ActionTargetArns' => [
        'arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation',
    ],
]);

Result syntax:

[
    'ActionTargets' => [
        [
            'ActionTargetArn' => 'arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation',
            'Description' => 'Action to send the finding for remediation tracking',
            'Name' => 'Send to remediation',
        ],
    ],
]

DescribeHub

$result = $client->describeHub([/* ... */]);
$promise = $client->describeHubAsync([/* ... */]);

Returns details about the Hub resource in your account, including the HubArn and the time when you enabled Security Hub.

Parameter Syntax

$result = $client->describeHub([
    'HubArn' => '<string>',
]);

Parameter Details

Members
HubArn
Type: string

The ARN of the Hub resource to retrieve.

Result Syntax

[
    'AutoEnableControls' => true || false,
    'ControlFindingGenerator' => 'STANDARD_CONTROL|SECURITY_CONTROL',
    'HubArn' => '<string>',
    'SubscribedAt' => '<string>',
]

Result Details

Members
AutoEnableControls
Type: boolean

Whether to automatically enable new controls when they are added to standards that are enabled.

If set to true, then new controls for enabled standards are enabled automatically. If set to false, then new controls are not enabled.

When you automatically enable new controls, you can interact with the controls in the console and programmatically immediately after release. However, automatically enabled controls have a temporary default status of DISABLED. It can take up to several days for Security Hub to process the control release and designate the control as ENABLED in your account. During the processing period, you can manually enable or disable a control, and Security Hub will maintain that designation regardless of whether you have AutoEnableControls set to true.

ControlFindingGenerator
Type: string

Specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.

If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.

The value for this field in a member account matches the value in the administrator account. For accounts that aren't part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 23, 2023.

HubArn
Type: string

The ARN of the Hub resource that was retrieved.

SubscribedAt
Type: string

The date and time when Security Hub was enabled in the account.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To return details about Hub resource

The following example returns details about the Hub resource in the calling account. The Hub resource represents the implementation of the AWS Security Hub service in the calling account.

$result = $client->describeHub([
    'HubArn' => 'arn:aws:securityhub:us-west-1:123456789012:hub/default',
]);

Result syntax:

[
    'AutoEnableControls' => 1,
    'ControlFindingGenerator' => 'SECURITY_CONTROL',
    'HubArn' => 'arn:aws:securityhub:us-west-1:123456789012:hub/default',
    'SubscribedAt' => '2019-11-19T23:15:10.046Z',
]

DescribeOrganizationConfiguration

$result = $client->describeOrganizationConfiguration([/* ... */]);
$promise = $client->describeOrganizationConfigurationAsync([/* ... */]);

Returns information about the way your organization is configured in Security Hub. Only the Security Hub administrator account can invoke this operation.

Parameter Syntax

$result = $client->describeOrganizationConfiguration([
]);

Parameter Details

Members

Result Syntax

[
    'AutoEnable' => true || false,
    'AutoEnableStandards' => 'NONE|DEFAULT',
    'MemberAccountLimitReached' => true || false,
    'OrganizationConfiguration' => [
        'ConfigurationType' => 'CENTRAL|LOCAL',
        'Status' => 'PENDING|ENABLED|FAILED',
        'StatusMessage' => '<string>',
    ],
]

Result Details

Members
AutoEnable
Type: boolean

Whether to automatically enable Security Hub in new member accounts when they join the organization.

If set to true, then Security Hub is automatically enabled in new accounts. If set to false, then Security Hub isn't enabled in new accounts automatically. The default value is false.

If the ConfigurationType of your organization is set to CENTRAL, then this field is set to false and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which Security Hub is enabled and associate the policy with new organization accounts.

AutoEnableStandards
Type: string

Whether to automatically enable Security Hub default standards in new member accounts when they join the organization.

If equal to DEFAULT, then Security Hub default standards are automatically enabled for new member accounts. If equal to NONE, then default standards are not automatically enabled for new member accounts. The default value of this parameter is equal to DEFAULT.

If the ConfigurationType of your organization is set to CENTRAL, then this field is set to NONE and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which specific security standards are enabled and associate the policy with new organization accounts.

MemberAccountLimitReached
Type: boolean

Whether the maximum number of allowed member accounts are already associated with the Security Hub administrator account.

OrganizationConfiguration
Type: OrganizationConfiguration structure

Provides information about the way an organization is configured in Security Hub.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To get information about organization configuration

This operation provides information about the way your organization is configured in Security Hub. Only a Security Hub administrator account can invoke this operation.

$result = $client->describeOrganizationConfiguration([
]);

Result syntax:

[
    'AutoEnable' => ,
    'AutoEnableStandards' => 'NONE',
    'MemberAccountLimitReached' => ,
    'OrganizationConfiguration' => [
        'ConfigurationType' => 'CENTRAL',
        'Status' => 'ENABLED',
    ],
]

DescribeProducts

$result = $client->describeProducts([/* ... */]);
$promise = $client->describeProductsAsync([/* ... */]);

Returns information about product integrations in Security Hub.

You can optionally provide an integration ARN. If you provide an integration ARN, then the results only include that integration.

If you don't provide an integration ARN, then the results include all of the available product integrations.

Parameter Syntax

$result = $client->describeProducts([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ProductArn' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of results to return.

NextToken
Type: string

The token that is required for pagination. On your first call to the DescribeProducts operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

ProductArn
Type: string

The ARN of the integration to return.

Result Syntax

[
    'NextToken' => '<string>',
    'Products' => [
        [
            'ActivationUrl' => '<string>',
            'Categories' => ['<string>', ...],
            'CompanyName' => '<string>',
            'Description' => '<string>',
            'IntegrationTypes' => ['<string>', ...],
            'MarketplaceUrl' => '<string>',
            'ProductArn' => '<string>',
            'ProductName' => '<string>',
            'ProductSubscriptionResourcePolicy' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The pagination token to use to request the next page of results.

Products
Required: Yes
Type: Array of Product structures

A list of products, including details for each product.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

Examples

Example 1: To get information about Security Hub integrations

The following example returns details about AWS services and third-party products that Security Hub integrates with.

$result = $client->describeProducts([
    'MaxResults' => 1,
    'NextToken' => 'NULL',
    'ProductArn' => 'arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon',
]);

Result syntax:

[
    'NextToken' => 'U2FsdGVkX18vvPlOqb7RDrWRWVFBJI46MOIAb+nZmRJmR15NoRi2gm13sdQEn3O/pq/78dGs+bKpgA+7HMPHO0qX33/zoRI+uIG/F9yLNhcOrOWzFUdy36JcXLQji3Rpnn/cD1SVkGA98qI3zPOSDg==',
    'Products' => [
        [
            'ActivationUrl' => 'https://falcon.crowdstrike.com/support/documentation',
            'Categories' => [
                'Endpoint Detection and Response (EDR)',
                'AV Scanning and Sandboxing',
                'Threat Intelligence Feeds and Reports',
                'Endpoint Forensics',
                'Network Forensics',
            ],
            'CompanyName' => 'CrowdStrike',
            'Description' => 'CrowdStrike Falcon's single lightweight sensor unifies next-gen antivirus, endpoint detection and response, and 24/7 managed hunting, via the cloud.',
            'IntegrationTypes' => [
                'SEND_FINDINGS_TO_SECURITY_HUB',
            ],
            'MarketplaceUrl' => 'https://aws.amazon.com/marketplace/seller-profile?id=a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'ProductArn' => 'arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon',
            'ProductName' => 'CrowdStrike Falcon',
            'ProductSubscriptionResourcePolicy' => '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"123456789333"},"Action":["securityhub:BatchImportFindings"],"Resource":"arn:aws:securityhub:us-west-1:123456789012:product-subscription/crowdstrike/crowdstrike-falcon","Condition":{"StringEquals":{"securityhub:TargetAccount":"123456789012"}}},{"Effect":"Allow","Principal":{"AWS":"123456789012"},"Action":["securityhub:BatchImportFindings"],"Resource":"arn:aws:securityhub:us-west-1:123456789333:product/crowdstrike/crowdstrike-falcon","Condition":{"StringEquals":{"securityhub:TargetAccount":"123456789012"}}}]}',
        ],
    ],
]

DescribeStandards

$result = $client->describeStandards([/* ... */]);
$promise = $client->describeStandardsAsync([/* ... */]);

Returns a list of the available standards in Security Hub.

For each standard, the results include the standard ARN, the name, and a description.

Parameter Syntax

$result = $client->describeStandards([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of standards to return.

NextToken
Type: string

The token that is required for pagination. On your first call to the DescribeStandards operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'NextToken' => '<string>',
    'Standards' => [
        [
            'Description' => '<string>',
            'EnabledByDefault' => true || false,
            'Name' => '<string>',
            'StandardsArn' => '<string>',
            'StandardsManagedBy' => [
                'Company' => '<string>',
                'Product' => '<string>',
            ],
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The pagination token to use to request the next page of results.

Standards
Type: Array of Standard structures

A list of available standards.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

Examples

Example 1: To get available Security Hub standards

The following example returns a list of available security standards in Security Hub.

$result = $client->describeStandards([
]);

Result syntax:

[
    'Standards' => [
        [
            'Description' => 'The AWS Foundational Security Best Practices standard is a set of automated security checks that detect when AWS accounts and deployed resources do not align to security best practices. The standard is defined by AWS security experts. This curated set of controls helps improve your security posture in AWS, and cover AWS's most popular and foundational services.',
            'EnabledByDefault' => 1,
            'Name' => 'AWS Foundational Security Best Practices v1.0.0',
            'StandardsArn' => 'arn:aws:securityhub:us-west-1::standards/aws-foundational-security-best-practices/v/1.0.0',
        ],
        [
            'Description' => 'The Center for Internet Security (CIS) AWS Foundations Benchmark v1.2.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.',
            'EnabledByDefault' => 1,
            'Name' => 'CIS AWS Foundations Benchmark v1.2.0',
            'StandardsArn' => 'arn:aws:securityhub:us-west-1::ruleset/cis-aws-foundations-benchmark/v/1.2.0',
        ],
        [
            'Description' => 'The Center for Internet Security (CIS) AWS Foundations Benchmark v1.4.0 is a set of security configuration best practices for AWS. This Security Hub standard automatically checks for your compliance readiness against a subset of CIS requirements.',
            'EnabledByDefault' => ,
            'Name' => 'CIS AWS Foundations Benchmark v1.4.0',
            'StandardsArn' => 'arn:aws::securityhub:us-west-1::standards/cis-aws-foundations-benchmark/v/1.4.0',
        ],
        [
            'Description' => 'The Payment Card Industry Data Security Standard (PCI DSS) v3.2.1 is an information security standard for entities that store, process, and/or transmit cardholder data. This Security Hub standard automatically checks for your compliance readiness against a subset of PCI DSS requirements.',
            'EnabledByDefault' => ,
            'Name' => 'PCI DSS v3.2.1',
            'StandardsArn' => 'arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1',
        ],
    ],
]

DescribeStandardsControls

$result = $client->describeStandardsControls([/* ... */]);
$promise = $client->describeStandardsControlsAsync([/* ... */]);

Returns a list of security standards controls.

For each control, the results include information about whether it is currently enabled, the severity, and a link to remediation information.

Parameter Syntax

$result = $client->describeStandardsControls([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'StandardsSubscriptionArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of security standard controls to return.

NextToken
Type: string

The token that is required for pagination. On your first call to the DescribeStandardsControls operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

StandardsSubscriptionArn
Required: Yes
Type: string

The ARN of a resource that represents your subscription to a supported standard. To get the subscription ARNs of the standards you have enabled, use the GetEnabledStandards operation.

Result Syntax

[
    'Controls' => [
        [
            'ControlId' => '<string>',
            'ControlStatus' => 'ENABLED|DISABLED',
            'ControlStatusUpdatedAt' => <DateTime>,
            'Description' => '<string>',
            'DisabledReason' => '<string>',
            'RelatedRequirements' => ['<string>', ...],
            'RemediationUrl' => '<string>',
            'SeverityRating' => 'LOW|MEDIUM|HIGH|CRITICAL',
            'StandardsControlArn' => '<string>',
            'Title' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Controls
Type: Array of StandardsControl structures

A list of security standards controls.

NextToken
Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To get a list of controls for a security standard

The following example returns a list of security controls and control details that apply to a specified security standard. The list includes controls that are enabled and disabled in the standard.

$result = $client->describeStandardsControls([
    'MaxResults' => 2,
    'NextToken' => 'NULL',
    'StandardsSubscriptionArn' => 'arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1',
]);

Result syntax:

[
    'Controls' => [
        [
            'ControlId' => 'PCI.AutoScaling.1',
            'ControlStatus' => 'ENABLED',
            'ControlStatusUpdatedAt' => ,
            'Description' => 'This AWS control checks whether your Auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.',
            'RelatedRequirements' => [
                'PCI DSS 2.2',
            ],
            'RemediationUrl' => 'https://docs.aws.amazon.com/console/securityhub/PCI.AutoScaling.1/remediation',
            'SeverityRating' => 'LOW',
            'StandardsControlArn' => 'arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1',
            'Title' => 'Auto scaling groups associated with a load balancer should use health checks',
        ],
        [
            'ControlId' => 'PCI.CW.1',
            'ControlStatus' => 'ENABLED',
            'ControlStatusUpdatedAt' => ,
            'Description' => 'This control checks for the CloudWatch metric filters using the following pattern { $.userIdentity.type = "Root" && $.userIdentity.invokedBy NOT EXISTS && $.eventType != "AwsServiceEvent" } It checks that the log group name is configured for use with active multi-region CloudTrail, that there is at least one Event Selector for a Trail with IncludeManagementEvents set to true and ReadWriteType set to All, and that there is at least one active subscriber to an SNS topic associated with the alarm.',
            'RelatedRequirements' => [
                'PCI DSS 7.2.1',
            ],
            'RemediationUrl' => 'https://docs.aws.amazon.com/console/securityhub/PCI.CW.1/remediation',
            'SeverityRating' => 'MEDIUM',
            'StandardsControlArn' => 'arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.CW.1',
            'Title' => 'A log metric filter and alarm should exist for usage of the "root" user',
        ],
    ],
    'NextToken' => 'U2FsdGVkX1+eNkPoZHVl11ip5HUYQPWSWZGmftcmJiHL8JoKEsCDuaKayiPDyLK+LiTkShveoOdvfxXCkOBaGhohIXhsIedN+LSjQV/l7kfCfJcq4PziNC1N9xe9aq2pjlLVZnznTfSImrodT5bRNHe4fELCQq/z+5ka+5Lzmc11axcwTd5lKgQyQqmUVoeriHZhyIiBgWKf7oNYdBVG8OEortVWvSkoUTt+B2ThcnC7l43kI0UNxlkZ6sc64AsW',
]

DisableImportFindingsForProduct

$result = $client->disableImportFindingsForProduct([/* ... */]);
$promise = $client->disableImportFindingsForProductAsync([/* ... */]);

Disables the integration of the specified product with Security Hub. After the integration is disabled, findings from that product are no longer sent to Security Hub.

Parameter Syntax

$result = $client->disableImportFindingsForProduct([
    'ProductSubscriptionArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
ProductSubscriptionArn
Required: Yes
Type: string

The ARN of the integrated product to disable the integration for.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To end a Security Hub integration

The following example ends an integration between Security Hub and the specified product that sends findings to Security Hub. After the integration ends, the product no longer sends findings to Security Hub.

$result = $client->disableImportFindingsForProduct([
    'ProductSubscriptionArn' => 'arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon',
]);

DisableOrganizationAdminAccount

$result = $client->disableOrganizationAdminAccount([/* ... */]);
$promise = $client->disableOrganizationAdminAccountAsync([/* ... */]);

Disables a Security Hub administrator account. Can only be called by the organization management account.

Parameter Syntax

$result = $client->disableOrganizationAdminAccount([
    'AdminAccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AdminAccountId
Required: Yes
Type: string

The Amazon Web Services account identifier of the Security Hub administrator account.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To remove a Security Hub administrator account

The following example removes the Security Hub administrator account in the Region from which the operation was executed. This operation doesn't remove the delegated administrator account in AWS Organizations.

$result = $client->disableOrganizationAdminAccount([
    'AdminAccountId' => '123456789012',
]);

DisableSecurityHub

$result = $client->disableSecurityHub([/* ... */]);
$promise = $client->disableSecurityHubAsync([/* ... */]);

Disables Security Hub in your account only in the current Amazon Web Services Region. To disable Security Hub in all Regions, you must submit one request per Region where you have enabled Security Hub.

You can't disable Security Hub in an account that is currently the Security Hub administrator.

When you disable Security Hub, your existing findings and insights and any Security Hub configuration settings are deleted after 90 days and cannot be recovered. Any standards that were enabled are disabled, and your administrator and member account associations are removed.

If you want to save your existing findings, you must export them before you disable Security Hub.

Parameter Syntax

$result = $client->disableSecurityHub([
]);

Parameter Details

Members

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To deactivate Security Hub

The following example deactivates Security Hub for the current account and Region.

$result = $client->disableSecurityHub([
]);

DisassociateFromAdministratorAccount

$result = $client->disassociateFromAdministratorAccount([/* ... */]);
$promise = $client->disassociateFromAdministratorAccountAsync([/* ... */]);

Disassociates the current Security Hub member account from the associated administrator account.

This operation is only used by accounts that are not part of an organization. For organization accounts, only the administrator account can disassociate a member account.

Parameter Syntax

$result = $client->disassociateFromAdministratorAccount([
]);

Parameter Details

Members

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To disassociate requesting account from administrator account

The following example dissociates the requesting account from its associated administrator account.

$result = $client->disassociateFromAdministratorAccount([
]);

DisassociateFromMasterAccount

$result = $client->disassociateFromMasterAccount([/* ... */]);
$promise = $client->disassociateFromMasterAccountAsync([/* ... */]);

This method is deprecated. Instead, use DisassociateFromAdministratorAccount.

The Security Hub console continues to use DisassociateFromMasterAccount. It will eventually change to use DisassociateFromAdministratorAccount. Any IAM policies that specifically control access to this function must continue to use DisassociateFromMasterAccount. You should also add DisassociateFromAdministratorAccount to your policies to ensure that the correct permissions are in place after the console begins to use DisassociateFromAdministratorAccount.

Disassociates the current Security Hub member account from the associated administrator account.

This operation is only used by accounts that are not part of an organization. For organization accounts, only the administrator account can disassociate a member account.

Parameter Syntax

$result = $client->disassociateFromMasterAccount([
]);

Parameter Details

Members

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

DisassociateMembers

$result = $client->disassociateMembers([/* ... */]);
$promise = $client->disassociateMembersAsync([/* ... */]);

Disassociates the specified member accounts from the associated administrator account.

Can be used to disassociate both accounts that are managed using Organizations and accounts that were invited manually.

Parameter Syntax

$result = $client->disassociateMembers([
    'AccountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AccountIds
Required: Yes
Type: Array of strings

The account IDs of the member accounts to disassociate from the administrator account.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To disassociate member accounts from administrator account

The following example dissociates the specified member accounts from the associated administrator account.

$result = $client->disassociateMembers([
    'AccountIds' => [
        '123456789012',
        '111122223333',
    ],
]);

EnableImportFindingsForProduct

$result = $client->enableImportFindingsForProduct([/* ... */]);
$promise = $client->enableImportFindingsForProductAsync([/* ... */]);

Enables the integration of a partner product with Security Hub. Integrated products send findings to Security Hub.

When you enable a product integration, a permissions policy that grants permission for the product to send findings to Security Hub is applied.

Parameter Syntax

$result = $client->enableImportFindingsForProduct([
    'ProductArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
ProductArn
Required: Yes
Type: string

The ARN of the product to enable the integration for.

Result Syntax

[
    'ProductSubscriptionArn' => '<string>',
]

Result Details

Members
ProductSubscriptionArn
Type: string

The ARN of your subscription to the product to enable integrations for.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceConflictException:

The resource specified in the request conflicts with an existing resource.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To activate an integration

The following example activates an integration between Security Hub and a third party partner product that sends findings to Security Hub.

$result = $client->enableImportFindingsForProduct([
    'ProductArn' => 'arn:aws:securityhub:us-east-1:517716713836:product/crowdstrike/crowdstrike-falcon',
]);

Result syntax:

[
    'ProductSubscriptionArn' => 'arn:aws:securityhub:us-east-1:517716713836:product-subscription/crowdstrike/crowdstrike-falcon',
]

EnableOrganizationAdminAccount

$result = $client->enableOrganizationAdminAccount([/* ... */]);
$promise = $client->enableOrganizationAdminAccountAsync([/* ... */]);

Designates the Security Hub administrator account for an organization. Can only be called by the organization management account.

Parameter Syntax

$result = $client->enableOrganizationAdminAccount([
    'AdminAccountId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AdminAccountId
Required: Yes
Type: string

The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To designate a Security Hub administrator

The following example designates the specified account as the Security Hub administrator account. The requesting account must be the organization management account.

$result = $client->enableOrganizationAdminAccount([
    'AdminAccountId' => '123456789012',
]);

EnableSecurityHub

$result = $client->enableSecurityHub([/* ... */]);
$promise = $client->enableSecurityHubAsync([/* ... */]);

Enables Security Hub for your account in the current Region or the Region you specify in the request.

When you enable Security Hub, you grant to Security Hub the permissions necessary to gather findings from other services that are integrated with Security Hub.

When you use the EnableSecurityHub operation to enable Security Hub, you also automatically enable the following standards:

  • Center for Internet Security (CIS) Amazon Web Services Foundations Benchmark v1.2.0

  • Amazon Web Services Foundational Security Best Practices

Other standards are not automatically enabled.

To opt out of automatically enabled standards, set EnableDefaultStandards to false.

After you enable Security Hub, to enable a standard, use the BatchEnableStandards operation. To disable a standard, use the BatchDisableStandards operation.

To learn more, see the setup information in the Security Hub User Guide.

Parameter Syntax

$result = $client->enableSecurityHub([
    'ControlFindingGenerator' => 'STANDARD_CONTROL|SECURITY_CONTROL',
    'EnableDefaultStandards' => true || false,
    'Tags' => ['<string>', ...],
]);

Parameter Details

Members
ControlFindingGenerator
Type: string

This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.

If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.

The value for this field in a member account matches the value in the administrator account. For accounts that aren't part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 23, 2023.

EnableDefaultStandards
Type: boolean

Whether to enable the security standards that Security Hub has designated as automatically enabled. If you don't provide a value for EnableDefaultStandards, it is set to true. To not enable the automatically enabled standards, set EnableDefaultStandards to false.

Tags
Type: Associative array of custom strings keys (TagKey) to strings

The tags to add to the hub resource when you enable Security Hub.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceConflictException:

The resource specified in the request conflicts with an existing resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To activate Security Hub

The following example activates the Security Hub service in the requesting AWS account. The service is activated in the current AWS Region or the Region that you specify in the request. Some standards are automatically turned on in your account unless you opt out. To determine which standards are automatically turned on, see the Security Hub documentation.

$result = $client->enableSecurityHub([
    'EnableDefaultStandards' => 1,
    'Tags' => [
        'Department' => 'Security',
    ],
]);

GetAdministratorAccount

$result = $client->getAdministratorAccount([/* ... */]);
$promise = $client->getAdministratorAccountAsync([/* ... */]);

Provides the details for the Security Hub administrator account for the current member account.

Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.

Parameter Syntax

$result = $client->getAdministratorAccount([
]);

Parameter Details

Members

Result Syntax

[
    'Administrator' => [
        'AccountId' => '<string>',
        'InvitationId' => '<string>',
        'InvitedAt' => <DateTime>,
        'MemberStatus' => '<string>',
    ],
]

Result Details

Members
Administrator
Type: Invitation structure

Details about an invitation.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To get details about the Security Hub administrator account

The following example provides details about the Security Hub administrator account for the requesting member account.

$result = $client->getAdministratorAccount([
]);

Result syntax:

[
    'Administrator' => [
        'AccountId' => '123456789012',
        'InvitationId' => '7ab938c5d52d7904ad09f9e7c20cc4eb',
        'InvitedAt' => ,
        'MemberStatus' => 'ASSOCIATED',
    ],
]

GetConfigurationPolicy

$result = $client->getConfigurationPolicy([/* ... */]);
$promise = $client->getConfigurationPolicyAsync([/* ... */]);

Provides information about a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Parameter Syntax

$result = $client->getConfigurationPolicy([
    'Identifier' => '<string>', // REQUIRED
]);

Parameter Details

Members
Identifier
Required: Yes
Type: string

The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

Result Syntax

[
    'Arn' => '<string>',
    'ConfigurationPolicy' => [
        'SecurityHub' => [
            'EnabledStandardIdentifiers' => ['<string>', ...],
            'SecurityControlsConfiguration' => [
                'DisabledSecurityControlIdentifiers' => ['<string>', ...],
                'EnabledSecurityControlIdentifiers' => ['<string>', ...],
                'SecurityControlCustomParameters' => [
                    [
                        'Parameters' => [
                            '<NonEmptyString>' => [
                                'Value' => [
                                    'Boolean' => true || false,
                                    'Double' => <float>,
                                    'Enum' => '<string>',
                                    'EnumList' => ['<string>', ...],
                                    'Integer' => <integer>,
                                    'IntegerList' => [<integer>, ...],
                                    'String' => '<string>',
                                    'StringList' => ['<string>', ...],
                                ],
                                'ValueType' => 'DEFAULT|CUSTOM',
                            ],
                            // ...
                        ],
                        'SecurityControlId' => '<string>',
                    ],
                    // ...
                ],
            ],
            'ServiceEnabled' => true || false,
        ],
    ],
    'CreatedAt' => <DateTime>,
    'Description' => '<string>',
    'Id' => '<string>',
    'Name' => '<string>',
    'UpdatedAt' => <DateTime>,
]

Result Details

Members
Arn
Type: string

The ARN of the configuration policy.

ConfigurationPolicy
Type: Policy structure

An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If the policy includes a list of security controls that are enabled, Security Hub disables all other controls (including newly released controls). If the policy includes a list of security controls that are disabled, Security Hub enables all other controls (including newly released controls).

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in UTC and ISO 8601 format, that the configuration policy was created.

Description
Type: string

The description of the configuration policy.

Id
Type: string

The UUID of the configuration policy.

Name
Type: string

The name of the configuration policy.

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.

Errors

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To get details about a configuration policy

This operation provides details about the specified configuration policy.

$result = $client->getConfigurationPolicy([
    'Identifier' => 'arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
]);

Result syntax:

[
    'Arn' => 'arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'ConfigurationPolicy' => [
        'SecurityHub' => [
            'EnabledStandardIdentifiers' => [
                'arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0',
                'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0',
            ],
            'SecurityControlsConfiguration' => [
                'DisabledSecurityControlIdentifiers' => [
                    'CloudWatch.1',
                ],
                'SecurityControlCustomParameters' => [
                    [
                        'Parameters' => [
                            'daysToExpiration' => [
                                'Value' => [
                                    'Integer' => 14,
                                ],
                                'ValueType' => 'CUSTOM',
                            ],
                        ],
                        'SecurityControlId' => 'ACM.1',
                    ],
                ],
            ],
            'ServiceEnabled' => 1,
        ],
    ],
    'CreatedAt' => ,
    'Description' => 'Configuration policy for testing FSBP and CIS',
    'Id' => 'a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'Name' => 'TestConfigurationPolicy',
    'UpdatedAt' => ,
]

GetConfigurationPolicyAssociation

$result = $client->getConfigurationPolicyAssociation([/* ... */]);
$promise = $client->getConfigurationPolicyAssociationAsync([/* ... */]);

Returns the association between a configuration and a target account, organizational unit, or the root. The configuration can be a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Parameter Syntax

$result = $client->getConfigurationPolicyAssociation([
    'Target' => [ // REQUIRED
        'AccountId' => '<string>',
        'OrganizationalUnitId' => '<string>',
        'RootId' => '<string>',
    ],
]);

Parameter Details

Members
Target
Required: Yes
Type: Target structure

The target account ID, organizational unit ID, or the root ID to retrieve the association for.

Result Syntax

[
    'AssociationStatus' => 'PENDING|SUCCESS|FAILED',
    'AssociationStatusMessage' => '<string>',
    'AssociationType' => 'INHERITED|APPLIED',
    'ConfigurationPolicyId' => '<string>',
    'TargetId' => '<string>',
    'TargetType' => 'ACCOUNT|ORGANIZATIONAL_UNIT|ROOT',
    'UpdatedAt' => <DateTime>,
]

Result Details

Members
AssociationStatus
Type: string

The current status of the association between the specified target and the configuration.

AssociationStatusMessage
Type: string

The explanation for a FAILED value for AssociationStatus.

AssociationType
Type: string

Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

ConfigurationPolicyId
Type: string

The universally unique identifier (UUID) of a configuration policy. For self-managed behavior, the value is SELF_MANAGED_SECURITY_HUB.

TargetId
Type: string

The target account ID, organizational unit ID, or the root ID for which the association is retrieved.

TargetType
Type: string

Specifies whether the target is an Amazon Web Services account, organizational unit, or the organization root.

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

Errors

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To get details about a configuration association

This operation provides details about configuration associations for a specific target account, organizational unit, or the root.

$result = $client->getConfigurationPolicyAssociation([
    'Target' => [
        'AccountId' => '111122223333',
    ],
]);

Result syntax:

[
    'AssociationStatus' => 'FAILED',
    'AssociationStatusMessage' => 'Configuration Policy a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 couldn’t be applied to account 111122223333 in us-east-1 Region. Retry your request.',
    'AssociationType' => 'INHERITED',
    'ConfigurationPolicyId' => 'a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'TargetId' => '111122223333',
    'TargetType' => 'ACCOUNT',
    'UpdatedAt' => ,
]

GetEnabledStandards

$result = $client->getEnabledStandards([/* ... */]);
$promise = $client->getEnabledStandardsAsync([/* ... */]);

Returns a list of the standards that are currently enabled.

Parameter Syntax

$result = $client->getEnabledStandards([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'StandardsSubscriptionArns' => ['<string>', ...],
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of results to return in the response.

NextToken
Type: string

The token that is required for pagination. On your first call to the GetEnabledStandards operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

StandardsSubscriptionArns
Type: Array of strings

The list of the standards subscription ARNs for the standards to retrieve.

Result Syntax

[
    'NextToken' => '<string>',
    'StandardsSubscriptions' => [
        [
            'StandardsArn' => '<string>',
            'StandardsInput' => ['<string>', ...],
            'StandardsStatus' => 'PENDING|READY|FAILED|DELETING|INCOMPLETE',
            'StandardsStatusReason' => [
                'StatusReasonCode' => 'NO_AVAILABLE_CONFIGURATION_RECORDER|INTERNAL_ERROR',
            ],
            'StandardsSubscriptionArn' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The pagination token to use to request the next page of results.

StandardsSubscriptions
Type: Array of StandardsSubscription structures

The list of StandardsSubscriptions objects that include information about the enabled standards.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To return a list of enabled standards

The following example returns a list of Security Hub standards that are currently enabled in your account.

$result = $client->getEnabledStandards([
    'StandardsSubscriptionArns' => [
        'arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1',
    ],
]);

Result syntax:

[
    'StandardsSubscriptions' => [
        [
            'StandardsArn' => 'arn:aws:securityhub:us-west-1::standards/pci-dss/v/3.2.1',
            'StandardsInput' => [
            ],
            'StandardsStatus' => 'READY',
            'StandardsSubscriptionArn' => 'arn:aws:securityhub:us-west-1:123456789012:subscription/pci-dss/v/3.2.1',
        ],
    ],
]

GetFindingAggregator

$result = $client->getFindingAggregator([/* ... */]);
$promise = $client->getFindingAggregatorAsync([/* ... */]);

The aggregation Region is now called the home Region.

Returns the current configuration in the calling account for cross-Region aggregation. A finding aggregator is a resource that establishes the home Region and any linked Regions.

Parameter Syntax

$result = $client->getFindingAggregator([
    'FindingAggregatorArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
FindingAggregatorArn
Required: Yes
Type: string

The ARN of the finding aggregator to return details for. To obtain the ARN, use ListFindingAggregators.

Result Syntax

[
    'FindingAggregationRegion' => '<string>',
    'FindingAggregatorArn' => '<string>',
    'RegionLinkingMode' => '<string>',
    'Regions' => ['<string>', ...],
]

Result Details

Members
FindingAggregationRegion
Type: string

The home Region. Findings generated in linked Regions are replicated and sent to the home Region.

FindingAggregatorArn
Type: string

The ARN of the finding aggregator.

RegionLinkingMode
Type: string

Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.

Regions
Type: Array of strings

The list of excluded Regions or included Regions.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To get cross-Region aggregation details

The following example returns cross-Region aggregation details for the requesting account.

$result = $client->getFindingAggregator([
    'FindingAggregatorArn' => 'arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
]);

Result syntax:

[
    'FindingAggregationRegion' => 'us-east-1',
    'FindingAggregatorArn' => 'arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'RegionLinkingMode' => 'SPECIFIED_REGIONS',
    'Regions' => [
        'us-west-1',
        'us-west-2',
    ],
]

GetFindingHistory

$result = $client->getFindingHistory([/* ... */]);
$promise = $client->getFindingHistoryAsync([/* ... */]);

Returns history for a Security Hub finding in the last 90 days. The history includes changes made to any fields in the Amazon Web Services Security Finding Format (ASFF).

Parameter Syntax

$result = $client->getFindingHistory([
    'EndTime' => <integer || string || DateTime>,
    'FindingIdentifier' => [ // REQUIRED
        'Id' => '<string>', // REQUIRED
        'ProductArn' => '<string>', // REQUIRED
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'StartTime' => <integer || string || DateTime>,
]);

Parameter Details

Members
EndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

An ISO 8601-formatted timestamp that indicates the end time of the requested finding history.

If you provide values for both StartTime and EndTime, Security Hub returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results, and the maximum time period is limited to 90 days.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

FindingIdentifier
Required: Yes
Type: AwsSecurityFindingIdentifier structure

Identifies which finding to get the finding history for.

MaxResults
Type: int

The maximum number of results to be returned. If you don’t provide it, Security Hub returns up to 100 results of finding history.

NextToken
Type: string

A token for pagination purposes. Provide NULL as the initial value. In subsequent requests, provide the token included in the response to get up to an additional 100 results of finding history. If you don’t provide NextToken, Security Hub returns up to 100 results of finding history for each request.

StartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp that indicates the start time of the requested finding history.

If you provide values for both StartTime and EndTime, Security Hub returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results, and the maximum time period is limited to 90 days.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Result Syntax

[
    'NextToken' => '<string>',
    'Records' => [
        [
            'FindingCreated' => true || false,
            'FindingIdentifier' => [
                'Id' => '<string>',
                'ProductArn' => '<string>',
            ],
            'NextToken' => '<string>',
            'UpdateSource' => [
                'Identity' => '<string>',
                'Type' => 'BATCH_UPDATE_FINDINGS|BATCH_IMPORT_FINDINGS',
            ],
            'UpdateTime' => <DateTime>,
            'Updates' => [
                [
                    'NewValue' => '<string>',
                    'OldValue' => '<string>',
                    'UpdatedField' => '<string>',
                ],
                // ...
            ],
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A token for pagination purposes. Provide this token in the subsequent request to GetFindingsHistory to get up to an additional 100 results of history for the same finding that you specified in your initial request.

Records
Type: Array of FindingHistoryRecord structures

A list of events that altered the specified finding during the specified time period.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To get finding history

The following example retrieves the history of the specified finding during the specified time frame. If the time frame permits, Security Hub returns finding history for the last 90 days.

$result = $client->getFindingHistory([
    'EndTime' => ,
    'FindingIdentifier' => [
        'Id' => 'a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
        'ProductArn' => 'arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default',
    ],
    'MaxResults' => 2,
    'StartTime' => ,
]);

Result syntax:

[
    'Records' => [
        [
            'FindingCreated' => ,
            'FindingIdentifier' => [
                'Id' => 'a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
                'ProductArn' => 'arn:aws:securityhub:us-west-2:123456789012:product/123456789012/default',
            ],
            'UpdateSource' => [
                'Identity' => 'arn:aws:iam::444455556666:role/Admin',
                'Type' => 'BATCH_UPDATE_FINDINGS',
            ],
            'UpdateTime' => ,
            'Updates' => [
                [
                    'NewValue' => 'MEDIUM',
                    'OldValue' => 'HIGH',
                    'UpdatedField' => 'Severity',
                ],
            ],
        ],
    ],
]

GetFindings

$result = $client->getFindings([/* ... */]);
$promise = $client->getFindingsAsync([/* ... */]);

Returns a list of findings that match the specified criteria.

If cross-Region aggregation is enabled, then when you call GetFindings from the home Region, the results include all of the matching findings from both the home Region and linked Regions.

Parameter Syntax

$result = $client->getFindings([
    'Filters' => [
        'AwsAccountId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'AwsAccountName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'CompanyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceAssociatedStandardsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlParametersName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlParametersValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Confidence' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'CreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'Criticality' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'Description' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsConfidence' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'FindingProviderFieldsCriticality' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'FindingProviderFieldsRelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsRelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsSeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsSeverityOriginal' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsTypes' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FirstObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'GeneratorId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Id' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Keyword' => [
            [
                'Value' => '<string>',
            ],
            // ...
        ],
        'LastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'MalwareName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwarePath' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationPort' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NetworkDirection' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkProtocol' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceMac' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourcePort' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NoteText' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedBy' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProcessName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessParentPid' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessPath' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessPid' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessTerminatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductFields' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecommendationText' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecordState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Region' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceApplicationArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceApplicationName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV4Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV6Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceKeyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceSubnetId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceVpcId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyCreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyPrincipalName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamUserUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceDetailsOther' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourcePartition' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceRegion' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceTags' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Sample' => [
            [
                'Value' => true || false,
            ],
            // ...
        ],
        'SeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityNormalized' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SeverityProduct' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorCategory' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorLastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSource' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Title' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Type' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'UpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'UserDefinedFields' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VerificationState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VulnerabilitiesExploitAvailable' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VulnerabilitiesFixAvailable' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'SortCriteria' => [
        [
            'Field' => '<string>',
            'SortOrder' => 'asc|desc',
        ],
        // ...
    ],
]);

Parameter Details

Members
Filters
Type: AwsSecurityFindingFilters structure

The finding attributes used to define a condition to filter the returned findings.

You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values.

Note that in the available filter fields, WorkflowState is deprecated. To search for a finding based on its workflow status, use WorkflowStatus.

MaxResults
Type: int

The maximum number of findings to return.

NextToken
Type: string

The token that is required for pagination. On your first call to the GetFindings operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

SortCriteria
Type: Array of SortCriterion structures

The finding attributes used to sort the list of returned findings.

Result Syntax

[
    'Findings' => [
        [
            'Action' => [
                'ActionType' => '<string>',
                'AwsApiCallAction' => [
                    'AffectedResources' => ['<string>', ...],
                    'Api' => '<string>',
                    'CallerType' => '<string>',
                    'DomainDetails' => [
                        'Domain' => '<string>',
                    ],
                    'FirstSeen' => '<string>',
                    'LastSeen' => '<string>',
                    'RemoteIpDetails' => [
                        'City' => [
                            'CityName' => '<string>',
                        ],
                        'Country' => [
                            'CountryCode' => '<string>',
                            'CountryName' => '<string>',
                        ],
                        'GeoLocation' => [
                            'Lat' => <float>,
                            'Lon' => <float>,
                        ],
                        'IpAddressV4' => '<string>',
                        'Organization' => [
                            'Asn' => <integer>,
                            'AsnOrg' => '<string>',
                            'Isp' => '<string>',
                            'Org' => '<string>',
                        ],
                    ],
                    'ServiceName' => '<string>',
                ],
                'DnsRequestAction' => [
                    'Blocked' => true || false,
                    'Domain' => '<string>',
                    'Protocol' => '<string>',
                ],
                'NetworkConnectionAction' => [
                    'Blocked' => true || false,
                    'ConnectionDirection' => '<string>',
                    'LocalPortDetails' => [
                        'Port' => <integer>,
                        'PortName' => '<string>',
                    ],
                    'Protocol' => '<string>',
                    'RemoteIpDetails' => [
                        'City' => [
                            'CityName' => '<string>',
                        ],
                        'Country' => [
                            'CountryCode' => '<string>',
                            'CountryName' => '<string>',
                        ],
                        'GeoLocation' => [
                            'Lat' => <float>,
                            'Lon' => <float>,
                        ],
                        'IpAddressV4' => '<string>',
                        'Organization' => [
                            'Asn' => <integer>,
                            'AsnOrg' => '<string>',
                            'Isp' => '<string>',
                            'Org' => '<string>',
                        ],
                    ],
                    'RemotePortDetails' => [
                        'Port' => <integer>,
                        'PortName' => '<string>',
                    ],
                ],
                'PortProbeAction' => [
                    'Blocked' => true || false,
                    'PortProbeDetails' => [
                        [
                            'LocalIpDetails' => [
                                'IpAddressV4' => '<string>',
                            ],
                            'LocalPortDetails' => [
                                'Port' => <integer>,
                                'PortName' => '<string>',
                            ],
                            'RemoteIpDetails' => [
                                'City' => [
                                    'CityName' => '<string>',
                                ],
                                'Country' => [
                                    'CountryCode' => '<string>',
                                    'CountryName' => '<string>',
                                ],
                                'GeoLocation' => [
                                    'Lat' => <float>,
                                    'Lon' => <float>,
                                ],
                                'IpAddressV4' => '<string>',
                                'Organization' => [
                                    'Asn' => <integer>,
                                    'AsnOrg' => '<string>',
                                    'Isp' => '<string>',
                                    'Org' => '<string>',
                                ],
                            ],
                        ],
                        // ...
                    ],
                ],
            ],
            'AwsAccountId' => '<string>',
            'AwsAccountName' => '<string>',
            'CompanyName' => '<string>',
            'Compliance' => [
                'AssociatedStandards' => [
                    [
                        'StandardsId' => '<string>',
                    ],
                    // ...
                ],
                'RelatedRequirements' => ['<string>', ...],
                'SecurityControlId' => '<string>',
                'SecurityControlParameters' => [
                    [
                        'Name' => '<string>',
                        'Value' => ['<string>', ...],
                    ],
                    // ...
                ],
                'Status' => 'PASSED|WARNING|FAILED|NOT_AVAILABLE',
                'StatusReasons' => [
                    [
                        'Description' => '<string>',
                        'ReasonCode' => '<string>',
                    ],
                    // ...
                ],
            ],
            'Confidence' => <integer>,
            'CreatedAt' => '<string>',
            'Criticality' => <integer>,
            'Description' => '<string>',
            'Detection' => [
                'Sequence' => [
                    'Actors' => [
                        [
                            'Id' => '<string>',
                            'Session' => [
                                'CreatedTime' => <integer>,
                                'Issuer' => '<string>',
                                'MfaStatus' => 'ENABLED|DISABLED',
                                'Uid' => '<string>',
                            ],
                            'User' => [
                                'Account' => [
                                    'Name' => '<string>',
                                    'Uid' => '<string>',
                                ],
                                'CredentialUid' => '<string>',
                                'Name' => '<string>',
                                'Type' => '<string>',
                                'Uid' => '<string>',
                            ],
                        ],
                        // ...
                    ],
                    'Endpoints' => [
                        [
                            'AutonomousSystem' => [
                                'Name' => '<string>',
                                'Number' => <integer>,
                            ],
                            'Connection' => [
                                'Direction' => 'INBOUND|OUTBOUND',
                            ],
                            'Domain' => '<string>',
                            'Id' => '<string>',
                            'Ip' => '<string>',
                            'Location' => [
                                'City' => '<string>',
                                'Country' => '<string>',
                                'Lat' => <float>,
                                'Lon' => <float>,
                            ],
                            'Port' => <integer>,
                        ],
                        // ...
                    ],
                    'SequenceIndicators' => [
                        [
                            'Key' => '<string>',
                            'Title' => '<string>',
                            'Type' => '<string>',
                            'Values' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'Signals' => [
                        [
                            'ActorIds' => ['<string>', ...],
                            'Count' => <integer>,
                            'CreatedAt' => <integer>,
                            'EndpointIds' => ['<string>', ...],
                            'FirstSeenAt' => <integer>,
                            'Id' => '<string>',
                            'LastSeenAt' => <integer>,
                            'Name' => '<string>',
                            'ProductArn' => '<string>',
                            'ResourceIds' => ['<string>', ...],
                            'Severity' => <float>,
                            'SignalIndicators' => [
                                [
                                    'Key' => '<string>',
                                    'Title' => '<string>',
                                    'Type' => '<string>',
                                    'Values' => ['<string>', ...],
                                ],
                                // ...
                            ],
                            'Title' => '<string>',
                            'Type' => '<string>',
                            'UpdatedAt' => <integer>,
                        ],
                        // ...
                    ],
                    'Uid' => '<string>',
                ],
            ],
            'FindingProviderFields' => [
                'Confidence' => <integer>,
                'Criticality' => <integer>,
                'RelatedFindings' => [
                    [
                        'Id' => '<string>',
                        'ProductArn' => '<string>',
                    ],
                    // ...
                ],
                'Severity' => [
                    'Label' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
                    'Original' => '<string>',
                ],
                'Types' => ['<string>', ...],
            ],
            'FirstObservedAt' => '<string>',
            'GeneratorDetails' => [
                'Description' => '<string>',
                'Labels' => ['<string>', ...],
                'Name' => '<string>',
            ],
            'GeneratorId' => '<string>',
            'Id' => '<string>',
            'LastObservedAt' => '<string>',
            'Malware' => [
                [
                    'Name' => '<string>',
                    'Path' => '<string>',
                    'State' => 'OBSERVED|REMOVAL_FAILED|REMOVED',
                    'Type' => 'ADWARE|BLENDED_THREAT|BOTNET_AGENT|COIN_MINER|EXPLOIT_KIT|KEYLOGGER|MACRO|POTENTIALLY_UNWANTED|SPYWARE|RANSOMWARE|REMOTE_ACCESS|ROOTKIT|TROJAN|VIRUS|WORM',
                ],
                // ...
            ],
            'Network' => [
                'DestinationDomain' => '<string>',
                'DestinationIpV4' => '<string>',
                'DestinationIpV6' => '<string>',
                'DestinationPort' => <integer>,
                'Direction' => 'IN|OUT',
                'OpenPortRange' => [
                    'Begin' => <integer>,
                    'End' => <integer>,
                ],
                'Protocol' => '<string>',
                'SourceDomain' => '<string>',
                'SourceIpV4' => '<string>',
                'SourceIpV6' => '<string>',
                'SourceMac' => '<string>',
                'SourcePort' => <integer>,
            ],
            'NetworkPath' => [
                [
                    'ComponentId' => '<string>',
                    'ComponentType' => '<string>',
                    'Egress' => [
                        'Destination' => [
                            'Address' => ['<string>', ...],
                            'PortRanges' => [
                                [
                                    'Begin' => <integer>,
                                    'End' => <integer>,
                                ],
                                // ...
                            ],
                        ],
                        'Protocol' => '<string>',
                        'Source' => [
                            'Address' => ['<string>', ...],
                            'PortRanges' => [
                                [
                                    'Begin' => <integer>,
                                    'End' => <integer>,
                                ],
                                // ...
                            ],
                        ],
                    ],
                    'Ingress' => [
                        'Destination' => [
                            'Address' => ['<string>', ...],
                            'PortRanges' => [
                                [
                                    'Begin' => <integer>,
                                    'End' => <integer>,
                                ],
                                // ...
                            ],
                        ],
                        'Protocol' => '<string>',
                        'Source' => [
                            'Address' => ['<string>', ...],
                            'PortRanges' => [
                                [
                                    'Begin' => <integer>,
                                    'End' => <integer>,
                                ],
                                // ...
                            ],
                        ],
                    ],
                ],
                // ...
            ],
            'Note' => [
                'Text' => '<string>',
                'UpdatedAt' => '<string>',
                'UpdatedBy' => '<string>',
            ],
            'PatchSummary' => [
                'FailedCount' => <integer>,
                'Id' => '<string>',
                'InstalledCount' => <integer>,
                'InstalledOtherCount' => <integer>,
                'InstalledPendingReboot' => <integer>,
                'InstalledRejectedCount' => <integer>,
                'MissingCount' => <integer>,
                'Operation' => '<string>',
                'OperationEndTime' => '<string>',
                'OperationStartTime' => '<string>',
                'RebootOption' => '<string>',
            ],
            'Process' => [
                'LaunchedAt' => '<string>',
                'Name' => '<string>',
                'ParentPid' => <integer>,
                'Path' => '<string>',
                'Pid' => <integer>,
                'TerminatedAt' => '<string>',
            ],
            'ProcessedAt' => '<string>',
            'ProductArn' => '<string>',
            'ProductFields' => ['<string>', ...],
            'ProductName' => '<string>',
            'RecordState' => 'ACTIVE|ARCHIVED',
            'Region' => '<string>',
            'RelatedFindings' => [
                [
                    'Id' => '<string>',
                    'ProductArn' => '<string>',
                ],
                // ...
            ],
            'Remediation' => [
                'Recommendation' => [
                    'Text' => '<string>',
                    'Url' => '<string>',
                ],
            ],
            'Resources' => [
                [
                    'ApplicationArn' => '<string>',
                    'ApplicationName' => '<string>',
                    'DataClassification' => [
                        'DetailedResultsLocation' => '<string>',
                        'Result' => [
                            'AdditionalOccurrences' => true || false,
                            'CustomDataIdentifiers' => [
                                'Detections' => [
                                    [
                                        'Arn' => '<string>',
                                        'Count' => <integer>,
                                        'Name' => '<string>',
                                        'Occurrences' => [
                                            'Cells' => [
                                                [
                                                    'CellReference' => '<string>',
                                                    'Column' => <integer>,
                                                    'ColumnName' => '<string>',
                                                    'Row' => <integer>,
                                                ],
                                                // ...
                                            ],
                                            'LineRanges' => [
                                                [
                                                    'End' => <integer>,
                                                    'Start' => <integer>,
                                                    'StartColumn' => <integer>,
                                                ],
                                                // ...
                                            ],
                                            'OffsetRanges' => [
                                                [
                                                    'End' => <integer>,
                                                    'Start' => <integer>,
                                                    'StartColumn' => <integer>,
                                                ],
                                                // ...
                                            ],
                                            'Pages' => [
                                                [
                                                    'LineRange' => [
                                                        'End' => <integer>,
                                                        'Start' => <integer>,
                                                        'StartColumn' => <integer>,
                                                    ],
                                                    'OffsetRange' => [
                                                        'End' => <integer>,
                                                        'Start' => <integer>,
                                                        'StartColumn' => <integer>,
                                                    ],
                                                    'PageNumber' => <integer>,
                                                ],
                                                // ...
                                            ],
                                            'Records' => [
                                                [
                                                    'JsonPath' => '<string>',
                                                    'RecordIndex' => <integer>,
                                                ],
                                                // ...
                                            ],
                                        ],
                                    ],
                                    // ...
                                ],
                                'TotalCount' => <integer>,
                            ],
                            'MimeType' => '<string>',
                            'SensitiveData' => [
                                [
                                    'Category' => '<string>',
                                    'Detections' => [
                                        [
                                            'Count' => <integer>,
                                            'Occurrences' => [
                                                'Cells' => [
                                                    [
                                                        'CellReference' => '<string>',
                                                        'Column' => <integer>,
                                                        'ColumnName' => '<string>',
                                                        'Row' => <integer>,
                                                    ],
                                                    // ...
                                                ],
                                                'LineRanges' => [
                                                    [
                                                        'End' => <integer>,
                                                        'Start' => <integer>,
                                                        'StartColumn' => <integer>,
                                                    ],
                                                    // ...
                                                ],
                                                'OffsetRanges' => [
                                                    [
                                                        'End' => <integer>,
                                                        'Start' => <integer>,
                                                        'StartColumn' => <integer>,
                                                    ],
                                                    // ...
                                                ],
                                                'Pages' => [
                                                    [
                                                        'LineRange' => [
                                                            'End' => <integer>,
                                                            'Start' => <integer>,
                                                            'StartColumn' => <integer>,
                                                        ],
                                                        'OffsetRange' => [
                                                            'End' => <integer>,
                                                            'Start' => <integer>,
                                                            'StartColumn' => <integer>,
                                                        ],
                                                        'PageNumber' => <integer>,
                                                    ],
                                                    // ...
                                                ],
                                                'Records' => [
                                                    [
                                                        'JsonPath' => '<string>',
                                                        'RecordIndex' => <integer>,
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                            'Type' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'TotalCount' => <integer>,
                                ],
                                // ...
                            ],
                            'SizeClassified' => <integer>,
                            'Status' => [
                                'Code' => '<string>',
                                'Reason' => '<string>',
                            ],
                        ],
                    ],
                    'Details' => [
                        'AwsAmazonMqBroker' => [
                            'AuthenticationStrategy' => '<string>',
                            'AutoMinorVersionUpgrade' => true || false,
                            'BrokerArn' => '<string>',
                            'BrokerId' => '<string>',
                            'BrokerName' => '<string>',
                            'DeploymentMode' => '<string>',
                            'EncryptionOptions' => [
                                'KmsKeyId' => '<string>',
                                'UseAwsOwnedKey' => true || false,
                            ],
                            'EngineType' => '<string>',
                            'EngineVersion' => '<string>',
                            'HostInstanceType' => '<string>',
                            'LdapServerMetadata' => [
                                'Hosts' => ['<string>', ...],
                                'RoleBase' => '<string>',
                                'RoleName' => '<string>',
                                'RoleSearchMatching' => '<string>',
                                'RoleSearchSubtree' => true || false,
                                'ServiceAccountUsername' => '<string>',
                                'UserBase' => '<string>',
                                'UserRoleName' => '<string>',
                                'UserSearchMatching' => '<string>',
                                'UserSearchSubtree' => true || false,
                            ],
                            'Logs' => [
                                'Audit' => true || false,
                                'AuditLogGroup' => '<string>',
                                'General' => true || false,
                                'GeneralLogGroup' => '<string>',
                                'Pending' => [
                                    'Audit' => true || false,
                                    'General' => true || false,
                                ],
                            ],
                            'MaintenanceWindowStartTime' => [
                                'DayOfWeek' => '<string>',
                                'TimeOfDay' => '<string>',
                                'TimeZone' => '<string>',
                            ],
                            'PubliclyAccessible' => true || false,
                            'SecurityGroups' => ['<string>', ...],
                            'StorageType' => '<string>',
                            'SubnetIds' => ['<string>', ...],
                            'Users' => [
                                [
                                    'PendingChange' => '<string>',
                                    'Username' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsApiGatewayRestApi' => [
                            'ApiKeySource' => '<string>',
                            'BinaryMediaTypes' => ['<string>', ...],
                            'CreatedDate' => '<string>',
                            'Description' => '<string>',
                            'EndpointConfiguration' => [
                                'Types' => ['<string>', ...],
                            ],
                            'Id' => '<string>',
                            'MinimumCompressionSize' => <integer>,
                            'Name' => '<string>',
                            'Version' => '<string>',
                        ],
                        'AwsApiGatewayStage' => [
                            'AccessLogSettings' => [
                                'DestinationArn' => '<string>',
                                'Format' => '<string>',
                            ],
                            'CacheClusterEnabled' => true || false,
                            'CacheClusterSize' => '<string>',
                            'CacheClusterStatus' => '<string>',
                            'CanarySettings' => [
                                'DeploymentId' => '<string>',
                                'PercentTraffic' => <float>,
                                'StageVariableOverrides' => ['<string>', ...],
                                'UseStageCache' => true || false,
                            ],
                            'ClientCertificateId' => '<string>',
                            'CreatedDate' => '<string>',
                            'DeploymentId' => '<string>',
                            'Description' => '<string>',
                            'DocumentationVersion' => '<string>',
                            'LastUpdatedDate' => '<string>',
                            'MethodSettings' => [
                                [
                                    'CacheDataEncrypted' => true || false,
                                    'CacheTtlInSeconds' => <integer>,
                                    'CachingEnabled' => true || false,
                                    'DataTraceEnabled' => true || false,
                                    'HttpMethod' => '<string>',
                                    'LoggingLevel' => '<string>',
                                    'MetricsEnabled' => true || false,
                                    'RequireAuthorizationForCacheControl' => true || false,
                                    'ResourcePath' => '<string>',
                                    'ThrottlingBurstLimit' => <integer>,
                                    'ThrottlingRateLimit' => <float>,
                                    'UnauthorizedCacheControlHeaderStrategy' => '<string>',
                                ],
                                // ...
                            ],
                            'StageName' => '<string>',
                            'TracingEnabled' => true || false,
                            'Variables' => ['<string>', ...],
                            'WebAclArn' => '<string>',
                        ],
                        'AwsApiGatewayV2Api' => [
                            'ApiEndpoint' => '<string>',
                            'ApiId' => '<string>',
                            'ApiKeySelectionExpression' => '<string>',
                            'CorsConfiguration' => [
                                'AllowCredentials' => true || false,
                                'AllowHeaders' => ['<string>', ...],
                                'AllowMethods' => ['<string>', ...],
                                'AllowOrigins' => ['<string>', ...],
                                'ExposeHeaders' => ['<string>', ...],
                                'MaxAge' => <integer>,
                            ],
                            'CreatedDate' => '<string>',
                            'Description' => '<string>',
                            'Name' => '<string>',
                            'ProtocolType' => '<string>',
                            'RouteSelectionExpression' => '<string>',
                            'Version' => '<string>',
                        ],
                        'AwsApiGatewayV2Stage' => [
                            'AccessLogSettings' => [
                                'DestinationArn' => '<string>',
                                'Format' => '<string>',
                            ],
                            'ApiGatewayManaged' => true || false,
                            'AutoDeploy' => true || false,
                            'ClientCertificateId' => '<string>',
                            'CreatedDate' => '<string>',
                            'DefaultRouteSettings' => [
                                'DataTraceEnabled' => true || false,
                                'DetailedMetricsEnabled' => true || false,
                                'LoggingLevel' => '<string>',
                                'ThrottlingBurstLimit' => <integer>,
                                'ThrottlingRateLimit' => <float>,
                            ],
                            'DeploymentId' => '<string>',
                            'Description' => '<string>',
                            'LastDeploymentStatusMessage' => '<string>',
                            'LastUpdatedDate' => '<string>',
                            'RouteSettings' => [
                                'DataTraceEnabled' => true || false,
                                'DetailedMetricsEnabled' => true || false,
                                'LoggingLevel' => '<string>',
                                'ThrottlingBurstLimit' => <integer>,
                                'ThrottlingRateLimit' => <float>,
                            ],
                            'StageName' => '<string>',
                            'StageVariables' => ['<string>', ...],
                        ],
                        'AwsAppSyncGraphQlApi' => [
                            'AdditionalAuthenticationProviders' => [
                                [
                                    'AuthenticationType' => '<string>',
                                    'LambdaAuthorizerConfig' => [
                                        'AuthorizerResultTtlInSeconds' => <integer>,
                                        'AuthorizerUri' => '<string>',
                                        'IdentityValidationExpression' => '<string>',
                                    ],
                                    'OpenIdConnectConfig' => [
                                        'AuthTtL' => <integer>,
                                        'ClientId' => '<string>',
                                        'IatTtL' => <integer>,
                                        'Issuer' => '<string>',
                                    ],
                                    'UserPoolConfig' => [
                                        'AppIdClientRegex' => '<string>',
                                        'AwsRegion' => '<string>',
                                        'DefaultAction' => '<string>',
                                        'UserPoolId' => '<string>',
                                    ],
                                ],
                                // ...
                            ],
                            'ApiId' => '<string>',
                            'Arn' => '<string>',
                            'AuthenticationType' => '<string>',
                            'Id' => '<string>',
                            'LambdaAuthorizerConfig' => [
                                'AuthorizerResultTtlInSeconds' => <integer>,
                                'AuthorizerUri' => '<string>',
                                'IdentityValidationExpression' => '<string>',
                            ],
                            'LogConfig' => [
                                'CloudWatchLogsRoleArn' => '<string>',
                                'ExcludeVerboseContent' => true || false,
                                'FieldLogLevel' => '<string>',
                            ],
                            'Name' => '<string>',
                            'OpenIdConnectConfig' => [
                                'AuthTtL' => <integer>,
                                'ClientId' => '<string>',
                                'IatTtL' => <integer>,
                                'Issuer' => '<string>',
                            ],
                            'UserPoolConfig' => [
                                'AppIdClientRegex' => '<string>',
                                'AwsRegion' => '<string>',
                                'DefaultAction' => '<string>',
                                'UserPoolId' => '<string>',
                            ],
                            'WafWebAclArn' => '<string>',
                            'XrayEnabled' => true || false,
                        ],
                        'AwsAthenaWorkGroup' => [
                            'Configuration' => [
                                'ResultConfiguration' => [
                                    'EncryptionConfiguration' => [
                                        'EncryptionOption' => '<string>',
                                        'KmsKey' => '<string>',
                                    ],
                                ],
                            ],
                            'Description' => '<string>',
                            'Name' => '<string>',
                            'State' => '<string>',
                        ],
                        'AwsAutoScalingAutoScalingGroup' => [
                            'AvailabilityZones' => [
                                [
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'CapacityRebalance' => true || false,
                            'CreatedTime' => '<string>',
                            'HealthCheckGracePeriod' => <integer>,
                            'HealthCheckType' => '<string>',
                            'LaunchConfigurationName' => '<string>',
                            'LaunchTemplate' => [
                                'LaunchTemplateId' => '<string>',
                                'LaunchTemplateName' => '<string>',
                                'Version' => '<string>',
                            ],
                            'LoadBalancerNames' => ['<string>', ...],
                            'MixedInstancesPolicy' => [
                                'InstancesDistribution' => [
                                    'OnDemandAllocationStrategy' => '<string>',
                                    'OnDemandBaseCapacity' => <integer>,
                                    'OnDemandPercentageAboveBaseCapacity' => <integer>,
                                    'SpotAllocationStrategy' => '<string>',
                                    'SpotInstancePools' => <integer>,
                                    'SpotMaxPrice' => '<string>',
                                ],
                                'LaunchTemplate' => [
                                    'LaunchTemplateSpecification' => [
                                        'LaunchTemplateId' => '<string>',
                                        'LaunchTemplateName' => '<string>',
                                        'Version' => '<string>',
                                    ],
                                    'Overrides' => [
                                        [
                                            'InstanceType' => '<string>',
                                            'WeightedCapacity' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                            ],
                        ],
                        'AwsAutoScalingLaunchConfiguration' => [
                            'AssociatePublicIpAddress' => true || false,
                            'BlockDeviceMappings' => [
                                [
                                    'DeviceName' => '<string>',
                                    'Ebs' => [
                                        'DeleteOnTermination' => true || false,
                                        'Encrypted' => true || false,
                                        'Iops' => <integer>,
                                        'SnapshotId' => '<string>',
                                        'VolumeSize' => <integer>,
                                        'VolumeType' => '<string>',
                                    ],
                                    'NoDevice' => true || false,
                                    'VirtualName' => '<string>',
                                ],
                                // ...
                            ],
                            'ClassicLinkVpcId' => '<string>',
                            'ClassicLinkVpcSecurityGroups' => ['<string>', ...],
                            'CreatedTime' => '<string>',
                            'EbsOptimized' => true || false,
                            'IamInstanceProfile' => '<string>',
                            'ImageId' => '<string>',
                            'InstanceMonitoring' => [
                                'Enabled' => true || false,
                            ],
                            'InstanceType' => '<string>',
                            'KernelId' => '<string>',
                            'KeyName' => '<string>',
                            'LaunchConfigurationName' => '<string>',
                            'MetadataOptions' => [
                                'HttpEndpoint' => '<string>',
                                'HttpPutResponseHopLimit' => <integer>,
                                'HttpTokens' => '<string>',
                            ],
                            'PlacementTenancy' => '<string>',
                            'RamdiskId' => '<string>',
                            'SecurityGroups' => ['<string>', ...],
                            'SpotPrice' => '<string>',
                            'UserData' => '<string>',
                        ],
                        'AwsBackupBackupPlan' => [
                            'BackupPlan' => [
                                'AdvancedBackupSettings' => [
                                    [
                                        'BackupOptions' => ['<string>', ...],
                                        'ResourceType' => '<string>',
                                    ],
                                    // ...
                                ],
                                'BackupPlanName' => '<string>',
                                'BackupPlanRule' => [
                                    [
                                        'CompletionWindowMinutes' => <integer>,
                                        'CopyActions' => [
                                            [
                                                'DestinationBackupVaultArn' => '<string>',
                                                'Lifecycle' => [
                                                    'DeleteAfterDays' => <integer>,
                                                    'MoveToColdStorageAfterDays' => <integer>,
                                                ],
                                            ],
                                            // ...
                                        ],
                                        'EnableContinuousBackup' => true || false,
                                        'Lifecycle' => [
                                            'DeleteAfterDays' => <integer>,
                                            'MoveToColdStorageAfterDays' => <integer>,
                                        ],
                                        'RuleId' => '<string>',
                                        'RuleName' => '<string>',
                                        'ScheduleExpression' => '<string>',
                                        'StartWindowMinutes' => <integer>,
                                        'TargetBackupVault' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'BackupPlanArn' => '<string>',
                            'BackupPlanId' => '<string>',
                            'VersionId' => '<string>',
                        ],
                        'AwsBackupBackupVault' => [
                            'AccessPolicy' => '<string>',
                            'BackupVaultArn' => '<string>',
                            'BackupVaultName' => '<string>',
                            'EncryptionKeyArn' => '<string>',
                            'Notifications' => [
                                'BackupVaultEvents' => ['<string>', ...],
                                'SnsTopicArn' => '<string>',
                            ],
                        ],
                        'AwsBackupRecoveryPoint' => [
                            'BackupSizeInBytes' => <integer>,
                            'BackupVaultArn' => '<string>',
                            'BackupVaultName' => '<string>',
                            'CalculatedLifecycle' => [
                                'DeleteAt' => '<string>',
                                'MoveToColdStorageAt' => '<string>',
                            ],
                            'CompletionDate' => '<string>',
                            'CreatedBy' => [
                                'BackupPlanArn' => '<string>',
                                'BackupPlanId' => '<string>',
                                'BackupPlanVersion' => '<string>',
                                'BackupRuleId' => '<string>',
                            ],
                            'CreationDate' => '<string>',
                            'EncryptionKeyArn' => '<string>',
                            'IamRoleArn' => '<string>',
                            'IsEncrypted' => true || false,
                            'LastRestoreTime' => '<string>',
                            'Lifecycle' => [
                                'DeleteAfterDays' => <integer>,
                                'MoveToColdStorageAfterDays' => <integer>,
                            ],
                            'RecoveryPointArn' => '<string>',
                            'ResourceArn' => '<string>',
                            'ResourceType' => '<string>',
                            'SourceBackupVaultArn' => '<string>',
                            'Status' => '<string>',
                            'StatusMessage' => '<string>',
                            'StorageClass' => '<string>',
                        ],
                        'AwsCertificateManagerCertificate' => [
                            'CertificateAuthorityArn' => '<string>',
                            'CreatedAt' => '<string>',
                            'DomainName' => '<string>',
                            'DomainValidationOptions' => [
                                [
                                    'DomainName' => '<string>',
                                    'ResourceRecord' => [
                                        'Name' => '<string>',
                                        'Type' => '<string>',
                                        'Value' => '<string>',
                                    ],
                                    'ValidationDomain' => '<string>',
                                    'ValidationEmails' => ['<string>', ...],
                                    'ValidationMethod' => '<string>',
                                    'ValidationStatus' => '<string>',
                                ],
                                // ...
                            ],
                            'ExtendedKeyUsages' => [
                                [
                                    'Name' => '<string>',
                                    'OId' => '<string>',
                                ],
                                // ...
                            ],
                            'FailureReason' => '<string>',
                            'ImportedAt' => '<string>',
                            'InUseBy' => ['<string>', ...],
                            'IssuedAt' => '<string>',
                            'Issuer' => '<string>',
                            'KeyAlgorithm' => '<string>',
                            'KeyUsages' => [
                                [
                                    'Name' => '<string>',
                                ],
                                // ...
                            ],
                            'NotAfter' => '<string>',
                            'NotBefore' => '<string>',
                            'Options' => [
                                'CertificateTransparencyLoggingPreference' => '<string>',
                            ],
                            'RenewalEligibility' => '<string>',
                            'RenewalSummary' => [
                                'DomainValidationOptions' => [
                                    [
                                        'DomainName' => '<string>',
                                        'ResourceRecord' => [
                                            'Name' => '<string>',
                                            'Type' => '<string>',
                                            'Value' => '<string>',
                                        ],
                                        'ValidationDomain' => '<string>',
                                        'ValidationEmails' => ['<string>', ...],
                                        'ValidationMethod' => '<string>',
                                        'ValidationStatus' => '<string>',
                                    ],
                                    // ...
                                ],
                                'RenewalStatus' => '<string>',
                                'RenewalStatusReason' => '<string>',
                                'UpdatedAt' => '<string>',
                            ],
                            'Serial' => '<string>',
                            'SignatureAlgorithm' => '<string>',
                            'Status' => '<string>',
                            'Subject' => '<string>',
                            'SubjectAlternativeNames' => ['<string>', ...],
                            'Type' => '<string>',
                        ],
                        'AwsCloudFormationStack' => [
                            'Capabilities' => ['<string>', ...],
                            'CreationTime' => '<string>',
                            'Description' => '<string>',
                            'DisableRollback' => true || false,
                            'DriftInformation' => [
                                'StackDriftStatus' => '<string>',
                            ],
                            'EnableTerminationProtection' => true || false,
                            'LastUpdatedTime' => '<string>',
                            'NotificationArns' => ['<string>', ...],
                            'Outputs' => [
                                [
                                    'Description' => '<string>',
                                    'OutputKey' => '<string>',
                                    'OutputValue' => '<string>',
                                ],
                                // ...
                            ],
                            'RoleArn' => '<string>',
                            'StackId' => '<string>',
                            'StackName' => '<string>',
                            'StackStatus' => '<string>',
                            'StackStatusReason' => '<string>',
                            'TimeoutInMinutes' => <integer>,
                        ],
                        'AwsCloudFrontDistribution' => [
                            'CacheBehaviors' => [
                                'Items' => [
                                    [
                                        'ViewerProtocolPolicy' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'DefaultCacheBehavior' => [
                                'ViewerProtocolPolicy' => '<string>',
                            ],
                            'DefaultRootObject' => '<string>',
                            'DomainName' => '<string>',
                            'ETag' => '<string>',
                            'LastModifiedTime' => '<string>',
                            'Logging' => [
                                'Bucket' => '<string>',
                                'Enabled' => true || false,
                                'IncludeCookies' => true || false,
                                'Prefix' => '<string>',
                            ],
                            'OriginGroups' => [
                                'Items' => [
                                    [
                                        'FailoverCriteria' => [
                                            'StatusCodes' => [
                                                'Items' => [<integer>, ...],
                                                'Quantity' => <integer>,
                                            ],
                                        ],
                                    ],
                                    // ...
                                ],
                            ],
                            'Origins' => [
                                'Items' => [
                                    [
                                        'CustomOriginConfig' => [
                                            'HttpPort' => <integer>,
                                            'HttpsPort' => <integer>,
                                            'OriginKeepaliveTimeout' => <integer>,
                                            'OriginProtocolPolicy' => '<string>',
                                            'OriginReadTimeout' => <integer>,
                                            'OriginSslProtocols' => [
                                                'Items' => ['<string>', ...],
                                                'Quantity' => <integer>,
                                            ],
                                        ],
                                        'DomainName' => '<string>',
                                        'Id' => '<string>',
                                        'OriginPath' => '<string>',
                                        'S3OriginConfig' => [
                                            'OriginAccessIdentity' => '<string>',
                                        ],
                                    ],
                                    // ...
                                ],
                            ],
                            'Status' => '<string>',
                            'ViewerCertificate' => [
                                'AcmCertificateArn' => '<string>',
                                'Certificate' => '<string>',
                                'CertificateSource' => '<string>',
                                'CloudFrontDefaultCertificate' => true || false,
                                'IamCertificateId' => '<string>',
                                'MinimumProtocolVersion' => '<string>',
                                'SslSupportMethod' => '<string>',
                            ],
                            'WebAclId' => '<string>',
                        ],
                        'AwsCloudTrailTrail' => [
                            'CloudWatchLogsLogGroupArn' => '<string>',
                            'CloudWatchLogsRoleArn' => '<string>',
                            'HasCustomEventSelectors' => true || false,
                            'HomeRegion' => '<string>',
                            'IncludeGlobalServiceEvents' => true || false,
                            'IsMultiRegionTrail' => true || false,
                            'IsOrganizationTrail' => true || false,
                            'KmsKeyId' => '<string>',
                            'LogFileValidationEnabled' => true || false,
                            'Name' => '<string>',
                            'S3BucketName' => '<string>',
                            'S3KeyPrefix' => '<string>',
                            'SnsTopicArn' => '<string>',
                            'SnsTopicName' => '<string>',
                            'TrailArn' => '<string>',
                        ],
                        'AwsCloudWatchAlarm' => [
                            'ActionsEnabled' => true || false,
                            'AlarmActions' => ['<string>', ...],
                            'AlarmArn' => '<string>',
                            'AlarmConfigurationUpdatedTimestamp' => '<string>',
                            'AlarmDescription' => '<string>',
                            'AlarmName' => '<string>',
                            'ComparisonOperator' => '<string>',
                            'DatapointsToAlarm' => <integer>,
                            'Dimensions' => [
                                [
                                    'Name' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'EvaluateLowSampleCountPercentile' => '<string>',
                            'EvaluationPeriods' => <integer>,
                            'ExtendedStatistic' => '<string>',
                            'InsufficientDataActions' => ['<string>', ...],
                            'MetricName' => '<string>',
                            'Namespace' => '<string>',
                            'OkActions' => ['<string>', ...],
                            'Period' => <integer>,
                            'Statistic' => '<string>',
                            'Threshold' => <float>,
                            'ThresholdMetricId' => '<string>',
                            'TreatMissingData' => '<string>',
                            'Unit' => '<string>',
                        ],
                        'AwsCodeBuildProject' => [
                            'Artifacts' => [
                                [
                                    'ArtifactIdentifier' => '<string>',
                                    'EncryptionDisabled' => true || false,
                                    'Location' => '<string>',
                                    'Name' => '<string>',
                                    'NamespaceType' => '<string>',
                                    'OverrideArtifactName' => true || false,
                                    'Packaging' => '<string>',
                                    'Path' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'EncryptionKey' => '<string>',
                            'Environment' => [
                                'Certificate' => '<string>',
                                'EnvironmentVariables' => [
                                    [
                                        'Name' => '<string>',
                                        'Type' => '<string>',
                                        'Value' => '<string>',
                                    ],
                                    // ...
                                ],
                                'ImagePullCredentialsType' => '<string>',
                                'PrivilegedMode' => true || false,
                                'RegistryCredential' => [
                                    'Credential' => '<string>',
                                    'CredentialProvider' => '<string>',
                                ],
                                'Type' => '<string>',
                            ],
                            'LogsConfig' => [
                                'CloudWatchLogs' => [
                                    'GroupName' => '<string>',
                                    'Status' => '<string>',
                                    'StreamName' => '<string>',
                                ],
                                'S3Logs' => [
                                    'EncryptionDisabled' => true || false,
                                    'Location' => '<string>',
                                    'Status' => '<string>',
                                ],
                            ],
                            'Name' => '<string>',
                            'SecondaryArtifacts' => [
                                [
                                    'ArtifactIdentifier' => '<string>',
                                    'EncryptionDisabled' => true || false,
                                    'Location' => '<string>',
                                    'Name' => '<string>',
                                    'NamespaceType' => '<string>',
                                    'OverrideArtifactName' => true || false,
                                    'Packaging' => '<string>',
                                    'Path' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'ServiceRole' => '<string>',
                            'Source' => [
                                'GitCloneDepth' => <integer>,
                                'InsecureSsl' => true || false,
                                'Location' => '<string>',
                                'Type' => '<string>',
                            ],
                            'VpcConfig' => [
                                'SecurityGroupIds' => ['<string>', ...],
                                'Subnets' => ['<string>', ...],
                                'VpcId' => '<string>',
                            ],
                        ],
                        'AwsDmsEndpoint' => [
                            'CertificateArn' => '<string>',
                            'DatabaseName' => '<string>',
                            'EndpointArn' => '<string>',
                            'EndpointIdentifier' => '<string>',
                            'EndpointType' => '<string>',
                            'EngineName' => '<string>',
                            'ExternalId' => '<string>',
                            'ExtraConnectionAttributes' => '<string>',
                            'KmsKeyId' => '<string>',
                            'Port' => <integer>,
                            'ServerName' => '<string>',
                            'SslMode' => '<string>',
                            'Username' => '<string>',
                        ],
                        'AwsDmsReplicationInstance' => [
                            'AllocatedStorage' => <integer>,
                            'AutoMinorVersionUpgrade' => true || false,
                            'AvailabilityZone' => '<string>',
                            'EngineVersion' => '<string>',
                            'KmsKeyId' => '<string>',
                            'MultiAZ' => true || false,
                            'PreferredMaintenanceWindow' => '<string>',
                            'PubliclyAccessible' => true || false,
                            'ReplicationInstanceClass' => '<string>',
                            'ReplicationInstanceIdentifier' => '<string>',
                            'ReplicationSubnetGroup' => [
                                'ReplicationSubnetGroupIdentifier' => '<string>',
                            ],
                            'VpcSecurityGroups' => [
                                [
                                    'VpcSecurityGroupId' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsDmsReplicationTask' => [
                            'CdcStartPosition' => '<string>',
                            'CdcStartTime' => '<string>',
                            'CdcStopPosition' => '<string>',
                            'Id' => '<string>',
                            'MigrationType' => '<string>',
                            'ReplicationInstanceArn' => '<string>',
                            'ReplicationTaskIdentifier' => '<string>',
                            'ReplicationTaskSettings' => '<string>',
                            'ResourceIdentifier' => '<string>',
                            'SourceEndpointArn' => '<string>',
                            'TableMappings' => '<string>',
                            'TargetEndpointArn' => '<string>',
                            'TaskData' => '<string>',
                        ],
                        'AwsDynamoDbTable' => [
                            'AttributeDefinitions' => [
                                [
                                    'AttributeName' => '<string>',
                                    'AttributeType' => '<string>',
                                ],
                                // ...
                            ],
                            'BillingModeSummary' => [
                                'BillingMode' => '<string>',
                                'LastUpdateToPayPerRequestDateTime' => '<string>',
                            ],
                            'CreationDateTime' => '<string>',
                            'DeletionProtectionEnabled' => true || false,
                            'GlobalSecondaryIndexes' => [
                                [
                                    'Backfilling' => true || false,
                                    'IndexArn' => '<string>',
                                    'IndexName' => '<string>',
                                    'IndexSizeBytes' => <integer>,
                                    'IndexStatus' => '<string>',
                                    'ItemCount' => <integer>,
                                    'KeySchema' => [
                                        [
                                            'AttributeName' => '<string>',
                                            'KeyType' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Projection' => [
                                        'NonKeyAttributes' => ['<string>', ...],
                                        'ProjectionType' => '<string>',
                                    ],
                                    'ProvisionedThroughput' => [
                                        'LastDecreaseDateTime' => '<string>',
                                        'LastIncreaseDateTime' => '<string>',
                                        'NumberOfDecreasesToday' => <integer>,
                                        'ReadCapacityUnits' => <integer>,
                                        'WriteCapacityUnits' => <integer>,
                                    ],
                                ],
                                // ...
                            ],
                            'GlobalTableVersion' => '<string>',
                            'ItemCount' => <integer>,
                            'KeySchema' => [
                                [
                                    'AttributeName' => '<string>',
                                    'KeyType' => '<string>',
                                ],
                                // ...
                            ],
                            'LatestStreamArn' => '<string>',
                            'LatestStreamLabel' => '<string>',
                            'LocalSecondaryIndexes' => [
                                [
                                    'IndexArn' => '<string>',
                                    'IndexName' => '<string>',
                                    'KeySchema' => [
                                        [
                                            'AttributeName' => '<string>',
                                            'KeyType' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Projection' => [
                                        'NonKeyAttributes' => ['<string>', ...],
                                        'ProjectionType' => '<string>',
                                    ],
                                ],
                                // ...
                            ],
                            'ProvisionedThroughput' => [
                                'LastDecreaseDateTime' => '<string>',
                                'LastIncreaseDateTime' => '<string>',
                                'NumberOfDecreasesToday' => <integer>,
                                'ReadCapacityUnits' => <integer>,
                                'WriteCapacityUnits' => <integer>,
                            ],
                            'Replicas' => [
                                [
                                    'GlobalSecondaryIndexes' => [
                                        [
                                            'IndexName' => '<string>',
                                            'ProvisionedThroughputOverride' => [
                                                'ReadCapacityUnits' => <integer>,
                                            ],
                                        ],
                                        // ...
                                    ],
                                    'KmsMasterKeyId' => '<string>',
                                    'ProvisionedThroughputOverride' => [
                                        'ReadCapacityUnits' => <integer>,
                                    ],
                                    'RegionName' => '<string>',
                                    'ReplicaStatus' => '<string>',
                                    'ReplicaStatusDescription' => '<string>',
                                ],
                                // ...
                            ],
                            'RestoreSummary' => [
                                'RestoreDateTime' => '<string>',
                                'RestoreInProgress' => true || false,
                                'SourceBackupArn' => '<string>',
                                'SourceTableArn' => '<string>',
                            ],
                            'SseDescription' => [
                                'InaccessibleEncryptionDateTime' => '<string>',
                                'KmsMasterKeyArn' => '<string>',
                                'SseType' => '<string>',
                                'Status' => '<string>',
                            ],
                            'StreamSpecification' => [
                                'StreamEnabled' => true || false,
                                'StreamViewType' => '<string>',
                            ],
                            'TableId' => '<string>',
                            'TableName' => '<string>',
                            'TableSizeBytes' => <integer>,
                            'TableStatus' => '<string>',
                        ],
                        'AwsEc2ClientVpnEndpoint' => [
                            'AuthenticationOptions' => [
                                [
                                    'ActiveDirectory' => [
                                        'DirectoryId' => '<string>',
                                    ],
                                    'FederatedAuthentication' => [
                                        'SamlProviderArn' => '<string>',
                                        'SelfServiceSamlProviderArn' => '<string>',
                                    ],
                                    'MutualAuthentication' => [
                                        'ClientRootCertificateChain' => '<string>',
                                    ],
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'ClientCidrBlock' => '<string>',
                            'ClientConnectOptions' => [
                                'Enabled' => true || false,
                                'LambdaFunctionArn' => '<string>',
                                'Status' => [
                                    'Code' => '<string>',
                                    'Message' => '<string>',
                                ],
                            ],
                            'ClientLoginBannerOptions' => [
                                'BannerText' => '<string>',
                                'Enabled' => true || false,
                            ],
                            'ClientVpnEndpointId' => '<string>',
                            'ConnectionLogOptions' => [
                                'CloudwatchLogGroup' => '<string>',
                                'CloudwatchLogStream' => '<string>',
                                'Enabled' => true || false,
                            ],
                            'Description' => '<string>',
                            'DnsServer' => ['<string>', ...],
                            'SecurityGroupIdSet' => ['<string>', ...],
                            'SelfServicePortalUrl' => '<string>',
                            'ServerCertificateArn' => '<string>',
                            'SessionTimeoutHours' => <integer>,
                            'SplitTunnel' => true || false,
                            'TransportProtocol' => '<string>',
                            'VpcId' => '<string>',
                            'VpnPort' => <integer>,
                        ],
                        'AwsEc2Eip' => [
                            'AllocationId' => '<string>',
                            'AssociationId' => '<string>',
                            'Domain' => '<string>',
                            'InstanceId' => '<string>',
                            'NetworkBorderGroup' => '<string>',
                            'NetworkInterfaceId' => '<string>',
                            'NetworkInterfaceOwnerId' => '<string>',
                            'PrivateIpAddress' => '<string>',
                            'PublicIp' => '<string>',
                            'PublicIpv4Pool' => '<string>',
                        ],
                        'AwsEc2Instance' => [
                            'IamInstanceProfileArn' => '<string>',
                            'ImageId' => '<string>',
                            'IpV4Addresses' => ['<string>', ...],
                            'IpV6Addresses' => ['<string>', ...],
                            'KeyName' => '<string>',
                            'LaunchedAt' => '<string>',
                            'MetadataOptions' => [
                                'HttpEndpoint' => '<string>',
                                'HttpProtocolIpv6' => '<string>',
                                'HttpPutResponseHopLimit' => <integer>,
                                'HttpTokens' => '<string>',
                                'InstanceMetadataTags' => '<string>',
                            ],
                            'Monitoring' => [
                                'State' => '<string>',
                            ],
                            'NetworkInterfaces' => [
                                [
                                    'NetworkInterfaceId' => '<string>',
                                ],
                                // ...
                            ],
                            'SubnetId' => '<string>',
                            'Type' => '<string>',
                            'VirtualizationType' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2LaunchTemplate' => [
                            'DefaultVersionNumber' => <integer>,
                            'Id' => '<string>',
                            'LatestVersionNumber' => <integer>,
                            'LaunchTemplateData' => [
                                'BlockDeviceMappingSet' => [
                                    [
                                        'DeviceName' => '<string>',
                                        'Ebs' => [
                                            'DeleteOnTermination' => true || false,
                                            'Encrypted' => true || false,
                                            'Iops' => <integer>,
                                            'KmsKeyId' => '<string>',
                                            'SnapshotId' => '<string>',
                                            'Throughput' => <integer>,
                                            'VolumeSize' => <integer>,
                                            'VolumeType' => '<string>',
                                        ],
                                        'NoDevice' => '<string>',
                                        'VirtualName' => '<string>',
                                    ],
                                    // ...
                                ],
                                'CapacityReservationSpecification' => [
                                    'CapacityReservationPreference' => '<string>',
                                    'CapacityReservationTarget' => [
                                        'CapacityReservationId' => '<string>',
                                        'CapacityReservationResourceGroupArn' => '<string>',
                                    ],
                                ],
                                'CpuOptions' => [
                                    'CoreCount' => <integer>,
                                    'ThreadsPerCore' => <integer>,
                                ],
                                'CreditSpecification' => [
                                    'CpuCredits' => '<string>',
                                ],
                                'DisableApiStop' => true || false,
                                'DisableApiTermination' => true || false,
                                'EbsOptimized' => true || false,
                                'ElasticGpuSpecificationSet' => [
                                    [
                                        'Type' => '<string>',
                                    ],
                                    // ...
                                ],
                                'ElasticInferenceAcceleratorSet' => [
                                    [
                                        'Count' => <integer>,
                                        'Type' => '<string>',
                                    ],
                                    // ...
                                ],
                                'EnclaveOptions' => [
                                    'Enabled' => true || false,
                                ],
                                'HibernationOptions' => [
                                    'Configured' => true || false,
                                ],
                                'IamInstanceProfile' => [
                                    'Arn' => '<string>',
                                    'Name' => '<string>',
                                ],
                                'ImageId' => '<string>',
                                'InstanceInitiatedShutdownBehavior' => '<string>',
                                'InstanceMarketOptions' => [
                                    'MarketType' => '<string>',
                                    'SpotOptions' => [
                                        'BlockDurationMinutes' => <integer>,
                                        'InstanceInterruptionBehavior' => '<string>',
                                        'MaxPrice' => '<string>',
                                        'SpotInstanceType' => '<string>',
                                        'ValidUntil' => '<string>',
                                    ],
                                ],
                                'InstanceRequirements' => [
                                    'AcceleratorCount' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                    'AcceleratorManufacturers' => ['<string>', ...],
                                    'AcceleratorNames' => ['<string>', ...],
                                    'AcceleratorTotalMemoryMiB' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                    'AcceleratorTypes' => ['<string>', ...],
                                    'BareMetal' => '<string>',
                                    'BaselineEbsBandwidthMbps' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                    'BurstablePerformance' => '<string>',
                                    'CpuManufacturers' => ['<string>', ...],
                                    'ExcludedInstanceTypes' => ['<string>', ...],
                                    'InstanceGenerations' => ['<string>', ...],
                                    'LocalStorage' => '<string>',
                                    'LocalStorageTypes' => ['<string>', ...],
                                    'MemoryGiBPerVCpu' => [
                                        'Max' => <float>,
                                        'Min' => <float>,
                                    ],
                                    'MemoryMiB' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                    'NetworkInterfaceCount' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                    'OnDemandMaxPricePercentageOverLowestPrice' => <integer>,
                                    'RequireHibernateSupport' => true || false,
                                    'SpotMaxPricePercentageOverLowestPrice' => <integer>,
                                    'TotalLocalStorageGB' => [
                                        'Max' => <float>,
                                        'Min' => <float>,
                                    ],
                                    'VCpuCount' => [
                                        'Max' => <integer>,
                                        'Min' => <integer>,
                                    ],
                                ],
                                'InstanceType' => '<string>',
                                'KernelId' => '<string>',
                                'KeyName' => '<string>',
                                'LicenseSet' => [
                                    [
                                        'LicenseConfigurationArn' => '<string>',
                                    ],
                                    // ...
                                ],
                                'MaintenanceOptions' => [
                                    'AutoRecovery' => '<string>',
                                ],
                                'MetadataOptions' => [
                                    'HttpEndpoint' => '<string>',
                                    'HttpProtocolIpv6' => '<string>',
                                    'HttpPutResponseHopLimit' => <integer>,
                                    'HttpTokens' => '<string>',
                                    'InstanceMetadataTags' => '<string>',
                                ],
                                'Monitoring' => [
                                    'Enabled' => true || false,
                                ],
                                'NetworkInterfaceSet' => [
                                    [
                                        'AssociateCarrierIpAddress' => true || false,
                                        'AssociatePublicIpAddress' => true || false,
                                        'DeleteOnTermination' => true || false,
                                        'Description' => '<string>',
                                        'DeviceIndex' => <integer>,
                                        'Groups' => ['<string>', ...],
                                        'InterfaceType' => '<string>',
                                        'Ipv4PrefixCount' => <integer>,
                                        'Ipv4Prefixes' => [
                                            [
                                                'Ipv4Prefix' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'Ipv6AddressCount' => <integer>,
                                        'Ipv6Addresses' => [
                                            [
                                                'Ipv6Address' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'Ipv6PrefixCount' => <integer>,
                                        'Ipv6Prefixes' => [
                                            [
                                                'Ipv6Prefix' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'NetworkCardIndex' => <integer>,
                                        'NetworkInterfaceId' => '<string>',
                                        'PrivateIpAddress' => '<string>',
                                        'PrivateIpAddresses' => [
                                            [
                                                'Primary' => true || false,
                                                'PrivateIpAddress' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'SecondaryPrivateIpAddressCount' => <integer>,
                                        'SubnetId' => '<string>',
                                    ],
                                    // ...
                                ],
                                'Placement' => [
                                    'Affinity' => '<string>',
                                    'AvailabilityZone' => '<string>',
                                    'GroupName' => '<string>',
                                    'HostId' => '<string>',
                                    'HostResourceGroupArn' => '<string>',
                                    'PartitionNumber' => <integer>,
                                    'SpreadDomain' => '<string>',
                                    'Tenancy' => '<string>',
                                ],
                                'PrivateDnsNameOptions' => [
                                    'EnableResourceNameDnsAAAARecord' => true || false,
                                    'EnableResourceNameDnsARecord' => true || false,
                                    'HostnameType' => '<string>',
                                ],
                                'RamDiskId' => '<string>',
                                'SecurityGroupIdSet' => ['<string>', ...],
                                'SecurityGroupSet' => ['<string>', ...],
                                'UserData' => '<string>',
                            ],
                            'LaunchTemplateName' => '<string>',
                        ],
                        'AwsEc2NetworkAcl' => [
                            'Associations' => [
                                [
                                    'NetworkAclAssociationId' => '<string>',
                                    'NetworkAclId' => '<string>',
                                    'SubnetId' => '<string>',
                                ],
                                // ...
                            ],
                            'Entries' => [
                                [
                                    'CidrBlock' => '<string>',
                                    'Egress' => true || false,
                                    'IcmpTypeCode' => [
                                        'Code' => <integer>,
                                        'Type' => <integer>,
                                    ],
                                    'Ipv6CidrBlock' => '<string>',
                                    'PortRange' => [
                                        'From' => <integer>,
                                        'To' => <integer>,
                                    ],
                                    'Protocol' => '<string>',
                                    'RuleAction' => '<string>',
                                    'RuleNumber' => <integer>,
                                ],
                                // ...
                            ],
                            'IsDefault' => true || false,
                            'NetworkAclId' => '<string>',
                            'OwnerId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2NetworkInterface' => [
                            'Attachment' => [
                                'AttachTime' => '<string>',
                                'AttachmentId' => '<string>',
                                'DeleteOnTermination' => true || false,
                                'DeviceIndex' => <integer>,
                                'InstanceId' => '<string>',
                                'InstanceOwnerId' => '<string>',
                                'Status' => '<string>',
                            ],
                            'IpV6Addresses' => [
                                [
                                    'IpV6Address' => '<string>',
                                ],
                                // ...
                            ],
                            'NetworkInterfaceId' => '<string>',
                            'PrivateIpAddresses' => [
                                [
                                    'PrivateDnsName' => '<string>',
                                    'PrivateIpAddress' => '<string>',
                                ],
                                // ...
                            ],
                            'PublicDnsName' => '<string>',
                            'PublicIp' => '<string>',
                            'SecurityGroups' => [
                                [
                                    'GroupId' => '<string>',
                                    'GroupName' => '<string>',
                                ],
                                // ...
                            ],
                            'SourceDestCheck' => true || false,
                        ],
                        'AwsEc2RouteTable' => [
                            'AssociationSet' => [
                                [
                                    'AssociationState' => [
                                        'State' => '<string>',
                                        'StatusMessage' => '<string>',
                                    ],
                                    'GatewayId' => '<string>',
                                    'Main' => true || false,
                                    'RouteTableAssociationId' => '<string>',
                                    'RouteTableId' => '<string>',
                                    'SubnetId' => '<string>',
                                ],
                                // ...
                            ],
                            'OwnerId' => '<string>',
                            'PropagatingVgwSet' => [
                                [
                                    'GatewayId' => '<string>',
                                ],
                                // ...
                            ],
                            'RouteSet' => [
                                [
                                    'CarrierGatewayId' => '<string>',
                                    'CoreNetworkArn' => '<string>',
                                    'DestinationCidrBlock' => '<string>',
                                    'DestinationIpv6CidrBlock' => '<string>',
                                    'DestinationPrefixListId' => '<string>',
                                    'EgressOnlyInternetGatewayId' => '<string>',
                                    'GatewayId' => '<string>',
                                    'InstanceId' => '<string>',
                                    'InstanceOwnerId' => '<string>',
                                    'LocalGatewayId' => '<string>',
                                    'NatGatewayId' => '<string>',
                                    'NetworkInterfaceId' => '<string>',
                                    'Origin' => '<string>',
                                    'State' => '<string>',
                                    'TransitGatewayId' => '<string>',
                                    'VpcPeeringConnectionId' => '<string>',
                                ],
                                // ...
                            ],
                            'RouteTableId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2SecurityGroup' => [
                            'GroupId' => '<string>',
                            'GroupName' => '<string>',
                            'IpPermissions' => [
                                [
                                    'FromPort' => <integer>,
                                    'IpProtocol' => '<string>',
                                    'IpRanges' => [
                                        [
                                            'CidrIp' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Ipv6Ranges' => [
                                        [
                                            'CidrIpv6' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'PrefixListIds' => [
                                        [
                                            'PrefixListId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'ToPort' => <integer>,
                                    'UserIdGroupPairs' => [
                                        [
                                            'GroupId' => '<string>',
                                            'GroupName' => '<string>',
                                            'PeeringStatus' => '<string>',
                                            'UserId' => '<string>',
                                            'VpcId' => '<string>',
                                            'VpcPeeringConnectionId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                                // ...
                            ],
                            'IpPermissionsEgress' => [
                                [
                                    'FromPort' => <integer>,
                                    'IpProtocol' => '<string>',
                                    'IpRanges' => [
                                        [
                                            'CidrIp' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Ipv6Ranges' => [
                                        [
                                            'CidrIpv6' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'PrefixListIds' => [
                                        [
                                            'PrefixListId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'ToPort' => <integer>,
                                    'UserIdGroupPairs' => [
                                        [
                                            'GroupId' => '<string>',
                                            'GroupName' => '<string>',
                                            'PeeringStatus' => '<string>',
                                            'UserId' => '<string>',
                                            'VpcId' => '<string>',
                                            'VpcPeeringConnectionId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                                // ...
                            ],
                            'OwnerId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2Subnet' => [
                            'AssignIpv6AddressOnCreation' => true || false,
                            'AvailabilityZone' => '<string>',
                            'AvailabilityZoneId' => '<string>',
                            'AvailableIpAddressCount' => <integer>,
                            'CidrBlock' => '<string>',
                            'DefaultForAz' => true || false,
                            'Ipv6CidrBlockAssociationSet' => [
                                [
                                    'AssociationId' => '<string>',
                                    'CidrBlockState' => '<string>',
                                    'Ipv6CidrBlock' => '<string>',
                                ],
                                // ...
                            ],
                            'MapPublicIpOnLaunch' => true || false,
                            'OwnerId' => '<string>',
                            'State' => '<string>',
                            'SubnetArn' => '<string>',
                            'SubnetId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEc2TransitGateway' => [
                            'AmazonSideAsn' => <integer>,
                            'AssociationDefaultRouteTableId' => '<string>',
                            'AutoAcceptSharedAttachments' => '<string>',
                            'DefaultRouteTableAssociation' => '<string>',
                            'DefaultRouteTablePropagation' => '<string>',
                            'Description' => '<string>',
                            'DnsSupport' => '<string>',
                            'Id' => '<string>',
                            'MulticastSupport' => '<string>',
                            'PropagationDefaultRouteTableId' => '<string>',
                            'TransitGatewayCidrBlocks' => ['<string>', ...],
                            'VpnEcmpSupport' => '<string>',
                        ],
                        'AwsEc2Volume' => [
                            'Attachments' => [
                                [
                                    'AttachTime' => '<string>',
                                    'DeleteOnTermination' => true || false,
                                    'InstanceId' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'CreateTime' => '<string>',
                            'DeviceName' => '<string>',
                            'Encrypted' => true || false,
                            'KmsKeyId' => '<string>',
                            'Size' => <integer>,
                            'SnapshotId' => '<string>',
                            'Status' => '<string>',
                            'VolumeId' => '<string>',
                            'VolumeScanStatus' => '<string>',
                            'VolumeType' => '<string>',
                        ],
                        'AwsEc2Vpc' => [
                            'CidrBlockAssociationSet' => [
                                [
                                    'AssociationId' => '<string>',
                                    'CidrBlock' => '<string>',
                                    'CidrBlockState' => '<string>',
                                ],
                                // ...
                            ],
                            'DhcpOptionsId' => '<string>',
                            'Ipv6CidrBlockAssociationSet' => [
                                [
                                    'AssociationId' => '<string>',
                                    'CidrBlockState' => '<string>',
                                    'Ipv6CidrBlock' => '<string>',
                                ],
                                // ...
                            ],
                            'State' => '<string>',
                        ],
                        'AwsEc2VpcEndpointService' => [
                            'AcceptanceRequired' => true || false,
                            'AvailabilityZones' => ['<string>', ...],
                            'BaseEndpointDnsNames' => ['<string>', ...],
                            'GatewayLoadBalancerArns' => ['<string>', ...],
                            'ManagesVpcEndpoints' => true || false,
                            'NetworkLoadBalancerArns' => ['<string>', ...],
                            'PrivateDnsName' => '<string>',
                            'ServiceId' => '<string>',
                            'ServiceName' => '<string>',
                            'ServiceState' => '<string>',
                            'ServiceType' => [
                                [
                                    'ServiceType' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsEc2VpcPeeringConnection' => [
                            'AccepterVpcInfo' => [
                                'CidrBlock' => '<string>',
                                'CidrBlockSet' => [
                                    [
                                        'CidrBlock' => '<string>',
                                    ],
                                    // ...
                                ],
                                'Ipv6CidrBlockSet' => [
                                    [
                                        'Ipv6CidrBlock' => '<string>',
                                    ],
                                    // ...
                                ],
                                'OwnerId' => '<string>',
                                'PeeringOptions' => [
                                    'AllowDnsResolutionFromRemoteVpc' => true || false,
                                    'AllowEgressFromLocalClassicLinkToRemoteVpc' => true || false,
                                    'AllowEgressFromLocalVpcToRemoteClassicLink' => true || false,
                                ],
                                'Region' => '<string>',
                                'VpcId' => '<string>',
                            ],
                            'ExpirationTime' => '<string>',
                            'RequesterVpcInfo' => [
                                'CidrBlock' => '<string>',
                                'CidrBlockSet' => [
                                    [
                                        'CidrBlock' => '<string>',
                                    ],
                                    // ...
                                ],
                                'Ipv6CidrBlockSet' => [
                                    [
                                        'Ipv6CidrBlock' => '<string>',
                                    ],
                                    // ...
                                ],
                                'OwnerId' => '<string>',
                                'PeeringOptions' => [
                                    'AllowDnsResolutionFromRemoteVpc' => true || false,
                                    'AllowEgressFromLocalClassicLinkToRemoteVpc' => true || false,
                                    'AllowEgressFromLocalVpcToRemoteClassicLink' => true || false,
                                ],
                                'Region' => '<string>',
                                'VpcId' => '<string>',
                            ],
                            'Status' => [
                                'Code' => '<string>',
                                'Message' => '<string>',
                            ],
                            'VpcPeeringConnectionId' => '<string>',
                        ],
                        'AwsEc2VpnConnection' => [
                            'Category' => '<string>',
                            'CustomerGatewayConfiguration' => '<string>',
                            'CustomerGatewayId' => '<string>',
                            'Options' => [
                                'StaticRoutesOnly' => true || false,
                                'TunnelOptions' => [
                                    [
                                        'DpdTimeoutSeconds' => <integer>,
                                        'IkeVersions' => ['<string>', ...],
                                        'OutsideIpAddress' => '<string>',
                                        'Phase1DhGroupNumbers' => [<integer>, ...],
                                        'Phase1EncryptionAlgorithms' => ['<string>', ...],
                                        'Phase1IntegrityAlgorithms' => ['<string>', ...],
                                        'Phase1LifetimeSeconds' => <integer>,
                                        'Phase2DhGroupNumbers' => [<integer>, ...],
                                        'Phase2EncryptionAlgorithms' => ['<string>', ...],
                                        'Phase2IntegrityAlgorithms' => ['<string>', ...],
                                        'Phase2LifetimeSeconds' => <integer>,
                                        'PreSharedKey' => '<string>',
                                        'RekeyFuzzPercentage' => <integer>,
                                        'RekeyMarginTimeSeconds' => <integer>,
                                        'ReplayWindowSize' => <integer>,
                                        'TunnelInsideCidr' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'Routes' => [
                                [
                                    'DestinationCidrBlock' => '<string>',
                                    'State' => '<string>',
                                ],
                                // ...
                            ],
                            'State' => '<string>',
                            'TransitGatewayId' => '<string>',
                            'Type' => '<string>',
                            'VgwTelemetry' => [
                                [
                                    'AcceptedRouteCount' => <integer>,
                                    'CertificateArn' => '<string>',
                                    'LastStatusChange' => '<string>',
                                    'OutsideIpAddress' => '<string>',
                                    'Status' => '<string>',
                                    'StatusMessage' => '<string>',
                                ],
                                // ...
                            ],
                            'VpnConnectionId' => '<string>',
                            'VpnGatewayId' => '<string>',
                        ],
                        'AwsEcrContainerImage' => [
                            'Architecture' => '<string>',
                            'ImageDigest' => '<string>',
                            'ImagePublishedAt' => '<string>',
                            'ImageTags' => ['<string>', ...],
                            'RegistryId' => '<string>',
                            'RepositoryName' => '<string>',
                        ],
                        'AwsEcrRepository' => [
                            'Arn' => '<string>',
                            'ImageScanningConfiguration' => [
                                'ScanOnPush' => true || false,
                            ],
                            'ImageTagMutability' => '<string>',
                            'LifecyclePolicy' => [
                                'LifecyclePolicyText' => '<string>',
                                'RegistryId' => '<string>',
                            ],
                            'RepositoryName' => '<string>',
                            'RepositoryPolicyText' => '<string>',
                        ],
                        'AwsEcsCluster' => [
                            'ActiveServicesCount' => <integer>,
                            'CapacityProviders' => ['<string>', ...],
                            'ClusterArn' => '<string>',
                            'ClusterName' => '<string>',
                            'ClusterSettings' => [
                                [
                                    'Name' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'Configuration' => [
                                'ExecuteCommandConfiguration' => [
                                    'KmsKeyId' => '<string>',
                                    'LogConfiguration' => [
                                        'CloudWatchEncryptionEnabled' => true || false,
                                        'CloudWatchLogGroupName' => '<string>',
                                        'S3BucketName' => '<string>',
                                        'S3EncryptionEnabled' => true || false,
                                        'S3KeyPrefix' => '<string>',
                                    ],
                                    'Logging' => '<string>',
                                ],
                            ],
                            'DefaultCapacityProviderStrategy' => [
                                [
                                    'Base' => <integer>,
                                    'CapacityProvider' => '<string>',
                                    'Weight' => <integer>,
                                ],
                                // ...
                            ],
                            'RegisteredContainerInstancesCount' => <integer>,
                            'RunningTasksCount' => <integer>,
                            'Status' => '<string>',
                        ],
                        'AwsEcsContainer' => [
                            'Image' => '<string>',
                            'MountPoints' => [
                                [
                                    'ContainerPath' => '<string>',
                                    'SourceVolume' => '<string>',
                                ],
                                // ...
                            ],
                            'Name' => '<string>',
                            'Privileged' => true || false,
                        ],
                        'AwsEcsService' => [
                            'CapacityProviderStrategy' => [
                                [
                                    'Base' => <integer>,
                                    'CapacityProvider' => '<string>',
                                    'Weight' => <integer>,
                                ],
                                // ...
                            ],
                            'Cluster' => '<string>',
                            'DeploymentConfiguration' => [
                                'DeploymentCircuitBreaker' => [
                                    'Enable' => true || false,
                                    'Rollback' => true || false,
                                ],
                                'MaximumPercent' => <integer>,
                                'MinimumHealthyPercent' => <integer>,
                            ],
                            'DeploymentController' => [
                                'Type' => '<string>',
                            ],
                            'DesiredCount' => <integer>,
                            'EnableEcsManagedTags' => true || false,
                            'EnableExecuteCommand' => true || false,
                            'HealthCheckGracePeriodSeconds' => <integer>,
                            'LaunchType' => '<string>',
                            'LoadBalancers' => [
                                [
                                    'ContainerName' => '<string>',
                                    'ContainerPort' => <integer>,
                                    'LoadBalancerName' => '<string>',
                                    'TargetGroupArn' => '<string>',
                                ],
                                // ...
                            ],
                            'Name' => '<string>',
                            'NetworkConfiguration' => [
                                'AwsVpcConfiguration' => [
                                    'AssignPublicIp' => '<string>',
                                    'SecurityGroups' => ['<string>', ...],
                                    'Subnets' => ['<string>', ...],
                                ],
                            ],
                            'PlacementConstraints' => [
                                [
                                    'Expression' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'PlacementStrategies' => [
                                [
                                    'Field' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'PlatformVersion' => '<string>',
                            'PropagateTags' => '<string>',
                            'Role' => '<string>',
                            'SchedulingStrategy' => '<string>',
                            'ServiceArn' => '<string>',
                            'ServiceName' => '<string>',
                            'ServiceRegistries' => [
                                [
                                    'ContainerName' => '<string>',
                                    'ContainerPort' => <integer>,
                                    'Port' => <integer>,
                                    'RegistryArn' => '<string>',
                                ],
                                // ...
                            ],
                            'TaskDefinition' => '<string>',
                        ],
                        'AwsEcsTask' => [
                            'ClusterArn' => '<string>',
                            'Containers' => [
                                [
                                    'Image' => '<string>',
                                    'MountPoints' => [
                                        [
                                            'ContainerPath' => '<string>',
                                            'SourceVolume' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Name' => '<string>',
                                    'Privileged' => true || false,
                                ],
                                // ...
                            ],
                            'CreatedAt' => '<string>',
                            'Group' => '<string>',
                            'StartedAt' => '<string>',
                            'StartedBy' => '<string>',
                            'TaskDefinitionArn' => '<string>',
                            'Version' => '<string>',
                            'Volumes' => [
                                [
                                    'Host' => [
                                        'SourcePath' => '<string>',
                                    ],
                                    'Name' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsEcsTaskDefinition' => [
                            'ContainerDefinitions' => [
                                [
                                    'Command' => ['<string>', ...],
                                    'Cpu' => <integer>,
                                    'DependsOn' => [
                                        [
                                            'Condition' => '<string>',
                                            'ContainerName' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'DisableNetworking' => true || false,
                                    'DnsSearchDomains' => ['<string>', ...],
                                    'DnsServers' => ['<string>', ...],
                                    'DockerLabels' => ['<string>', ...],
                                    'DockerSecurityOptions' => ['<string>', ...],
                                    'EntryPoint' => ['<string>', ...],
                                    'Environment' => [
                                        [
                                            'Name' => '<string>',
                                            'Value' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'EnvironmentFiles' => [
                                        [
                                            'Type' => '<string>',
                                            'Value' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Essential' => true || false,
                                    'ExtraHosts' => [
                                        [
                                            'Hostname' => '<string>',
                                            'IpAddress' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'FirelensConfiguration' => [
                                        'Options' => ['<string>', ...],
                                        'Type' => '<string>',
                                    ],
                                    'HealthCheck' => [
                                        'Command' => ['<string>', ...],
                                        'Interval' => <integer>,
                                        'Retries' => <integer>,
                                        'StartPeriod' => <integer>,
                                        'Timeout' => <integer>,
                                    ],
                                    'Hostname' => '<string>',
                                    'Image' => '<string>',
                                    'Interactive' => true || false,
                                    'Links' => ['<string>', ...],
                                    'LinuxParameters' => [
                                        'Capabilities' => [
                                            'Add' => ['<string>', ...],
                                            'Drop' => ['<string>', ...],
                                        ],
                                        'Devices' => [
                                            [
                                                'ContainerPath' => '<string>',
                                                'HostPath' => '<string>',
                                                'Permissions' => ['<string>', ...],
                                            ],
                                            // ...
                                        ],
                                        'InitProcessEnabled' => true || false,
                                        'MaxSwap' => <integer>,
                                        'SharedMemorySize' => <integer>,
                                        'Swappiness' => <integer>,
                                        'Tmpfs' => [
                                            [
                                                'ContainerPath' => '<string>',
                                                'MountOptions' => ['<string>', ...],
                                                'Size' => <integer>,
                                            ],
                                            // ...
                                        ],
                                    ],
                                    'LogConfiguration' => [
                                        'LogDriver' => '<string>',
                                        'Options' => ['<string>', ...],
                                        'SecretOptions' => [
                                            [
                                                'Name' => '<string>',
                                                'ValueFrom' => '<string>',
                                            ],
                                            // ...
                                        ],
                                    ],
                                    'Memory' => <integer>,
                                    'MemoryReservation' => <integer>,
                                    'MountPoints' => [
                                        [
                                            'ContainerPath' => '<string>',
                                            'ReadOnly' => true || false,
                                            'SourceVolume' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Name' => '<string>',
                                    'PortMappings' => [
                                        [
                                            'ContainerPort' => <integer>,
                                            'HostPort' => <integer>,
                                            'Protocol' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Privileged' => true || false,
                                    'PseudoTerminal' => true || false,
                                    'ReadonlyRootFilesystem' => true || false,
                                    'RepositoryCredentials' => [
                                        'CredentialsParameter' => '<string>',
                                    ],
                                    'ResourceRequirements' => [
                                        [
                                            'Type' => '<string>',
                                            'Value' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Secrets' => [
                                        [
                                            'Name' => '<string>',
                                            'ValueFrom' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'StartTimeout' => <integer>,
                                    'StopTimeout' => <integer>,
                                    'SystemControls' => [
                                        [
                                            'Namespace' => '<string>',
                                            'Value' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'Ulimits' => [
                                        [
                                            'HardLimit' => <integer>,
                                            'Name' => '<string>',
                                            'SoftLimit' => <integer>,
                                        ],
                                        // ...
                                    ],
                                    'User' => '<string>',
                                    'VolumesFrom' => [
                                        [
                                            'ReadOnly' => true || false,
                                            'SourceContainer' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'WorkingDirectory' => '<string>',
                                ],
                                // ...
                            ],
                            'Cpu' => '<string>',
                            'ExecutionRoleArn' => '<string>',
                            'Family' => '<string>',
                            'InferenceAccelerators' => [
                                [
                                    'DeviceName' => '<string>',
                                    'DeviceType' => '<string>',
                                ],
                                // ...
                            ],
                            'IpcMode' => '<string>',
                            'Memory' => '<string>',
                            'NetworkMode' => '<string>',
                            'PidMode' => '<string>',
                            'PlacementConstraints' => [
                                [
                                    'Expression' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'ProxyConfiguration' => [
                                'ContainerName' => '<string>',
                                'ProxyConfigurationProperties' => [
                                    [
                                        'Name' => '<string>',
                                        'Value' => '<string>',
                                    ],
                                    // ...
                                ],
                                'Type' => '<string>',
                            ],
                            'RequiresCompatibilities' => ['<string>', ...],
                            'Status' => '<string>',
                            'TaskRoleArn' => '<string>',
                            'Volumes' => [
                                [
                                    'DockerVolumeConfiguration' => [
                                        'Autoprovision' => true || false,
                                        'Driver' => '<string>',
                                        'DriverOpts' => ['<string>', ...],
                                        'Labels' => ['<string>', ...],
                                        'Scope' => '<string>',
                                    ],
                                    'EfsVolumeConfiguration' => [
                                        'AuthorizationConfig' => [
                                            'AccessPointId' => '<string>',
                                            'Iam' => '<string>',
                                        ],
                                        'FilesystemId' => '<string>',
                                        'RootDirectory' => '<string>',
                                        'TransitEncryption' => '<string>',
                                        'TransitEncryptionPort' => <integer>,
                                    ],
                                    'Host' => [
                                        'SourcePath' => '<string>',
                                    ],
                                    'Name' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsEfsAccessPoint' => [
                            'AccessPointId' => '<string>',
                            'Arn' => '<string>',
                            'ClientToken' => '<string>',
                            'FileSystemId' => '<string>',
                            'PosixUser' => [
                                'Gid' => '<string>',
                                'SecondaryGids' => ['<string>', ...],
                                'Uid' => '<string>',
                            ],
                            'RootDirectory' => [
                                'CreationInfo' => [
                                    'OwnerGid' => '<string>',
                                    'OwnerUid' => '<string>',
                                    'Permissions' => '<string>',
                                ],
                                'Path' => '<string>',
                            ],
                        ],
                        'AwsEksCluster' => [
                            'Arn' => '<string>',
                            'CertificateAuthorityData' => '<string>',
                            'ClusterStatus' => '<string>',
                            'Endpoint' => '<string>',
                            'Logging' => [
                                'ClusterLogging' => [
                                    [
                                        'Enabled' => true || false,
                                        'Types' => ['<string>', ...],
                                    ],
                                    // ...
                                ],
                            ],
                            'Name' => '<string>',
                            'ResourcesVpcConfig' => [
                                'EndpointPublicAccess' => true || false,
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                            ],
                            'RoleArn' => '<string>',
                            'Version' => '<string>',
                        ],
                        'AwsElasticBeanstalkEnvironment' => [
                            'ApplicationName' => '<string>',
                            'Cname' => '<string>',
                            'DateCreated' => '<string>',
                            'DateUpdated' => '<string>',
                            'Description' => '<string>',
                            'EndpointUrl' => '<string>',
                            'EnvironmentArn' => '<string>',
                            'EnvironmentId' => '<string>',
                            'EnvironmentLinks' => [
                                [
                                    'EnvironmentName' => '<string>',
                                    'LinkName' => '<string>',
                                ],
                                // ...
                            ],
                            'EnvironmentName' => '<string>',
                            'OptionSettings' => [
                                [
                                    'Namespace' => '<string>',
                                    'OptionName' => '<string>',
                                    'ResourceName' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'PlatformArn' => '<string>',
                            'SolutionStackName' => '<string>',
                            'Status' => '<string>',
                            'Tier' => [
                                'Name' => '<string>',
                                'Type' => '<string>',
                                'Version' => '<string>',
                            ],
                            'VersionLabel' => '<string>',
                        ],
                        'AwsElasticsearchDomain' => [
                            'AccessPolicies' => '<string>',
                            'DomainEndpointOptions' => [
                                'EnforceHTTPS' => true || false,
                                'TLSSecurityPolicy' => '<string>',
                            ],
                            'DomainId' => '<string>',
                            'DomainName' => '<string>',
                            'ElasticsearchClusterConfig' => [
                                'DedicatedMasterCount' => <integer>,
                                'DedicatedMasterEnabled' => true || false,
                                'DedicatedMasterType' => '<string>',
                                'InstanceCount' => <integer>,
                                'InstanceType' => '<string>',
                                'ZoneAwarenessConfig' => [
                                    'AvailabilityZoneCount' => <integer>,
                                ],
                                'ZoneAwarenessEnabled' => true || false,
                            ],
                            'ElasticsearchVersion' => '<string>',
                            'EncryptionAtRestOptions' => [
                                'Enabled' => true || false,
                                'KmsKeyId' => '<string>',
                            ],
                            'Endpoint' => '<string>',
                            'Endpoints' => ['<string>', ...],
                            'LogPublishingOptions' => [
                                'AuditLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                                'IndexSlowLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                                'SearchSlowLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                            ],
                            'NodeToNodeEncryptionOptions' => [
                                'Enabled' => true || false,
                            ],
                            'ServiceSoftwareOptions' => [
                                'AutomatedUpdateDate' => '<string>',
                                'Cancellable' => true || false,
                                'CurrentVersion' => '<string>',
                                'Description' => '<string>',
                                'NewVersion' => '<string>',
                                'UpdateAvailable' => true || false,
                                'UpdateStatus' => '<string>',
                            ],
                            'VPCOptions' => [
                                'AvailabilityZones' => ['<string>', ...],
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                                'VPCId' => '<string>',
                            ],
                        ],
                        'AwsElbLoadBalancer' => [
                            'AvailabilityZones' => ['<string>', ...],
                            'BackendServerDescriptions' => [
                                [
                                    'InstancePort' => <integer>,
                                    'PolicyNames' => ['<string>', ...],
                                ],
                                // ...
                            ],
                            'CanonicalHostedZoneName' => '<string>',
                            'CanonicalHostedZoneNameID' => '<string>',
                            'CreatedTime' => '<string>',
                            'DnsName' => '<string>',
                            'HealthCheck' => [
                                'HealthyThreshold' => <integer>,
                                'Interval' => <integer>,
                                'Target' => '<string>',
                                'Timeout' => <integer>,
                                'UnhealthyThreshold' => <integer>,
                            ],
                            'Instances' => [
                                [
                                    'InstanceId' => '<string>',
                                ],
                                // ...
                            ],
                            'ListenerDescriptions' => [
                                [
                                    'Listener' => [
                                        'InstancePort' => <integer>,
                                        'InstanceProtocol' => '<string>',
                                        'LoadBalancerPort' => <integer>,
                                        'Protocol' => '<string>',
                                        'SslCertificateId' => '<string>',
                                    ],
                                    'PolicyNames' => ['<string>', ...],
                                ],
                                // ...
                            ],
                            'LoadBalancerAttributes' => [
                                'AccessLog' => [
                                    'EmitInterval' => <integer>,
                                    'Enabled' => true || false,
                                    'S3BucketName' => '<string>',
                                    'S3BucketPrefix' => '<string>',
                                ],
                                'AdditionalAttributes' => [
                                    [
                                        'Key' => '<string>',
                                        'Value' => '<string>',
                                    ],
                                    // ...
                                ],
                                'ConnectionDraining' => [
                                    'Enabled' => true || false,
                                    'Timeout' => <integer>,
                                ],
                                'ConnectionSettings' => [
                                    'IdleTimeout' => <integer>,
                                ],
                                'CrossZoneLoadBalancing' => [
                                    'Enabled' => true || false,
                                ],
                            ],
                            'LoadBalancerName' => '<string>',
                            'Policies' => [
                                'AppCookieStickinessPolicies' => [
                                    [
                                        'CookieName' => '<string>',
                                        'PolicyName' => '<string>',
                                    ],
                                    // ...
                                ],
                                'LbCookieStickinessPolicies' => [
                                    [
                                        'CookieExpirationPeriod' => <integer>,
                                        'PolicyName' => '<string>',
                                    ],
                                    // ...
                                ],
                                'OtherPolicies' => ['<string>', ...],
                            ],
                            'Scheme' => '<string>',
                            'SecurityGroups' => ['<string>', ...],
                            'SourceSecurityGroup' => [
                                'GroupName' => '<string>',
                                'OwnerAlias' => '<string>',
                            ],
                            'Subnets' => ['<string>', ...],
                            'VpcId' => '<string>',
                        ],
                        'AwsElbv2LoadBalancer' => [
                            'AvailabilityZones' => [
                                [
                                    'SubnetId' => '<string>',
                                    'ZoneName' => '<string>',
                                ],
                                // ...
                            ],
                            'CanonicalHostedZoneId' => '<string>',
                            'CreatedTime' => '<string>',
                            'DNSName' => '<string>',
                            'IpAddressType' => '<string>',
                            'LoadBalancerAttributes' => [
                                [
                                    'Key' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'Scheme' => '<string>',
                            'SecurityGroups' => ['<string>', ...],
                            'State' => [
                                'Code' => '<string>',
                                'Reason' => '<string>',
                            ],
                            'Type' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsEventSchemasRegistry' => [
                            'Description' => '<string>',
                            'RegistryArn' => '<string>',
                            'RegistryName' => '<string>',
                        ],
                        'AwsEventsEndpoint' => [
                            'Arn' => '<string>',
                            'Description' => '<string>',
                            'EndpointId' => '<string>',
                            'EndpointUrl' => '<string>',
                            'EventBuses' => [
                                [
                                    'EventBusArn' => '<string>',
                                ],
                                // ...
                            ],
                            'Name' => '<string>',
                            'ReplicationConfig' => [
                                'State' => '<string>',
                            ],
                            'RoleArn' => '<string>',
                            'RoutingConfig' => [
                                'FailoverConfig' => [
                                    'Primary' => [
                                        'HealthCheck' => '<string>',
                                    ],
                                    'Secondary' => [
                                        'Route' => '<string>',
                                    ],
                                ],
                            ],
                            'State' => '<string>',
                            'StateReason' => '<string>',
                        ],
                        'AwsEventsEventbus' => [
                            'Arn' => '<string>',
                            'Name' => '<string>',
                            'Policy' => '<string>',
                        ],
                        'AwsGuardDutyDetector' => [
                            'DataSources' => [
                                'CloudTrail' => [
                                    'Status' => '<string>',
                                ],
                                'DnsLogs' => [
                                    'Status' => '<string>',
                                ],
                                'FlowLogs' => [
                                    'Status' => '<string>',
                                ],
                                'Kubernetes' => [
                                    'AuditLogs' => [
                                        'Status' => '<string>',
                                    ],
                                ],
                                'MalwareProtection' => [
                                    'ScanEc2InstanceWithFindings' => [
                                        'EbsVolumes' => [
                                            'Reason' => '<string>',
                                            'Status' => '<string>',
                                        ],
                                    ],
                                    'ServiceRole' => '<string>',
                                ],
                                'S3Logs' => [
                                    'Status' => '<string>',
                                ],
                            ],
                            'Features' => [
                                [
                                    'Name' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'FindingPublishingFrequency' => '<string>',
                            'ServiceRole' => '<string>',
                            'Status' => '<string>',
                        ],
                        'AwsIamAccessKey' => [
                            'AccessKeyId' => '<string>',
                            'AccountId' => '<string>',
                            'CreatedAt' => '<string>',
                            'PrincipalId' => '<string>',
                            'PrincipalName' => '<string>',
                            'PrincipalType' => '<string>',
                            'SessionContext' => [
                                'Attributes' => [
                                    'CreationDate' => '<string>',
                                    'MfaAuthenticated' => true || false,
                                ],
                                'SessionIssuer' => [
                                    'AccountId' => '<string>',
                                    'Arn' => '<string>',
                                    'PrincipalId' => '<string>',
                                    'Type' => '<string>',
                                    'UserName' => '<string>',
                                ],
                            ],
                            'Status' => 'Active|Inactive',
                            'UserName' => '<string>',
                        ],
                        'AwsIamGroup' => [
                            'AttachedManagedPolicies' => [
                                [
                                    'PolicyArn' => '<string>',
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                            'CreateDate' => '<string>',
                            'GroupId' => '<string>',
                            'GroupName' => '<string>',
                            'GroupPolicyList' => [
                                [
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                            'Path' => '<string>',
                        ],
                        'AwsIamPolicy' => [
                            'AttachmentCount' => <integer>,
                            'CreateDate' => '<string>',
                            'DefaultVersionId' => '<string>',
                            'Description' => '<string>',
                            'IsAttachable' => true || false,
                            'Path' => '<string>',
                            'PermissionsBoundaryUsageCount' => <integer>,
                            'PolicyId' => '<string>',
                            'PolicyName' => '<string>',
                            'PolicyVersionList' => [
                                [
                                    'CreateDate' => '<string>',
                                    'IsDefaultVersion' => true || false,
                                    'VersionId' => '<string>',
                                ],
                                // ...
                            ],
                            'UpdateDate' => '<string>',
                        ],
                        'AwsIamRole' => [
                            'AssumeRolePolicyDocument' => '<string>',
                            'AttachedManagedPolicies' => [
                                [
                                    'PolicyArn' => '<string>',
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                            'CreateDate' => '<string>',
                            'InstanceProfileList' => [
                                [
                                    'Arn' => '<string>',
                                    'CreateDate' => '<string>',
                                    'InstanceProfileId' => '<string>',
                                    'InstanceProfileName' => '<string>',
                                    'Path' => '<string>',
                                    'Roles' => [
                                        [
                                            'Arn' => '<string>',
                                            'AssumeRolePolicyDocument' => '<string>',
                                            'CreateDate' => '<string>',
                                            'Path' => '<string>',
                                            'RoleId' => '<string>',
                                            'RoleName' => '<string>',
                                        ],
                                        // ...
                                    ],
                                ],
                                // ...
                            ],
                            'MaxSessionDuration' => <integer>,
                            'Path' => '<string>',
                            'PermissionsBoundary' => [
                                'PermissionsBoundaryArn' => '<string>',
                                'PermissionsBoundaryType' => '<string>',
                            ],
                            'RoleId' => '<string>',
                            'RoleName' => '<string>',
                            'RolePolicyList' => [
                                [
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsIamUser' => [
                            'AttachedManagedPolicies' => [
                                [
                                    'PolicyArn' => '<string>',
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                            'CreateDate' => '<string>',
                            'GroupList' => ['<string>', ...],
                            'Path' => '<string>',
                            'PermissionsBoundary' => [
                                'PermissionsBoundaryArn' => '<string>',
                                'PermissionsBoundaryType' => '<string>',
                            ],
                            'UserId' => '<string>',
                            'UserName' => '<string>',
                            'UserPolicyList' => [
                                [
                                    'PolicyName' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsKinesisStream' => [
                            'Arn' => '<string>',
                            'Name' => '<string>',
                            'RetentionPeriodHours' => <integer>,
                            'ShardCount' => <integer>,
                            'StreamEncryption' => [
                                'EncryptionType' => '<string>',
                                'KeyId' => '<string>',
                            ],
                        ],
                        'AwsKmsKey' => [
                            'AWSAccountId' => '<string>',
                            'CreationDate' => <float>,
                            'Description' => '<string>',
                            'KeyId' => '<string>',
                            'KeyManager' => '<string>',
                            'KeyRotationStatus' => true || false,
                            'KeyState' => '<string>',
                            'Origin' => '<string>',
                        ],
                        'AwsLambdaFunction' => [
                            'Architectures' => ['<string>', ...],
                            'Code' => [
                                'S3Bucket' => '<string>',
                                'S3Key' => '<string>',
                                'S3ObjectVersion' => '<string>',
                                'ZipFile' => '<string>',
                            ],
                            'CodeSha256' => '<string>',
                            'DeadLetterConfig' => [
                                'TargetArn' => '<string>',
                            ],
                            'Environment' => [
                                'Error' => [
                                    'ErrorCode' => '<string>',
                                    'Message' => '<string>',
                                ],
                                'Variables' => ['<string>', ...],
                            ],
                            'FunctionName' => '<string>',
                            'Handler' => '<string>',
                            'KmsKeyArn' => '<string>',
                            'LastModified' => '<string>',
                            'Layers' => [
                                [
                                    'Arn' => '<string>',
                                    'CodeSize' => <integer>,
                                ],
                                // ...
                            ],
                            'MasterArn' => '<string>',
                            'MemorySize' => <integer>,
                            'PackageType' => '<string>',
                            'RevisionId' => '<string>',
                            'Role' => '<string>',
                            'Runtime' => '<string>',
                            'Timeout' => <integer>,
                            'TracingConfig' => [
                                'Mode' => '<string>',
                            ],
                            'Version' => '<string>',
                            'VpcConfig' => [
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                                'VpcId' => '<string>',
                            ],
                        ],
                        'AwsLambdaLayerVersion' => [
                            'CompatibleRuntimes' => ['<string>', ...],
                            'CreatedDate' => '<string>',
                            'Version' => <integer>,
                        ],
                        'AwsMskCluster' => [
                            'ClusterInfo' => [
                                'ClientAuthentication' => [
                                    'Sasl' => [
                                        'Iam' => [
                                            'Enabled' => true || false,
                                        ],
                                        'Scram' => [
                                            'Enabled' => true || false,
                                        ],
                                    ],
                                    'Tls' => [
                                        'CertificateAuthorityArnList' => ['<string>', ...],
                                        'Enabled' => true || false,
                                    ],
                                    'Unauthenticated' => [
                                        'Enabled' => true || false,
                                    ],
                                ],
                                'ClusterName' => '<string>',
                                'CurrentVersion' => '<string>',
                                'EncryptionInfo' => [
                                    'EncryptionAtRest' => [
                                        'DataVolumeKMSKeyId' => '<string>',
                                    ],
                                    'EncryptionInTransit' => [
                                        'ClientBroker' => '<string>',
                                        'InCluster' => true || false,
                                    ],
                                ],
                                'EnhancedMonitoring' => '<string>',
                                'NumberOfBrokerNodes' => <integer>,
                            ],
                        ],
                        'AwsNetworkFirewallFirewall' => [
                            'DeleteProtection' => true || false,
                            'Description' => '<string>',
                            'FirewallArn' => '<string>',
                            'FirewallId' => '<string>',
                            'FirewallName' => '<string>',
                            'FirewallPolicyArn' => '<string>',
                            'FirewallPolicyChangeProtection' => true || false,
                            'SubnetChangeProtection' => true || false,
                            'SubnetMappings' => [
                                [
                                    'SubnetId' => '<string>',
                                ],
                                // ...
                            ],
                            'VpcId' => '<string>',
                        ],
                        'AwsNetworkFirewallFirewallPolicy' => [
                            'Description' => '<string>',
                            'FirewallPolicy' => [
                                'StatefulRuleGroupReferences' => [
                                    [
                                        'ResourceArn' => '<string>',
                                    ],
                                    // ...
                                ],
                                'StatelessCustomActions' => [
                                    [
                                        'ActionDefinition' => [
                                            'PublishMetricAction' => [
                                                'Dimensions' => [
                                                    [
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'ActionName' => '<string>',
                                    ],
                                    // ...
                                ],
                                'StatelessDefaultActions' => ['<string>', ...],
                                'StatelessFragmentDefaultActions' => ['<string>', ...],
                                'StatelessRuleGroupReferences' => [
                                    [
                                        'Priority' => <integer>,
                                        'ResourceArn' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'FirewallPolicyArn' => '<string>',
                            'FirewallPolicyId' => '<string>',
                            'FirewallPolicyName' => '<string>',
                        ],
                        'AwsNetworkFirewallRuleGroup' => [
                            'Capacity' => <integer>,
                            'Description' => '<string>',
                            'RuleGroup' => [
                                'RuleVariables' => [
                                    'IpSets' => [
                                        'Definition' => ['<string>', ...],
                                    ],
                                    'PortSets' => [
                                        'Definition' => ['<string>', ...],
                                    ],
                                ],
                                'RulesSource' => [
                                    'RulesSourceList' => [
                                        'GeneratedRulesType' => '<string>',
                                        'TargetTypes' => ['<string>', ...],
                                        'Targets' => ['<string>', ...],
                                    ],
                                    'RulesString' => '<string>',
                                    'StatefulRules' => [
                                        [
                                            'Action' => '<string>',
                                            'Header' => [
                                                'Destination' => '<string>',
                                                'DestinationPort' => '<string>',
                                                'Direction' => '<string>',
                                                'Protocol' => '<string>',
                                                'Source' => '<string>',
                                                'SourcePort' => '<string>',
                                            ],
                                            'RuleOptions' => [
                                                [
                                                    'Keyword' => '<string>',
                                                    'Settings' => ['<string>', ...],
                                                ],
                                                // ...
                                            ],
                                        ],
                                        // ...
                                    ],
                                    'StatelessRulesAndCustomActions' => [
                                        'CustomActions' => [
                                            [
                                                'ActionDefinition' => [
                                                    'PublishMetricAction' => [
                                                        'Dimensions' => [
                                                            [
                                                                'Value' => '<string>',
                                                            ],
                                                            // ...
                                                        ],
                                                    ],
                                                ],
                                                'ActionName' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'StatelessRules' => [
                                            [
                                                'Priority' => <integer>,
                                                'RuleDefinition' => [
                                                    'Actions' => ['<string>', ...],
                                                    'MatchAttributes' => [
                                                        'DestinationPorts' => [
                                                            [
                                                                'FromPort' => <integer>,
                                                                'ToPort' => <integer>,
                                                            ],
                                                            // ...
                                                        ],
                                                        'Destinations' => [
                                                            [
                                                                'AddressDefinition' => '<string>',
                                                            ],
                                                            // ...
                                                        ],
                                                        'Protocols' => [<integer>, ...],
                                                        'SourcePorts' => [
                                                            [
                                                                'FromPort' => <integer>,
                                                                'ToPort' => <integer>,
                                                            ],
                                                            // ...
                                                        ],
                                                        'Sources' => [
                                                            [
                                                                'AddressDefinition' => '<string>',
                                                            ],
                                                            // ...
                                                        ],
                                                        'TcpFlags' => [
                                                            [
                                                                'Flags' => ['<string>', ...],
                                                                'Masks' => ['<string>', ...],
                                                            ],
                                                            // ...
                                                        ],
                                                    ],
                                                ],
                                            ],
                                            // ...
                                        ],
                                    ],
                                ],
                            ],
                            'RuleGroupArn' => '<string>',
                            'RuleGroupId' => '<string>',
                            'RuleGroupName' => '<string>',
                            'Type' => '<string>',
                        ],
                        'AwsOpenSearchServiceDomain' => [
                            'AccessPolicies' => '<string>',
                            'AdvancedSecurityOptions' => [
                                'Enabled' => true || false,
                                'InternalUserDatabaseEnabled' => true || false,
                                'MasterUserOptions' => [
                                    'MasterUserArn' => '<string>',
                                    'MasterUserName' => '<string>',
                                    'MasterUserPassword' => '<string>',
                                ],
                            ],
                            'Arn' => '<string>',
                            'ClusterConfig' => [
                                'DedicatedMasterCount' => <integer>,
                                'DedicatedMasterEnabled' => true || false,
                                'DedicatedMasterType' => '<string>',
                                'InstanceCount' => <integer>,
                                'InstanceType' => '<string>',
                                'WarmCount' => <integer>,
                                'WarmEnabled' => true || false,
                                'WarmType' => '<string>',
                                'ZoneAwarenessConfig' => [
                                    'AvailabilityZoneCount' => <integer>,
                                ],
                                'ZoneAwarenessEnabled' => true || false,
                            ],
                            'DomainEndpoint' => '<string>',
                            'DomainEndpointOptions' => [
                                'CustomEndpoint' => '<string>',
                                'CustomEndpointCertificateArn' => '<string>',
                                'CustomEndpointEnabled' => true || false,
                                'EnforceHTTPS' => true || false,
                                'TLSSecurityPolicy' => '<string>',
                            ],
                            'DomainEndpoints' => ['<string>', ...],
                            'DomainName' => '<string>',
                            'EncryptionAtRestOptions' => [
                                'Enabled' => true || false,
                                'KmsKeyId' => '<string>',
                            ],
                            'EngineVersion' => '<string>',
                            'Id' => '<string>',
                            'LogPublishingOptions' => [
                                'AuditLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                                'IndexSlowLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                                'SearchSlowLogs' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'Enabled' => true || false,
                                ],
                            ],
                            'NodeToNodeEncryptionOptions' => [
                                'Enabled' => true || false,
                            ],
                            'ServiceSoftwareOptions' => [
                                'AutomatedUpdateDate' => '<string>',
                                'Cancellable' => true || false,
                                'CurrentVersion' => '<string>',
                                'Description' => '<string>',
                                'NewVersion' => '<string>',
                                'OptionalDeployment' => true || false,
                                'UpdateAvailable' => true || false,
                                'UpdateStatus' => '<string>',
                            ],
                            'VpcOptions' => [
                                'SecurityGroupIds' => ['<string>', ...],
                                'SubnetIds' => ['<string>', ...],
                            ],
                        ],
                        'AwsRdsDbCluster' => [
                            'ActivityStreamStatus' => '<string>',
                            'AllocatedStorage' => <integer>,
                            'AssociatedRoles' => [
                                [
                                    'RoleArn' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'AutoMinorVersionUpgrade' => true || false,
                            'AvailabilityZones' => ['<string>', ...],
                            'BackupRetentionPeriod' => <integer>,
                            'ClusterCreateTime' => '<string>',
                            'CopyTagsToSnapshot' => true || false,
                            'CrossAccountClone' => true || false,
                            'CustomEndpoints' => ['<string>', ...],
                            'DatabaseName' => '<string>',
                            'DbClusterIdentifier' => '<string>',
                            'DbClusterMembers' => [
                                [
                                    'DbClusterParameterGroupStatus' => '<string>',
                                    'DbInstanceIdentifier' => '<string>',
                                    'IsClusterWriter' => true || false,
                                    'PromotionTier' => <integer>,
                                ],
                                // ...
                            ],
                            'DbClusterOptionGroupMemberships' => [
                                [
                                    'DbClusterOptionGroupName' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'DbClusterParameterGroup' => '<string>',
                            'DbClusterResourceId' => '<string>',
                            'DbSubnetGroup' => '<string>',
                            'DeletionProtection' => true || false,
                            'DomainMemberships' => [
                                [
                                    'Domain' => '<string>',
                                    'Fqdn' => '<string>',
                                    'IamRoleName' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'EnabledCloudWatchLogsExports' => ['<string>', ...],
                            'Endpoint' => '<string>',
                            'Engine' => '<string>',
                            'EngineMode' => '<string>',
                            'EngineVersion' => '<string>',
                            'HostedZoneId' => '<string>',
                            'HttpEndpointEnabled' => true || false,
                            'IamDatabaseAuthenticationEnabled' => true || false,
                            'KmsKeyId' => '<string>',
                            'MasterUsername' => '<string>',
                            'MultiAz' => true || false,
                            'Port' => <integer>,
                            'PreferredBackupWindow' => '<string>',
                            'PreferredMaintenanceWindow' => '<string>',
                            'ReadReplicaIdentifiers' => ['<string>', ...],
                            'ReaderEndpoint' => '<string>',
                            'Status' => '<string>',
                            'StorageEncrypted' => true || false,
                            'VpcSecurityGroups' => [
                                [
                                    'Status' => '<string>',
                                    'VpcSecurityGroupId' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsRdsDbClusterSnapshot' => [
                            'AllocatedStorage' => <integer>,
                            'AvailabilityZones' => ['<string>', ...],
                            'ClusterCreateTime' => '<string>',
                            'DbClusterIdentifier' => '<string>',
                            'DbClusterSnapshotAttributes' => [
                                [
                                    'AttributeName' => '<string>',
                                    'AttributeValues' => ['<string>', ...],
                                ],
                                // ...
                            ],
                            'DbClusterSnapshotIdentifier' => '<string>',
                            'Engine' => '<string>',
                            'EngineVersion' => '<string>',
                            'IamDatabaseAuthenticationEnabled' => true || false,
                            'KmsKeyId' => '<string>',
                            'LicenseModel' => '<string>',
                            'MasterUsername' => '<string>',
                            'PercentProgress' => <integer>,
                            'Port' => <integer>,
                            'SnapshotCreateTime' => '<string>',
                            'SnapshotType' => '<string>',
                            'Status' => '<string>',
                            'StorageEncrypted' => true || false,
                            'VpcId' => '<string>',
                        ],
                        'AwsRdsDbInstance' => [
                            'AllocatedStorage' => <integer>,
                            'AssociatedRoles' => [
                                [
                                    'FeatureName' => '<string>',
                                    'RoleArn' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'AutoMinorVersionUpgrade' => true || false,
                            'AvailabilityZone' => '<string>',
                            'BackupRetentionPeriod' => <integer>,
                            'CACertificateIdentifier' => '<string>',
                            'CharacterSetName' => '<string>',
                            'CopyTagsToSnapshot' => true || false,
                            'DBClusterIdentifier' => '<string>',
                            'DBInstanceClass' => '<string>',
                            'DBInstanceIdentifier' => '<string>',
                            'DBName' => '<string>',
                            'DbInstancePort' => <integer>,
                            'DbInstanceStatus' => '<string>',
                            'DbParameterGroups' => [
                                [
                                    'DbParameterGroupName' => '<string>',
                                    'ParameterApplyStatus' => '<string>',
                                ],
                                // ...
                            ],
                            'DbSecurityGroups' => ['<string>', ...],
                            'DbSubnetGroup' => [
                                'DbSubnetGroupArn' => '<string>',
                                'DbSubnetGroupDescription' => '<string>',
                                'DbSubnetGroupName' => '<string>',
                                'SubnetGroupStatus' => '<string>',
                                'Subnets' => [
                                    [
                                        'SubnetAvailabilityZone' => [
                                            'Name' => '<string>',
                                        ],
                                        'SubnetIdentifier' => '<string>',
                                        'SubnetStatus' => '<string>',
                                    ],
                                    // ...
                                ],
                                'VpcId' => '<string>',
                            ],
                            'DbiResourceId' => '<string>',
                            'DeletionProtection' => true || false,
                            'DomainMemberships' => [
                                [
                                    'Domain' => '<string>',
                                    'Fqdn' => '<string>',
                                    'IamRoleName' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'EnabledCloudWatchLogsExports' => ['<string>', ...],
                            'Endpoint' => [
                                'Address' => '<string>',
                                'HostedZoneId' => '<string>',
                                'Port' => <integer>,
                            ],
                            'Engine' => '<string>',
                            'EngineVersion' => '<string>',
                            'EnhancedMonitoringResourceArn' => '<string>',
                            'IAMDatabaseAuthenticationEnabled' => true || false,
                            'InstanceCreateTime' => '<string>',
                            'Iops' => <integer>,
                            'KmsKeyId' => '<string>',
                            'LatestRestorableTime' => '<string>',
                            'LicenseModel' => '<string>',
                            'ListenerEndpoint' => [
                                'Address' => '<string>',
                                'HostedZoneId' => '<string>',
                                'Port' => <integer>,
                            ],
                            'MasterUsername' => '<string>',
                            'MaxAllocatedStorage' => <integer>,
                            'MonitoringInterval' => <integer>,
                            'MonitoringRoleArn' => '<string>',
                            'MultiAz' => true || false,
                            'OptionGroupMemberships' => [
                                [
                                    'OptionGroupName' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'PendingModifiedValues' => [
                                'AllocatedStorage' => <integer>,
                                'BackupRetentionPeriod' => <integer>,
                                'CaCertificateIdentifier' => '<string>',
                                'DbInstanceClass' => '<string>',
                                'DbInstanceIdentifier' => '<string>',
                                'DbSubnetGroupName' => '<string>',
                                'EngineVersion' => '<string>',
                                'Iops' => <integer>,
                                'LicenseModel' => '<string>',
                                'MasterUserPassword' => '<string>',
                                'MultiAZ' => true || false,
                                'PendingCloudWatchLogsExports' => [
                                    'LogTypesToDisable' => ['<string>', ...],
                                    'LogTypesToEnable' => ['<string>', ...],
                                ],
                                'Port' => <integer>,
                                'ProcessorFeatures' => [
                                    [
                                        'Name' => '<string>',
                                        'Value' => '<string>',
                                    ],
                                    // ...
                                ],
                                'StorageType' => '<string>',
                            ],
                            'PerformanceInsightsEnabled' => true || false,
                            'PerformanceInsightsKmsKeyId' => '<string>',
                            'PerformanceInsightsRetentionPeriod' => <integer>,
                            'PreferredBackupWindow' => '<string>',
                            'PreferredMaintenanceWindow' => '<string>',
                            'ProcessorFeatures' => [
                                [
                                    'Name' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'PromotionTier' => <integer>,
                            'PubliclyAccessible' => true || false,
                            'ReadReplicaDBClusterIdentifiers' => ['<string>', ...],
                            'ReadReplicaDBInstanceIdentifiers' => ['<string>', ...],
                            'ReadReplicaSourceDBInstanceIdentifier' => '<string>',
                            'SecondaryAvailabilityZone' => '<string>',
                            'StatusInfos' => [
                                [
                                    'Message' => '<string>',
                                    'Normal' => true || false,
                                    'Status' => '<string>',
                                    'StatusType' => '<string>',
                                ],
                                // ...
                            ],
                            'StorageEncrypted' => true || false,
                            'StorageType' => '<string>',
                            'TdeCredentialArn' => '<string>',
                            'Timezone' => '<string>',
                            'VpcSecurityGroups' => [
                                [
                                    'Status' => '<string>',
                                    'VpcSecurityGroupId' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsRdsDbSecurityGroup' => [
                            'DbSecurityGroupArn' => '<string>',
                            'DbSecurityGroupDescription' => '<string>',
                            'DbSecurityGroupName' => '<string>',
                            'Ec2SecurityGroups' => [
                                [
                                    'Ec2SecurityGroupId' => '<string>',
                                    'Ec2SecurityGroupName' => '<string>',
                                    'Ec2SecurityGroupOwnerId' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'IpRanges' => [
                                [
                                    'CidrIp' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'OwnerId' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsRdsDbSnapshot' => [
                            'AllocatedStorage' => <integer>,
                            'AvailabilityZone' => '<string>',
                            'DbInstanceIdentifier' => '<string>',
                            'DbSnapshotIdentifier' => '<string>',
                            'DbiResourceId' => '<string>',
                            'Encrypted' => true || false,
                            'Engine' => '<string>',
                            'EngineVersion' => '<string>',
                            'IamDatabaseAuthenticationEnabled' => true || false,
                            'InstanceCreateTime' => '<string>',
                            'Iops' => <integer>,
                            'KmsKeyId' => '<string>',
                            'LicenseModel' => '<string>',
                            'MasterUsername' => '<string>',
                            'OptionGroupName' => '<string>',
                            'PercentProgress' => <integer>,
                            'Port' => <integer>,
                            'ProcessorFeatures' => [
                                [
                                    'Name' => '<string>',
                                    'Value' => '<string>',
                                ],
                                // ...
                            ],
                            'SnapshotCreateTime' => '<string>',
                            'SnapshotType' => '<string>',
                            'SourceDbSnapshotIdentifier' => '<string>',
                            'SourceRegion' => '<string>',
                            'Status' => '<string>',
                            'StorageType' => '<string>',
                            'TdeCredentialArn' => '<string>',
                            'Timezone' => '<string>',
                            'VpcId' => '<string>',
                        ],
                        'AwsRdsEventSubscription' => [
                            'CustSubscriptionId' => '<string>',
                            'CustomerAwsId' => '<string>',
                            'Enabled' => true || false,
                            'EventCategoriesList' => ['<string>', ...],
                            'EventSubscriptionArn' => '<string>',
                            'SnsTopicArn' => '<string>',
                            'SourceIdsList' => ['<string>', ...],
                            'SourceType' => '<string>',
                            'Status' => '<string>',
                            'SubscriptionCreationTime' => '<string>',
                        ],
                        'AwsRedshiftCluster' => [
                            'AllowVersionUpgrade' => true || false,
                            'AutomatedSnapshotRetentionPeriod' => <integer>,
                            'AvailabilityZone' => '<string>',
                            'ClusterAvailabilityStatus' => '<string>',
                            'ClusterCreateTime' => '<string>',
                            'ClusterIdentifier' => '<string>',
                            'ClusterNodes' => [
                                [
                                    'NodeRole' => '<string>',
                                    'PrivateIpAddress' => '<string>',
                                    'PublicIpAddress' => '<string>',
                                ],
                                // ...
                            ],
                            'ClusterParameterGroups' => [
                                [
                                    'ClusterParameterStatusList' => [
                                        [
                                            'ParameterApplyErrorDescription' => '<string>',
                                            'ParameterApplyStatus' => '<string>',
                                            'ParameterName' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'ParameterApplyStatus' => '<string>',
                                    'ParameterGroupName' => '<string>',
                                ],
                                // ...
                            ],
                            'ClusterPublicKey' => '<string>',
                            'ClusterRevisionNumber' => '<string>',
                            'ClusterSecurityGroups' => [
                                [
                                    'ClusterSecurityGroupName' => '<string>',
                                    'Status' => '<string>',
                                ],
                                // ...
                            ],
                            'ClusterSnapshotCopyStatus' => [
                                'DestinationRegion' => '<string>',
                                'ManualSnapshotRetentionPeriod' => <integer>,
                                'RetentionPeriod' => <integer>,
                                'SnapshotCopyGrantName' => '<string>',
                            ],
                            'ClusterStatus' => '<string>',
                            'ClusterSubnetGroupName' => '<string>',
                            'ClusterVersion' => '<string>',
                            'DBName' => '<string>',
                            'DeferredMaintenanceWindows' => [
                                [
                                    'DeferMaintenanceEndTime' => '<string>',
                                    'DeferMaintenanceIdentifier' => '<string>',
                                    'DeferMaintenanceStartTime' => '<string>',
                                ],
                                // ...
                            ],
                            'ElasticIpStatus' => [
                                'ElasticIp' => '<string>',
                                'Status' => '<string>',
                            ],
                            'ElasticResizeNumberOfNodeOptions' => '<string>',
                            'Encrypted' => true || false,
                            'Endpoint' => [
                                'Address' => '<string>',
                                'Port' => <integer>,
                            ],
                            'EnhancedVpcRouting' => true || false,
                            'ExpectedNextSnapshotScheduleTime' => '<string>',
                            'ExpectedNextSnapshotScheduleTimeStatus' => '<string>',
                            'HsmStatus' => [
                                'HsmClientCertificateIdentifier' => '<string>',
                                'HsmConfigurationIdentifier' => '<string>',
                                'Status' => '<string>',
                            ],
                            'IamRoles' => [
                                [
                                    'ApplyStatus' => '<string>',
                                    'IamRoleArn' => '<string>',
                                ],
                                // ...
                            ],
                            'KmsKeyId' => '<string>',
                            'LoggingStatus' => [
                                'BucketName' => '<string>',
                                'LastFailureMessage' => '<string>',
                                'LastFailureTime' => '<string>',
                                'LastSuccessfulDeliveryTime' => '<string>',
                                'LoggingEnabled' => true || false,
                                'S3KeyPrefix' => '<string>',
                            ],
                            'MaintenanceTrackName' => '<string>',
                            'ManualSnapshotRetentionPeriod' => <integer>,
                            'MasterUsername' => '<string>',
                            'NextMaintenanceWindowStartTime' => '<string>',
                            'NodeType' => '<string>',
                            'NumberOfNodes' => <integer>,
                            'PendingActions' => ['<string>', ...],
                            'PendingModifiedValues' => [
                                'AutomatedSnapshotRetentionPeriod' => <integer>,
                                'ClusterIdentifier' => '<string>',
                                'ClusterType' => '<string>',
                                'ClusterVersion' => '<string>',
                                'EncryptionType' => '<string>',
                                'EnhancedVpcRouting' => true || false,
                                'MaintenanceTrackName' => '<string>',
                                'MasterUserPassword' => '<string>',
                                'NodeType' => '<string>',
                                'NumberOfNodes' => <integer>,
                                'PubliclyAccessible' => true || false,
                            ],
                            'PreferredMaintenanceWindow' => '<string>',
                            'PubliclyAccessible' => true || false,
                            'ResizeInfo' => [
                                'AllowCancelResize' => true || false,
                                'ResizeType' => '<string>',
                            ],
                            'RestoreStatus' => [
                                'CurrentRestoreRateInMegaBytesPerSecond' => <float>,
                                'ElapsedTimeInSeconds' => <integer>,
                                'EstimatedTimeToCompletionInSeconds' => <integer>,
                                'ProgressInMegaBytes' => <integer>,
                                'SnapshotSizeInMegaBytes' => <integer>,
                                'Status' => '<string>',
                            ],
                            'SnapshotScheduleIdentifier' => '<string>',
                            'SnapshotScheduleState' => '<string>',
                            'VpcId' => '<string>',
                            'VpcSecurityGroups' => [
                                [
                                    'Status' => '<string>',
                                    'VpcSecurityGroupId' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsRoute53HostedZone' => [
                            'HostedZone' => [
                                'Config' => [
                                    'Comment' => '<string>',
                                ],
                                'Id' => '<string>',
                                'Name' => '<string>',
                            ],
                            'NameServers' => ['<string>', ...],
                            'QueryLoggingConfig' => [
                                'CloudWatchLogsLogGroupArn' => [
                                    'CloudWatchLogsLogGroupArn' => '<string>',
                                    'HostedZoneId' => '<string>',
                                    'Id' => '<string>',
                                ],
                            ],
                            'Vpcs' => [
                                [
                                    'Id' => '<string>',
                                    'Region' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsS3AccessPoint' => [
                            'AccessPointArn' => '<string>',
                            'Alias' => '<string>',
                            'Bucket' => '<string>',
                            'BucketAccountId' => '<string>',
                            'Name' => '<string>',
                            'NetworkOrigin' => '<string>',
                            'PublicAccessBlockConfiguration' => [
                                'BlockPublicAcls' => true || false,
                                'BlockPublicPolicy' => true || false,
                                'IgnorePublicAcls' => true || false,
                                'RestrictPublicBuckets' => true || false,
                            ],
                            'VpcConfiguration' => [
                                'VpcId' => '<string>',
                            ],
                        ],
                        'AwsS3AccountPublicAccessBlock' => [
                            'BlockPublicAcls' => true || false,
                            'BlockPublicPolicy' => true || false,
                            'IgnorePublicAcls' => true || false,
                            'RestrictPublicBuckets' => true || false,
                        ],
                        'AwsS3Bucket' => [
                            'AccessControlList' => '<string>',
                            'BucketLifecycleConfiguration' => [
                                'Rules' => [
                                    [
                                        'AbortIncompleteMultipartUpload' => [
                                            'DaysAfterInitiation' => <integer>,
                                        ],
                                        'ExpirationDate' => '<string>',
                                        'ExpirationInDays' => <integer>,
                                        'ExpiredObjectDeleteMarker' => true || false,
                                        'Filter' => [
                                            'Predicate' => [
                                                'Operands' => [
                                                    [
                                                        'Prefix' => '<string>',
                                                        'Tag' => [
                                                            'Key' => '<string>',
                                                            'Value' => '<string>',
                                                        ],
                                                        'Type' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                                'Prefix' => '<string>',
                                                'Tag' => [
                                                    'Key' => '<string>',
                                                    'Value' => '<string>',
                                                ],
                                                'Type' => '<string>',
                                            ],
                                        ],
                                        'ID' => '<string>',
                                        'NoncurrentVersionExpirationInDays' => <integer>,
                                        'NoncurrentVersionTransitions' => [
                                            [
                                                'Days' => <integer>,
                                                'StorageClass' => '<string>',
                                            ],
                                            // ...
                                        ],
                                        'Prefix' => '<string>',
                                        'Status' => '<string>',
                                        'Transitions' => [
                                            [
                                                'Date' => '<string>',
                                                'Days' => <integer>,
                                                'StorageClass' => '<string>',
                                            ],
                                            // ...
                                        ],
                                    ],
                                    // ...
                                ],
                            ],
                            'BucketLoggingConfiguration' => [
                                'DestinationBucketName' => '<string>',
                                'LogFilePrefix' => '<string>',
                            ],
                            'BucketNotificationConfiguration' => [
                                'Configurations' => [
                                    [
                                        'Destination' => '<string>',
                                        'Events' => ['<string>', ...],
                                        'Filter' => [
                                            'S3KeyFilter' => [
                                                'FilterRules' => [
                                                    [
                                                        'Name' => 'Prefix|Suffix',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Type' => '<string>',
                                    ],
                                    // ...
                                ],
                            ],
                            'BucketVersioningConfiguration' => [
                                'IsMfaDeleteEnabled' => true || false,
                                'Status' => '<string>',
                            ],
                            'BucketWebsiteConfiguration' => [
                                'ErrorDocument' => '<string>',
                                'IndexDocumentSuffix' => '<string>',
                                'RedirectAllRequestsTo' => [
                                    'Hostname' => '<string>',
                                    'Protocol' => '<string>',
                                ],
                                'RoutingRules' => [
                                    [
                                        'Condition' => [
                                            'HttpErrorCodeReturnedEquals' => '<string>',
                                            'KeyPrefixEquals' => '<string>',
                                        ],
                                        'Redirect' => [
                                            'Hostname' => '<string>',
                                            'HttpRedirectCode' => '<string>',
                                            'Protocol' => '<string>',
                                            'ReplaceKeyPrefixWith' => '<string>',
                                            'ReplaceKeyWith' => '<string>',
                                        ],
                                    ],
                                    // ...
                                ],
                            ],
                            'CreatedAt' => '<string>',
                            'Name' => '<string>',
                            'ObjectLockConfiguration' => [
                                'ObjectLockEnabled' => '<string>',
                                'Rule' => [
                                    'DefaultRetention' => [
                                        'Days' => <integer>,
                                        'Mode' => '<string>',
                                        'Years' => <integer>,
                                    ],
                                ],
                            ],
                            'OwnerAccountId' => '<string>',
                            'OwnerId' => '<string>',
                            'OwnerName' => '<string>',
                            'PublicAccessBlockConfiguration' => [
                                'BlockPublicAcls' => true || false,
                                'BlockPublicPolicy' => true || false,
                                'IgnorePublicAcls' => true || false,
                                'RestrictPublicBuckets' => true || false,
                            ],
                            'ServerSideEncryptionConfiguration' => [
                                'Rules' => [
                                    [
                                        'ApplyServerSideEncryptionByDefault' => [
                                            'KMSMasterKeyID' => '<string>',
                                            'SSEAlgorithm' => '<string>',
                                        ],
                                    ],
                                    // ...
                                ],
                            ],
                        ],
                        'AwsS3Object' => [
                            'ContentType' => '<string>',
                            'ETag' => '<string>',
                            'LastModified' => '<string>',
                            'SSEKMSKeyId' => '<string>',
                            'ServerSideEncryption' => '<string>',
                            'VersionId' => '<string>',
                        ],
                        'AwsSageMakerNotebookInstance' => [
                            'AcceleratorTypes' => ['<string>', ...],
                            'AdditionalCodeRepositories' => ['<string>', ...],
                            'DefaultCodeRepository' => '<string>',
                            'DirectInternetAccess' => '<string>',
                            'FailureReason' => '<string>',
                            'InstanceMetadataServiceConfiguration' => [
                                'MinimumInstanceMetadataServiceVersion' => '<string>',
                            ],
                            'InstanceType' => '<string>',
                            'KmsKeyId' => '<string>',
                            'NetworkInterfaceId' => '<string>',
                            'NotebookInstanceArn' => '<string>',
                            'NotebookInstanceLifecycleConfigName' => '<string>',
                            'NotebookInstanceName' => '<string>',
                            'NotebookInstanceStatus' => '<string>',
                            'PlatformIdentifier' => '<string>',
                            'RoleArn' => '<string>',
                            'RootAccess' => '<string>',
                            'SecurityGroups' => ['<string>', ...],
                            'SubnetId' => '<string>',
                            'Url' => '<string>',
                            'VolumeSizeInGB' => <integer>,
                        ],
                        'AwsSecretsManagerSecret' => [
                            'Deleted' => true || false,
                            'Description' => '<string>',
                            'KmsKeyId' => '<string>',
                            'Name' => '<string>',
                            'RotationEnabled' => true || false,
                            'RotationLambdaArn' => '<string>',
                            'RotationOccurredWithinFrequency' => true || false,
                            'RotationRules' => [
                                'AutomaticallyAfterDays' => <integer>,
                            ],
                        ],
                        'AwsSnsTopic' => [
                            'ApplicationSuccessFeedbackRoleArn' => '<string>',
                            'FirehoseFailureFeedbackRoleArn' => '<string>',
                            'FirehoseSuccessFeedbackRoleArn' => '<string>',
                            'HttpFailureFeedbackRoleArn' => '<string>',
                            'HttpSuccessFeedbackRoleArn' => '<string>',
                            'KmsMasterKeyId' => '<string>',
                            'Owner' => '<string>',
                            'SqsFailureFeedbackRoleArn' => '<string>',
                            'SqsSuccessFeedbackRoleArn' => '<string>',
                            'Subscription' => [
                                [
                                    'Endpoint' => '<string>',
                                    'Protocol' => '<string>',
                                ],
                                // ...
                            ],
                            'TopicName' => '<string>',
                        ],
                        'AwsSqsQueue' => [
                            'DeadLetterTargetArn' => '<string>',
                            'KmsDataKeyReusePeriodSeconds' => <integer>,
                            'KmsMasterKeyId' => '<string>',
                            'QueueName' => '<string>',
                        ],
                        'AwsSsmPatchCompliance' => [
                            'Patch' => [
                                'ComplianceSummary' => [
                                    'ComplianceType' => '<string>',
                                    'CompliantCriticalCount' => <integer>,
                                    'CompliantHighCount' => <integer>,
                                    'CompliantInformationalCount' => <integer>,
                                    'CompliantLowCount' => <integer>,
                                    'CompliantMediumCount' => <integer>,
                                    'CompliantUnspecifiedCount' => <integer>,
                                    'ExecutionType' => '<string>',
                                    'NonCompliantCriticalCount' => <integer>,
                                    'NonCompliantHighCount' => <integer>,
                                    'NonCompliantInformationalCount' => <integer>,
                                    'NonCompliantLowCount' => <integer>,
                                    'NonCompliantMediumCount' => <integer>,
                                    'NonCompliantUnspecifiedCount' => <integer>,
                                    'OverallSeverity' => '<string>',
                                    'PatchBaselineId' => '<string>',
                                    'PatchGroup' => '<string>',
                                    'Status' => '<string>',
                                ],
                            ],
                        ],
                        'AwsStepFunctionStateMachine' => [
                            'Label' => '<string>',
                            'LoggingConfiguration' => [
                                'Destinations' => [
                                    [
                                        'CloudWatchLogsLogGroup' => [
                                            'LogGroupArn' => '<string>',
                                        ],
                                    ],
                                    // ...
                                ],
                                'IncludeExecutionData' => true || false,
                                'Level' => '<string>',
                            ],
                            'Name' => '<string>',
                            'RoleArn' => '<string>',
                            'StateMachineArn' => '<string>',
                            'Status' => '<string>',
                            'TracingConfiguration' => [
                                'Enabled' => true || false,
                            ],
                            'Type' => '<string>',
                        ],
                        'AwsWafRateBasedRule' => [
                            'MatchPredicates' => [
                                [
                                    'DataId' => '<string>',
                                    'Negated' => true || false,
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'RateKey' => '<string>',
                            'RateLimit' => <integer>,
                            'RuleId' => '<string>',
                        ],
                        'AwsWafRegionalRateBasedRule' => [
                            'MatchPredicates' => [
                                [
                                    'DataId' => '<string>',
                                    'Negated' => true || false,
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'RateKey' => '<string>',
                            'RateLimit' => <integer>,
                            'RuleId' => '<string>',
                        ],
                        'AwsWafRegionalRule' => [
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'PredicateList' => [
                                [
                                    'DataId' => '<string>',
                                    'Negated' => true || false,
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'RuleId' => '<string>',
                        ],
                        'AwsWafRegionalRuleGroup' => [
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'RuleGroupId' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Type' => '<string>',
                                    ],
                                    'Priority' => <integer>,
                                    'RuleId' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsWafRegionalWebAcl' => [
                            'DefaultAction' => '<string>',
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'RulesList' => [
                                [
                                    'Action' => [
                                        'Type' => '<string>',
                                    ],
                                    'OverrideAction' => [
                                        'Type' => '<string>',
                                    ],
                                    'Priority' => <integer>,
                                    'RuleId' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'WebAclId' => '<string>',
                        ],
                        'AwsWafRule' => [
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'PredicateList' => [
                                [
                                    'DataId' => '<string>',
                                    'Negated' => true || false,
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'RuleId' => '<string>',
                        ],
                        'AwsWafRuleGroup' => [
                            'MetricName' => '<string>',
                            'Name' => '<string>',
                            'RuleGroupId' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Type' => '<string>',
                                    ],
                                    'Priority' => <integer>,
                                    'RuleId' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'AwsWafWebAcl' => [
                            'DefaultAction' => '<string>',
                            'Name' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Type' => '<string>',
                                    ],
                                    'ExcludedRules' => [
                                        [
                                            'RuleId' => '<string>',
                                        ],
                                        // ...
                                    ],
                                    'OverrideAction' => [
                                        'Type' => '<string>',
                                    ],
                                    'Priority' => <integer>,
                                    'RuleId' => '<string>',
                                    'Type' => '<string>',
                                ],
                                // ...
                            ],
                            'WebAclId' => '<string>',
                        ],
                        'AwsWafv2RuleGroup' => [
                            'Arn' => '<string>',
                            'Capacity' => <integer>,
                            'Description' => '<string>',
                            'Id' => '<string>',
                            'Name' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Allow' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Block' => [
                                            'CustomResponse' => [
                                                'CustomResponseBodyKey' => '<string>',
                                                'ResponseCode' => <integer>,
                                                'ResponseHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Captcha' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Count' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                    ],
                                    'Name' => '<string>',
                                    'OverrideAction' => '<string>',
                                    'Priority' => <integer>,
                                    'VisibilityConfig' => [
                                        'CloudWatchMetricsEnabled' => true || false,
                                        'MetricName' => '<string>',
                                        'SampledRequestsEnabled' => true || false,
                                    ],
                                ],
                                // ...
                            ],
                            'Scope' => '<string>',
                            'VisibilityConfig' => [
                                'CloudWatchMetricsEnabled' => true || false,
                                'MetricName' => '<string>',
                                'SampledRequestsEnabled' => true || false,
                            ],
                        ],
                        'AwsWafv2WebAcl' => [
                            'Arn' => '<string>',
                            'Capacity' => <integer>,
                            'CaptchaConfig' => [
                                'ImmunityTimeProperty' => [
                                    'ImmunityTime' => <integer>,
                                ],
                            ],
                            'DefaultAction' => [
                                'Allow' => [
                                    'CustomRequestHandling' => [
                                        'InsertHeaders' => [
                                            [
                                                'Name' => '<string>',
                                                'Value' => '<string>',
                                            ],
                                            // ...
                                        ],
                                    ],
                                ],
                                'Block' => [
                                    'CustomResponse' => [
                                        'CustomResponseBodyKey' => '<string>',
                                        'ResponseCode' => <integer>,
                                        'ResponseHeaders' => [
                                            [
                                                'Name' => '<string>',
                                                'Value' => '<string>',
                                            ],
                                            // ...
                                        ],
                                    ],
                                ],
                            ],
                            'Description' => '<string>',
                            'Id' => '<string>',
                            'ManagedbyFirewallManager' => true || false,
                            'Name' => '<string>',
                            'Rules' => [
                                [
                                    'Action' => [
                                        'Allow' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Block' => [
                                            'CustomResponse' => [
                                                'CustomResponseBodyKey' => '<string>',
                                                'ResponseCode' => <integer>,
                                                'ResponseHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Captcha' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                        'Count' => [
                                            'CustomRequestHandling' => [
                                                'InsertHeaders' => [
                                                    [
                                                        'Name' => '<string>',
                                                        'Value' => '<string>',
                                                    ],
                                                    // ...
                                                ],
                                            ],
                                        ],
                                    ],
                                    'Name' => '<string>',
                                    'OverrideAction' => '<string>',
                                    'Priority' => <integer>,
                                    'VisibilityConfig' => [
                                        'CloudWatchMetricsEnabled' => true || false,
                                        'MetricName' => '<string>',
                                        'SampledRequestsEnabled' => true || false,
                                    ],
                                ],
                                // ...
                            ],
                            'VisibilityConfig' => [
                                'CloudWatchMetricsEnabled' => true || false,
                                'MetricName' => '<string>',
                                'SampledRequestsEnabled' => true || false,
                            ],
                        ],
                        'AwsXrayEncryptionConfig' => [
                            'KeyId' => '<string>',
                            'Status' => '<string>',
                            'Type' => '<string>',
                        ],
                        'Container' => [
                            'ContainerRuntime' => '<string>',
                            'ImageId' => '<string>',
                            'ImageName' => '<string>',
                            'LaunchedAt' => '<string>',
                            'Name' => '<string>',
                            'Privileged' => true || false,
                            'VolumeMounts' => [
                                [
                                    'MountPath' => '<string>',
                                    'Name' => '<string>',
                                ],
                                // ...
                            ],
                        ],
                        'Other' => ['<string>', ...],
                    ],
                    'Id' => '<string>',
                    'Partition' => 'aws|aws-cn|aws-us-gov',
                    'Region' => '<string>',
                    'ResourceRole' => '<string>',
                    'Tags' => ['<string>', ...],
                    'Type' => '<string>',
                ],
                // ...
            ],
            'Sample' => true || false,
            'SchemaVersion' => '<string>',
            'Severity' => [
                'Label' => 'INFORMATIONAL|LOW|MEDIUM|HIGH|CRITICAL',
                'Normalized' => <integer>,
                'Original' => '<string>',
                'Product' => <float>,
            ],
            'SourceUrl' => '<string>',
            'ThreatIntelIndicators' => [
                [
                    'Category' => 'BACKDOOR|CARD_STEALER|COMMAND_AND_CONTROL|DROP_SITE|EXPLOIT_SITE|KEYLOGGER',
                    'LastObservedAt' => '<string>',
                    'Source' => '<string>',
                    'SourceUrl' => '<string>',
                    'Type' => 'DOMAIN|EMAIL_ADDRESS|HASH_MD5|HASH_SHA1|HASH_SHA256|HASH_SHA512|IPV4_ADDRESS|IPV6_ADDRESS|MUTEX|PROCESS|URL',
                    'Value' => '<string>',
                ],
                // ...
            ],
            'Threats' => [
                [
                    'FilePaths' => [
                        [
                            'FileName' => '<string>',
                            'FilePath' => '<string>',
                            'Hash' => '<string>',
                            'ResourceId' => '<string>',
                        ],
                        // ...
                    ],
                    'ItemCount' => <integer>,
                    'Name' => '<string>',
                    'Severity' => '<string>',
                ],
                // ...
            ],
            'Title' => '<string>',
            'Types' => ['<string>', ...],
            'UpdatedAt' => '<string>',
            'UserDefinedFields' => ['<string>', ...],
            'VerificationState' => 'UNKNOWN|TRUE_POSITIVE|FALSE_POSITIVE|BENIGN_POSITIVE',
            'Vulnerabilities' => [
                [
                    'CodeVulnerabilities' => [
                        [
                            'Cwes' => ['<string>', ...],
                            'FilePath' => [
                                'EndLine' => <integer>,
                                'FileName' => '<string>',
                                'FilePath' => '<string>',
                                'StartLine' => <integer>,
                            ],
                            'SourceArn' => '<string>',
                        ],
                        // ...
                    ],
                    'Cvss' => [
                        [
                            'Adjustments' => [
                                [
                                    'Metric' => '<string>',
                                    'Reason' => '<string>',
                                ],
                                // ...
                            ],
                            'BaseScore' => <float>,
                            'BaseVector' => '<string>',
                            'Source' => '<string>',
                            'Version' => '<string>',
                        ],
                        // ...
                    ],
                    'EpssScore' => <float>,
                    'ExploitAvailable' => 'YES|NO',
                    'FixAvailable' => 'YES|NO|PARTIAL',
                    'Id' => '<string>',
                    'LastKnownExploitAt' => '<string>',
                    'ReferenceUrls' => ['<string>', ...],
                    'RelatedVulnerabilities' => ['<string>', ...],
                    'Vendor' => [
                        'Name' => '<string>',
                        'Url' => '<string>',
                        'VendorCreatedAt' => '<string>',
                        'VendorSeverity' => '<string>',
                        'VendorUpdatedAt' => '<string>',
                    ],
                    'VulnerablePackages' => [
                        [
                            'Architecture' => '<string>',
                            'Epoch' => '<string>',
                            'FilePath' => '<string>',
                            'FixedInVersion' => '<string>',
                            'Name' => '<string>',
                            'PackageManager' => '<string>',
                            'Release' => '<string>',
                            'Remediation' => '<string>',
                            'SourceLayerArn' => '<string>',
                            'SourceLayerHash' => '<string>',
                            'Version' => '<string>',
                        ],
                        // ...
                    ],
                ],
                // ...
            ],
            'Workflow' => [
                'Status' => 'NEW|NOTIFIED|RESOLVED|SUPPRESSED',
            ],
            'WorkflowState' => 'NEW|ASSIGNED|IN_PROGRESS|DEFERRED|RESOLVED',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Findings
Required: Yes
Type: Array of AwsSecurityFinding structures

The findings that matched the filters specified in the request.

NextToken
Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To get a list of findings

The following example returns a filtered and sorted list of Security Hub findings.

$result = $client->getFindings([
    'Filters' => [
        'AwsAccountId' => [
            [
                'Comparison' => 'PREFIX',
                'Value' => '123456789012',
            ],
        ],
    ],
    'MaxResults' => 1,
]);

Result syntax:

[
    'Findings' => [
        [
            'AwsAccountId' => '123456789012',
            'CompanyName' => 'AWS',
            'Compliance' => [
                'AssociatedStandards' => [
                    [
                        'StandardsId' => 'standards/aws-foundational-security-best-practices/v/1.0.0',
                    ],
                    [
                        'StandardsId' => 'standards/pci-dss/v/3.2.1',
                    ],
                    [
                        'StandardsId' => 'ruleset/cis-aws-foundations-benchmark/v/1.2.0',
                    ],
                    [
                        'StandardsId' => 'standards/cis-aws-foundations-benchmark/v/1.4.0',
                    ],
                    [
                        'StandardsId' => 'standards/service-managed-aws-control-tower/v/1.0.0',
                    ],
                ],
                'RelatedRequirements' => [
                    'PCI DSS v3.2.1/3.4',
                    'CIS AWS Foundations Benchmark v1.2.0/2.7',
                    'CIS AWS Foundations Benchmark v1.4.0/3.7',
                ],
                'SecurityControlId' => 'CloudTrail.2',
                'Status' => 'FAILED',
            ],
            'CreatedAt' => '2022-10-06T02:18:23.076Z',
            'Description' => 'This AWS control checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The check will pass if the KmsKeyId is defined.',
            'FindingProviderFields' => [
                'Severity' => [
                    'Label' => 'MEDIUM',
                    'Original' => 'MEDIUM',
                ],
                'Types' => [
                    'Software and Configuration Checks/Industry and Regulatory Standards',
                ],
            ],
            'FirstObservedAt' => '2022-10-06T02:18:23.076Z',
            'GeneratorId' => 'security-control/CloudTrail.2',
            'Id' => 'arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'LastObservedAt' => '2022-10-28T16:10:06.956Z',
            'ProductArn' => 'arn:aws:securityhub:us-east-2::product/aws/securityhub',
            'ProductFields' => [
                'RelatedAWSResources:0/name' => 'securityhub-cloud-trail-encryption-enabled-fe95bf3f',
                'RelatedAWSResources:0/type' => 'AWS::Config::ConfigRule',
                'Resources:0/Id' => 'arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT',
                'aws/securityhub/CompanyName' => 'AWS',
                'aws/securityhub/FindingId' => 'arn:aws:securityhub:us-east-2::product/aws/securityhub/arn:aws:securityhub:us-east-2:123456789012:security-control/CloudTrail.2/finding/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
                'aws/securityhub/ProductName' => 'Security Hub',
            ],
            'ProductName' => 'Security Hub',
            'RecordState' => 'ACTIVE',
            'Region' => 'us-east-2',
            'Remediation' => [
                'Recommendation' => [
                    'Text' => 'For directions on how to correct this issue, consult the AWS Security Hub controls documentation.',
                    'Url' => 'https://docs.aws.amazon.com/console/securityhub/CloudTrail.2/remediation',
                ],
            ],
            'Resources' => [
                [
                    'Id' => 'arn:aws:cloudtrail:us-east-2:123456789012:trail/AWSMacieTrail-DO-NOT-EDIT',
                    'Partition' => 'aws',
                    'Region' => 'us-east-2',
                    'Type' => 'AwsCloudTrailTrail',
                ],
            ],
            'SchemaVersion' => '2018-10-08',
            'Severity' => [
                'Label' => 'MEDIUM',
                'Normalized' => 40,
                'Original' => 'MEDIUM',
            ],
            'Title' => 'CloudTrail should have encryption at-rest enabled',
            'Types' => [
                'Software and Configuration Checks/Industry and Regulatory Standards',
            ],
            'UpdatedAt' => '2022-10-28T16:10:00.093Z',
            'Workflow' => [
                'Status' => 'NEW',
            ],
            'WorkflowState' => 'NEW',
        ],
    ],
]

GetInsightResults

$result = $client->getInsightResults([/* ... */]);
$promise = $client->getInsightResultsAsync([/* ... */]);

Lists the results of the Security Hub insight specified by the insight ARN.

Parameter Syntax

$result = $client->getInsightResults([
    'InsightArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
InsightArn
Required: Yes
Type: string

The ARN of the insight for which to return results.

Result Syntax

[
    'InsightResults' => [
        'GroupByAttribute' => '<string>',
        'InsightArn' => '<string>',
        'ResultValues' => [
            [
                'Count' => <integer>,
                'GroupByAttributeValue' => '<string>',
            ],
            // ...
        ],
    ],
]

Result Details

Members
InsightResults
Required: Yes
Type: InsightResults structure

The insight results returned by the operation.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To get the results of a Security Hub insight

The following example returns the results of the Security Hub insight specified by the insight ARN.

$result = $client->getInsightResults([
    'InsightArn' => 'arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
]);

Result syntax:

[
    'InsightResults' => [
        'GroupByAttribute' => 'ResourceId',
        'InsightArn' => 'arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
        'ResultValues' => [
            [
                'Count' => 10,
                'GroupByAttributeValue' => 'AWS::::Account:111122223333',
            ],
            [
                'Count' => 3,
                'GroupByAttributeValue' => 'AWS::::Account:444455556666',
            ],
        ],
    ],
]

GetInsights

$result = $client->getInsights([/* ... */]);
$promise = $client->getInsightsAsync([/* ... */]);

Lists and describes insights for the specified insight ARNs.

Parameter Syntax

$result = $client->getInsights([
    'InsightArns' => ['<string>', ...],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
InsightArns
Type: Array of strings

The ARNs of the insights to describe. If you don't provide any insight ARNs, then GetInsights returns all of your custom insights. It does not return any managed insights.

MaxResults
Type: int

The maximum number of items to return in the response.

NextToken
Type: string

The token that is required for pagination. On your first call to the GetInsights operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'Insights' => [
        [
            'Filters' => [
                'AwsAccountId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'AwsAccountName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'CompanyName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceAssociatedStandardsId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceSecurityControlId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceSecurityControlParametersName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceSecurityControlParametersValue' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ComplianceStatus' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Confidence' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'CreatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'Criticality' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'Description' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'FindingProviderFieldsConfidence' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'FindingProviderFieldsCriticality' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'FindingProviderFieldsRelatedFindingsId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'FindingProviderFieldsRelatedFindingsProductArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'FindingProviderFieldsSeverityLabel' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'FindingProviderFieldsSeverityOriginal' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'FindingProviderFieldsTypes' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'FirstObservedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'GeneratorId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Id' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Keyword' => [
                    [
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'LastObservedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'MalwareName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'MalwarePath' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'MalwareState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'MalwareType' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkDestinationDomain' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkDestinationIpV4' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'NetworkDestinationIpV6' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'NetworkDestinationPort' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'NetworkDirection' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkProtocol' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkSourceDomain' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkSourceIpV4' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'NetworkSourceIpV6' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'NetworkSourceMac' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NetworkSourcePort' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'NoteText' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'NoteUpdatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'NoteUpdatedBy' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProcessLaunchedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ProcessName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProcessParentPid' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'ProcessPath' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProcessPid' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'ProcessTerminatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ProductArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProductFields' => [
                    [
                        'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ProductName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RecommendationText' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RecordState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Region' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RelatedFindingsId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'RelatedFindingsProductArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceApplicationArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceApplicationName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceImageId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceIpV4Addresses' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceIpV6Addresses' => [
                    [
                        'Cidr' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceKeyName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceLaunchedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceSubnetId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceType' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsEc2InstanceVpcId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsIamAccessKeyCreatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsIamAccessKeyPrincipalName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsIamAccessKeyStatus' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsIamAccessKeyUserName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsIamUserUserName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsS3BucketOwnerId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceAwsS3BucketOwnerName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceContainerImageId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceContainerImageName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceContainerLaunchedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ResourceContainerName' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceDetailsOther' => [
                    [
                        'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceId' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourcePartition' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceRegion' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceTags' => [
                    [
                        'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ResourceType' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Sample' => [
                    [
                        'Value' => true || false,
                    ],
                    // ...
                ],
                'SeverityLabel' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'SeverityNormalized' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'SeverityProduct' => [
                    [
                        'Eq' => <float>,
                        'Gt' => <float>,
                        'Gte' => <float>,
                        'Lt' => <float>,
                        'Lte' => <float>,
                    ],
                    // ...
                ],
                'SourceUrl' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorCategory' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorLastObservedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorSource' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorSourceUrl' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorType' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'ThreatIntelIndicatorValue' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Title' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'Type' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'UpdatedAt' => [
                    [
                        'DateRange' => [
                            'Unit' => 'DAYS',
                            'Value' => <integer>,
                        ],
                        'End' => '<string>',
                        'Start' => '<string>',
                    ],
                    // ...
                ],
                'UserDefinedFields' => [
                    [
                        'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Key' => '<string>',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'VerificationState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'VulnerabilitiesExploitAvailable' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'VulnerabilitiesFixAvailable' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'WorkflowState' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
                'WorkflowStatus' => [
                    [
                        'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                        'Value' => '<string>',
                    ],
                    // ...
                ],
            ],
            'GroupByAttribute' => '<string>',
            'InsightArn' => '<string>',
            'Name' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Insights
Required: Yes
Type: Array of Insight structures

The insights returned by the operation.

NextToken
Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To get details of a Security Hub insight

The following example returns details of the Security Hub insight with the specified ARN.

$result = $client->getInsights([
    'InsightArns' => [
        'arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    ],
]);

Result syntax:

[
    'Insights' => [
        [
            'Filters' => [
                'ResourceType' => [
                    [
                        'Comparison' => 'EQUALS',
                        'Value' => 'AwsIamRole',
                    ],
                ],
                'SeverityLabel' => [
                    [
                        'Comparison' => 'EQUALS',
                        'Value' => 'CRITICAL',
                    ],
                ],
            ],
            'GroupByAttribute' => 'ResourceId',
            'InsightArn' => 'arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'Name' => 'Critical role findings',
        ],
    ],
]

GetInvitationsCount

$result = $client->getInvitationsCount([/* ... */]);
$promise = $client->getInvitationsCountAsync([/* ... */]);

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Returns the count of all Security Hub membership invitations that were sent to the calling member account, not including the currently accepted invitation.

Parameter Syntax

$result = $client->getInvitationsCount([
]);

Parameter Details

Members

Result Syntax

[
    'InvitationsCount' => <integer>,
]

Result Details

Members
InvitationsCount
Type: int

The number of all membership invitations sent to this Security Hub member account, not including the currently accepted invitation.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To get a count of membership invitations

The following example returns a count of invitations that the Security Hub administrator sent to the current member account, not including the currently accepted invitation.

$result = $client->getInvitationsCount([
]);

Result syntax:

[
    'InvitationsCount' => 3,
]

GetMasterAccount

$result = $client->getMasterAccount([/* ... */]);
$promise = $client->getMasterAccountAsync([/* ... */]);

This method is deprecated. Instead, use GetAdministratorAccount.

The Security Hub console continues to use GetMasterAccount. It will eventually change to use GetAdministratorAccount. Any IAM policies that specifically control access to this function must continue to use GetMasterAccount. You should also add GetAdministratorAccount to your policies to ensure that the correct permissions are in place after the console begins to use GetAdministratorAccount.

Provides the details for the Security Hub administrator account for the current member account.

Can be used by both member accounts that are managed using Organizations and accounts that were invited manually.

Parameter Syntax

$result = $client->getMasterAccount([
]);

Parameter Details

Members

Result Syntax

[
    'Master' => [
        'AccountId' => '<string>',
        'InvitationId' => '<string>',
        'InvitedAt' => <DateTime>,
        'MemberStatus' => '<string>',
    ],
]

Result Details

Members
Master
Type: Invitation structure

A list of details about the Security Hub administrator account for the current member account.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

GetMembers

$result = $client->getMembers([/* ... */]);
$promise = $client->getMembersAsync([/* ... */]);

Returns the details for the Security Hub member accounts for the specified account IDs.

An administrator account can be either the delegated Security Hub administrator account for an organization or an administrator account that enabled Security Hub manually.

The results include both member accounts that are managed using Organizations and accounts that were invited manually.

Parameter Syntax

$result = $client->getMembers([
    'AccountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AccountIds
Required: Yes
Type: Array of strings

The list of account IDs for the Security Hub member accounts to return the details for.

Result Syntax

[
    'Members' => [
        [
            'AccountId' => '<string>',
            'AdministratorId' => '<string>',
            'Email' => '<string>',
            'InvitedAt' => <DateTime>,
            'MasterId' => '<string>',
            'MemberStatus' => '<string>',
            'UpdatedAt' => <DateTime>,
        ],
        // ...
    ],
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
Members
Type: Array of Member structures

The list of details about the Security Hub member accounts.

UnprocessedAccounts
Type: Array of Result structures

The list of Amazon Web Services accounts that could not be processed. For each account, the list includes the account ID and the email address.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To get member account details

The following example returns details for the Security Hub member accounts with the specified AWS account IDs. An administrator account may be the delegated Security Hub administrator account for an organization or an administrator account that enabled Security Hub manually. The Security Hub administrator must call this operation.

$result = $client->getMembers([
    'AccountIds' => [
        '444455556666',
        '777788889999',
    ],
]);

Result syntax:

[
    'Members' => [
        [
            'AccountId' => '444455556666',
            'AdministratorId' => '123456789012',
            'InvitedAt' => ,
            'MasterId' => '123456789012',
            'MemberStatus' => 'ASSOCIATED',
            'UpdatedAt' => ,
        ],
        [
            'AccountId' => '777788889999',
            'AdministratorId' => '123456789012',
            'InvitedAt' => ,
            'MasterId' => '123456789012',
            'MemberStatus' => 'ASSOCIATED',
            'UpdatedAt' => ,
        ],
    ],
    'UnprocessedAccounts' => [
    ],
]

GetSecurityControlDefinition

$result = $client->getSecurityControlDefinition([/* ... */]);
$promise = $client->getSecurityControlDefinitionAsync([/* ... */]);

Retrieves the definition of a security control. The definition includes the control title, description, Region availability, parameter definitions, and other details.

Parameter Syntax

$result = $client->getSecurityControlDefinition([
    'SecurityControlId' => '<string>', // REQUIRED
]);

Parameter Details

Members
SecurityControlId
Required: Yes
Type: string

The ID of the security control to retrieve the definition for. This field doesn’t accept an Amazon Resource Name (ARN).

Result Syntax

[
    'SecurityControlDefinition' => [
        'CurrentRegionAvailability' => 'AVAILABLE|UNAVAILABLE',
        'CustomizableProperties' => ['<string>', ...],
        'Description' => '<string>',
        'ParameterDefinitions' => [
            '<NonEmptyString>' => [
                'ConfigurationOptions' => [
                    'Boolean' => [
                        'DefaultValue' => true || false,
                    ],
                    'Double' => [
                        'DefaultValue' => <float>,
                        'Max' => <float>,
                        'Min' => <float>,
                    ],
                    'Enum' => [
                        'AllowedValues' => ['<string>', ...],
                        'DefaultValue' => '<string>',
                    ],
                    'EnumList' => [
                        'AllowedValues' => ['<string>', ...],
                        'DefaultValue' => ['<string>', ...],
                        'MaxItems' => <integer>,
                    ],
                    'Integer' => [
                        'DefaultValue' => <integer>,
                        'Max' => <integer>,
                        'Min' => <integer>,
                    ],
                    'IntegerList' => [
                        'DefaultValue' => [<integer>, ...],
                        'Max' => <integer>,
                        'MaxItems' => <integer>,
                        'Min' => <integer>,
                    ],
                    'String' => [
                        'DefaultValue' => '<string>',
                        'ExpressionDescription' => '<string>',
                        'Re2Expression' => '<string>',
                    ],
                    'StringList' => [
                        'DefaultValue' => ['<string>', ...],
                        'ExpressionDescription' => '<string>',
                        'MaxItems' => <integer>,
                        'Re2Expression' => '<string>',
                    ],
                ],
                'Description' => '<string>',
            ],
            // ...
        ],
        'RemediationUrl' => '<string>',
        'SecurityControlId' => '<string>',
        'SeverityRating' => 'LOW|MEDIUM|HIGH|CRITICAL',
        'Title' => '<string>',
    ],
]

Result Details

Members
SecurityControlDefinition
Required: Yes
Type: SecurityControlDefinition structure

Provides metadata for a security control, including its unique standard-agnostic identifier, title, description, severity, availability in Amazon Web Services Regions, and a link to remediation steps.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To get the definition of a security control.

The following example retrieves definition details for the specified security control.

$result = $client->getSecurityControlDefinition([
    'SecurityControlId' => 'EC2.4',
]);

Result syntax:

[
    'SecurityControlDefinition' => [
        'CurrentRegionAvailability' => 'AVAILABLE',
        'Description' => 'This control checks whether an Amazon EC2 instance has been stopped for longer than the allowed number of days. The control fails if an EC2 instance is stopped for longer than the maximum allowed time period. Unless you provide a custom parameter value for the maximum allowed time period, Security Hub uses a default value of 30 days.',
        'ParameterDefinitions' => [
            'AllowedDays' => [
                'ConfigurationOptions' => [
                    'Integer' => [
                        'DefaultValue' => 30,
                        'Max' => 365,
                        'Min' => 1,
                    ],
                ],
                'Description' => 'Number of days the EC2 instance is allowed to be in a stopped state before generating a failed finding',
            ],
        ],
        'RemediationUrl' => 'https://docs.aws.amazon.com/console/securityhub/EC2.4/remediation',
        'SecurityControlId' => 'EC2.4',
        'SeverityRating' => 'MEDIUM',
        'Title' => 'Stopped Amazon EC2 instances should be removed after a specified time period',
    ],
]

InviteMembers

$result = $client->inviteMembers([/* ... */]);
$promise = $client->inviteMembersAsync([/* ... */]);

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that the invitation is sent from.

This operation is only used to invite accounts that don't belong to an Amazon Web Services organization. Organization accounts don't receive invitations.

Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub.

When the account owner enables Security Hub and accepts the invitation to become a member account, the administrator account can view the findings generated in the member account.

Parameter Syntax

$result = $client->inviteMembers([
    'AccountIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AccountIds
Required: Yes
Type: Array of strings

The list of account IDs of the Amazon Web Services accounts to invite to Security Hub as members.

Result Syntax

[
    'UnprocessedAccounts' => [
        [
            'AccountId' => '<string>',
            'ProcessingResult' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
UnprocessedAccounts
Type: Array of Result structures

The list of Amazon Web Services accounts that could not be processed. For each account, the list includes the account ID and the email address.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To invite accounts to become members

The following example invites the specified AWS accounts to become member accounts associated with the calling Security Hub administrator account. You only use this operation to invite accounts that don't belong to an AWS Organizations organization.

$result = $client->inviteMembers([
    'AccountIds' => [
        '111122223333',
        '444455556666',
    ],
]);

Result syntax:

[
    'UnprocessedAccounts' => [
    ],
]

ListAutomationRules

$result = $client->listAutomationRules([/* ... */]);
$promise = $client->listAutomationRulesAsync([/* ... */]);

A list of automation rules and their metadata for the calling account.

Parameter Syntax

$result = $client->listAutomationRules([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of rules to return in the response. This currently ranges from 1 to 100.

NextToken
Type: string

A token to specify where to start paginating the response. This is the NextToken from a previously truncated response. On your first call to the ListAutomationRules API, set the value of this parameter to NULL.

Result Syntax

[
    'AutomationRulesMetadata' => [
        [
            'CreatedAt' => <DateTime>,
            'CreatedBy' => '<string>',
            'Description' => '<string>',
            'IsTerminal' => true || false,
            'RuleArn' => '<string>',
            'RuleName' => '<string>',
            'RuleOrder' => <integer>,
            'RuleStatus' => 'ENABLED|DISABLED',
            'UpdatedAt' => <DateTime>,
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AutomationRulesMetadata
Type: Array of AutomationRulesMetadata structures

Metadata for rules in the calling account. The response includes rules with a RuleStatus of ENABLED and DISABLED.

NextToken
Type: string

A pagination token for the response.

Errors

AccessDeniedException:

You don't have permission to perform the action specified in the request.

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To list automation rules

The following example lists automation rules and rule metadata in the calling account.

$result = $client->listAutomationRules([
    'MaxResults' => 2,
    'NextToken' => 'example-token',
]);

Result syntax:

[
    'AutomationRulesMetadata' => [
        [
            'CreatedAt' => ,
            'CreatedBy' => 'AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14',
            'Description' => 'IAM.8 is a known issue and can be resolved',
            'RuleArn' => 'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'RuleName' => 'sample-rule-name-1',
            'RuleOrder' => 1,
            'RuleStatus' => 'ENABLED',
            'UpdatedAt' => ,
        ],
        [
            'CreatedAt' => ,
            'CreatedBy' => 'AROAJURBUYQQNL5OL2TIM:TEST-16MJ75L9VBK14',
            'Description' => 'Lambda.2 is a known issue and can be resolved',
            'RuleArn' => 'arn:aws:securityhub:us-east-1:123456789012:automation-rule/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222',
            'RuleName' => 'sample-rule-name-2',
            'RuleOrder' => 2,
            'RuleStatus' => 'ENABLED',
            'UpdatedAt' => ,
        ],
    ],
    'NextToken' => 'example-token',
]

ListConfigurationPolicies

$result = $client->listConfigurationPolicies([/* ... */]);
$promise = $client->listConfigurationPoliciesAsync([/* ... */]);

Lists the configuration policies that the Security Hub delegated administrator has created for your organization. Only the delegated administrator can invoke this operation from the home Region.

Parameter Syntax

$result = $client->listConfigurationPolicies([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of results that's returned by ListConfigurationPolicies in each page of the response. When this parameter is used, ListConfigurationPolicies returns the specified number of results in a single page and a NextToken response element. You can see the remaining results of the initial request by sending another ListConfigurationPolicies request with the returned NextToken value. A valid range for MaxResults is between 1 and 100.

NextToken
Type: string

The NextToken value that's returned from a previous paginated ListConfigurationPolicies request where MaxResults was used but the results exceeded the value of that parameter. Pagination continues from the MaxResults was used but the results exceeded the value of that parameter. Pagination continues from the end of the previous response that returned the NextToken value. This value is null when there are no more results to return.

Result Syntax

[
    'ConfigurationPolicySummaries' => [
        [
            'Arn' => '<string>',
            'Description' => '<string>',
            'Id' => '<string>',
            'Name' => '<string>',
            'ServiceEnabled' => true || false,
            'UpdatedAt' => <DateTime>,
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
ConfigurationPolicySummaries
Type: Array of ConfigurationPolicySummary structures

Provides metadata for each of your configuration policies.

NextToken
Type: string

The NextToken value to include in the next ListConfigurationPolicies request. When the results of a ListConfigurationPolicies request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

Errors

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To view a list of configuration policies

This operation provides a list of your configuration policies, including metadata for each policy.

$result = $client->listConfigurationPolicies([
    'MaxResults' => 1,
    'NextToken' => 'U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf',
]);

Result syntax:

[
    'ConfigurationPolicySummaries' => [
        [
            'Arn' => 'arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'Description' => 'Configuration policy for testing FSBP and CIS',
            'Id' => 'a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'Name' => 'TestConfigurationPolicy',
            'ServiceEnabled' => 1,
            'UpdatedAt' => ,
        ],
    ],
    'NextToken' => 'U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef',
]

ListConfigurationPolicyAssociations

$result = $client->listConfigurationPolicyAssociations([/* ... */]);
$promise = $client->listConfigurationPolicyAssociationsAsync([/* ... */]);

Provides information about the associations for your configuration policies and self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Parameter Syntax

$result = $client->listConfigurationPolicyAssociations([
    'Filters' => [
        'AssociationStatus' => 'PENDING|SUCCESS|FAILED',
        'AssociationType' => 'INHERITED|APPLIED',
        'ConfigurationPolicyId' => '<string>',
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: AssociationFilters structure

Options for filtering the ListConfigurationPolicyAssociations response. You can filter by the Amazon Resource Name (ARN) or universally unique identifier (UUID) of a configuration, AssociationType, or AssociationStatus.

MaxResults
Type: int

The maximum number of results that's returned by ListConfigurationPolicies in each page of the response. When this parameter is used, ListConfigurationPolicyAssociations returns the specified number of results in a single page and a NextToken response element. You can see the remaining results of the initial request by sending another ListConfigurationPolicyAssociations request with the returned NextToken value. A valid range for MaxResults is between 1 and 100.

NextToken
Type: string

The NextToken value that's returned from a previous paginated ListConfigurationPolicyAssociations request where MaxResults was used but the results exceeded the value of that parameter. Pagination continues from the end of the previous response that returned the NextToken value. This value is null when there are no more results to return.

Result Syntax

[
    'ConfigurationPolicyAssociationSummaries' => [
        [
            'AssociationStatus' => 'PENDING|SUCCESS|FAILED',
            'AssociationStatusMessage' => '<string>',
            'AssociationType' => 'INHERITED|APPLIED',
            'ConfigurationPolicyId' => '<string>',
            'TargetId' => '<string>',
            'TargetType' => 'ACCOUNT|ORGANIZATIONAL_UNIT|ROOT',
            'UpdatedAt' => <DateTime>,
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
ConfigurationPolicyAssociationSummaries
Type: Array of ConfigurationPolicyAssociationSummary structures

An object that contains the details of each configuration policy association that’s returned in a ListConfigurationPolicyAssociations request.

NextToken
Type: string

The NextToken value to include in the next ListConfigurationPolicyAssociations request. When the results of a ListConfigurationPolicyAssociations request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

Errors

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To list configuration associations

This operation lists all of the associations between targets and configuration policies or self-managed behavior. Targets can include accounts, organizational units, or the root.

$result = $client->listConfigurationPolicyAssociations([
    'Filters' => [
        'AssociationType' => 'APPLIED',
    ],
    'MaxResults' => 1,
    'NextToken' => 'U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOhvw3o2JqjI86QDxdf',
]);

Result syntax:

[
    'ConfigurationPolicyAssociationSummaries' => [
        [
            'AssociationStatus' => 'PENDING',
            'AssociationType' => 'APPLIED',
            'ConfigurationPolicyId' => 'a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
            'TargetId' => '123456789012',
            'TargetType' => 'ACCOUNT',
            'UpdatedAt' => ,
        ],
    ],
    'NextToken' => 'U1FsdGVkX19nBV2zoh+Gou9NgnulLJHWpn9xnG4hqSOfvw3o2JqjI86QDxef',
]

ListEnabledProductsForImport

$result = $client->listEnabledProductsForImport([/* ... */]);
$promise = $client->listEnabledProductsForImportAsync([/* ... */]);

Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub.

Parameter Syntax

$result = $client->listEnabledProductsForImport([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return in the response.

NextToken
Type: string

The token that is required for pagination. On your first call to the ListEnabledProductsForImport operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'NextToken' => '<string>',
    'ProductSubscriptions' => ['<string>', ...],
]

Result Details

Members
NextToken
Type: string

The pagination token to use to request the next page of results.

ProductSubscriptions
Type: Array of strings

The list of ARNs for the resources that represent your subscriptions to products.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

Examples

Example 1: To list ARNs for enabled integrations

The following example returns a list of subscription Amazon Resource Names (ARNs) for the product integrations that you have currently enabled in Security Hub.

$result = $client->listEnabledProductsForImport([
]);

Result syntax:

[
    'ProductSubscriptions' => [
        'arn:aws:securityhub:us-east-1:517716713836:product-subscription/crowdstrike/crowdstrike-falcon',
        'arn:aws:securityhub:us-east-1::product/3coresec/3coresec',
    ],
]

ListFindingAggregators

$result = $client->listFindingAggregators([/* ... */]);
$promise = $client->listFindingAggregatorsAsync([/* ... */]);

If cross-Region aggregation is enabled, then ListFindingAggregators returns the Amazon Resource Name (ARN) of the finding aggregator. You can run this operation from any Amazon Web Services Region.

Parameter Syntax

$result = $client->listFindingAggregators([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of results to return. This operation currently only returns a single result.

NextToken
Type: string

The token returned with the previous set of results. Identifies the next set of results to return.

Result Syntax

[
    'FindingAggregators' => [
        [
            'FindingAggregatorArn' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
FindingAggregators
Type: Array of FindingAggregator structures

The list of finding aggregators. This operation currently only returns a single result.

NextToken
Type: string

If there are more results, this is the token to provide in the next call to ListFindingAggregators.

This operation currently only returns a single result.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

Examples

Example 1: To update the enablement status of a standard control

The following example disables the specified control in the specified security standard.

$result = $client->listFindingAggregators([
]);

Result syntax:

[
    'FindingAggregators' => [
        [
            'FindingAggregatorArn' => 'arn:aws:securityhub:us-east-1:222222222222:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
        ],
    ],
]

ListInvitations

$result = $client->listInvitations([/* ... */]);
$promise = $client->listInvitationsAsync([/* ... */]);

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Lists all Security Hub membership invitations that were sent to the calling account.

Only accounts that are managed by invitation can use this operation. Accounts that are managed using the integration with Organizations don't receive invitations.

Parameter Syntax

$result = $client->listInvitations([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return in the response.

NextToken
Type: string

The token that is required for pagination. On your first call to the ListInvitations operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'Invitations' => [
        [
            'AccountId' => '<string>',
            'InvitationId' => '<string>',
            'InvitedAt' => <DateTime>,
            'MemberStatus' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Invitations
Type: Array of Invitation structures

The details of the invitations returned by the operation.

NextToken
Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To list membership invitations to calling account

The following example returns a list of Security Hub member invitations sent to the calling AWS account. Only accounts that are invited manually use this operation. It's not for use by accounts that are managed through AWS Organizations.

$result = $client->listInvitations([
]);

Result syntax:

[
    'Invitations' => [
        [
            'AccountId' => '123456789012',
            'InvitationId' => '7ab938c5d52d7904ad09f9e7c20cc4eb',
            'InvitedAt' => ,
            'MemberStatus' => 'ASSOCIATED',
        ],
    ],
]

ListMembers

$result = $client->listMembers([/* ... */]);
$promise = $client->listMembersAsync([/* ... */]);

Lists details about all member accounts for the current Security Hub administrator account.

The results include both member accounts that belong to an organization and member accounts that were invited manually.

Parameter Syntax

$result = $client->listMembers([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OnlyAssociated' => true || false,
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return in the response.

NextToken
Type: string

The token that is required for pagination. On your first call to the ListMembers operation, set the value of this parameter to NULL.

For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

OnlyAssociated
Type: boolean

Specifies which member accounts to include in the response based on their relationship status with the administrator account. The default value is TRUE.

If OnlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the administrator account is set to ENABLED.

If OnlyAssociated is set to FALSE, the response includes all existing member accounts.

Result Syntax

[
    'Members' => [
        [
            'AccountId' => '<string>',
            'AdministratorId' => '<string>',
            'Email' => '<string>',
            'InvitedAt' => <DateTime>,
            'MasterId' => '<string>',
            'MemberStatus' => '<string>',
            'UpdatedAt' => <DateTime>,
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Members
Type: Array of Member structures

Member details returned by the operation.

NextToken
Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To list member account details

The following example returns details about member accounts for the calling Security Hub administrator account. The response includes member accounts that are managed through AWS Organizations and those that were invited manually.

$result = $client->listMembers([
]);

Result syntax:

[
    'Members' => [
        [
            'AccountId' => '111122223333',
            'AdministratorId' => '123456789012',
            'InvitedAt' => ,
            'MasterId' => '123456789012',
            'MemberStatus' => 'ASSOCIATED',
            'UpdatedAt' => ,
        ],
        [
            'AccountId' => '444455556666',
            'AdministratorId' => '123456789012',
            'InvitedAt' => ,
            'MasterId' => '123456789012',
            'MemberStatus' => 'ASSOCIATED',
            'UpdatedAt' => ,
        ],
    ],
]

ListOrganizationAdminAccounts

$result = $client->listOrganizationAdminAccounts([/* ... */]);
$promise = $client->listOrganizationAdminAccountsAsync([/* ... */]);

Lists the Security Hub administrator accounts. Can only be called by the organization management account.

Parameter Syntax

$result = $client->listOrganizationAdminAccounts([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return in the response.

NextToken
Type: string

The token that is required for pagination. On your first call to the ListOrganizationAdminAccounts operation, set the value of this parameter to NULL. For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

Result Syntax

[
    'AdminAccounts' => [
        [
            'AccountId' => '<string>',
            'Status' => 'ENABLED|DISABLE_IN_PROGRESS',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AdminAccounts
Type: Array of AdminAccount structures

The list of Security Hub administrator accounts.

NextToken
Type: string

The pagination token to use to request the next page of results.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To list administrator acccounts for an organization

The following example lists the Security Hub administrator accounts for an organization. Only the organization management account can call this operation.

$result = $client->listOrganizationAdminAccounts([
]);

Result syntax:

[
    'AdminAccounts' => [
        [
            'AccountId' => '777788889999',
        ],
        [
            'Status' => 'ENABLED',
        ],
    ],
]

ListSecurityControlDefinitions

$result = $client->listSecurityControlDefinitions([/* ... */]);
$promise = $client->listSecurityControlDefinitionsAsync([/* ... */]);

Lists all of the security controls that apply to a specified standard.

Parameter Syntax

$result = $client->listSecurityControlDefinitions([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'StandardsArn' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

An optional parameter that limits the total results of the API response to the specified number. If this parameter isn't provided in the request, the results include the first 25 security controls that apply to the specified standard. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 controls. This repeats until all controls for the standard are returned.

NextToken
Type: string

Optional pagination parameter.

StandardsArn
Type: string

The Amazon Resource Name (ARN) of the standard that you want to view controls for.

Result Syntax

[
    'NextToken' => '<string>',
    'SecurityControlDefinitions' => [
        [
            'CurrentRegionAvailability' => 'AVAILABLE|UNAVAILABLE',
            'CustomizableProperties' => ['<string>', ...],
            'Description' => '<string>',
            'ParameterDefinitions' => [
                '<NonEmptyString>' => [
                    'ConfigurationOptions' => [
                        'Boolean' => [
                            'DefaultValue' => true || false,
                        ],
                        'Double' => [
                            'DefaultValue' => <float>,
                            'Max' => <float>,
                            'Min' => <float>,
                        ],
                        'Enum' => [
                            'AllowedValues' => ['<string>', ...],
                            'DefaultValue' => '<string>',
                        ],
                        'EnumList' => [
                            'AllowedValues' => ['<string>', ...],
                            'DefaultValue' => ['<string>', ...],
                            'MaxItems' => <integer>,
                        ],
                        'Integer' => [
                            'DefaultValue' => <integer>,
                            'Max' => <integer>,
                            'Min' => <integer>,
                        ],
                        'IntegerList' => [
                            'DefaultValue' => [<integer>, ...],
                            'Max' => <integer>,
                            'MaxItems' => <integer>,
                            'Min' => <integer>,
                        ],
                        'String' => [
                            'DefaultValue' => '<string>',
                            'ExpressionDescription' => '<string>',
                            'Re2Expression' => '<string>',
                        ],
                        'StringList' => [
                            'DefaultValue' => ['<string>', ...],
                            'ExpressionDescription' => '<string>',
                            'MaxItems' => <integer>,
                            'Re2Expression' => '<string>',
                        ],
                    ],
                    'Description' => '<string>',
                ],
                // ...
            ],
            'RemediationUrl' => '<string>',
            'SecurityControlId' => '<string>',
            'SeverityRating' => 'LOW|MEDIUM|HIGH|CRITICAL',
            'Title' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A pagination parameter that's included in the response only if it was included in the request.

SecurityControlDefinitions
Required: Yes
Type: Array of SecurityControlDefinition structures

An array of controls that apply to the specified standard.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Examples

Example 1: To list security controls that apply to a standard

The following example lists security controls that apply to a specified Security Hub standard.

$result = $client->listSecurityControlDefinitions([
    'MaxResults' => 3,
    'NextToken' => 'NULL',
    'StandardsArn' => 'arn:aws:securityhub:::standards/aws-foundational-security-best-practices/v/1.0.0',
]);

Result syntax:

[
    'NextToken' => 'U2FsdGVkX1...',
    'SecurityControlDefinitions' => [
        [
            'CurrentRegionAvailability' => 'AVAILABLE',
            'CustomizableProperties' => [
                'Parameters',
            ],
            'Description' => 'This AWS control checks whether ACM Certificates in your account are marked for expiration within a specified time period. Certificates provided by ACM are automatically renewed. ACM does not automatically renew certificates that you import.',
            'RemediationUrl' => 'https://docs.aws.amazon.com/console/securityhub/ACM.1/remediation',
            'SecurityControlId' => 'ACM.1',
            'SeverityRating' => 'MEDIUM',
            'Title' => 'Imported and ACM-issued certificates should be renewed after a specified time period',
        ],
        [
            'CurrentRegionAvailability' => 'AVAILABLE',
            'CustomizableProperties' => [
                'Parameters',
            ],
            'Description' => 'This control checks whether all stages of Amazon API Gateway REST and WebSocket APIs have logging enabled. The control fails if logging is not enabled for all methods of a stage or if loggingLevel is neither ERROR nor INFO.',
            'RemediationUrl' => 'https://docs.aws.amazon.com/console/securityhub/APIGateway.1/remediation',
            'SecurityControlId' => 'APIGateway.1',
            'SeverityRating' => 'MEDIUM',
            'Title' => 'API Gateway REST and WebSocket API execution logging should be enabled',
        ],
        [
            'CurrentRegionAvailability' => 'AVAILABLE',
            'Description' => 'This control checks whether Amazon API Gateway REST API stages have SSL certificates configured that backend systems can use to authenticate that incoming requests are from the API Gateway.',
            'RemediationUrl' => 'https://docs.aws.amazon.com/console/securityhub/APIGateway.2/remediation',
            'SecurityControlId' => 'APIGateway.2',
            'SeverityRating' => 'MEDIUM',
            'Title' => 'API Gateway REST API stages should be configured to use SSL certificates for backend authentication',
        ],
    ],
]

ListStandardsControlAssociations

$result = $client->listStandardsControlAssociations([/* ... */]);
$promise = $client->listStandardsControlAssociationsAsync([/* ... */]);

Specifies whether a control is currently enabled or disabled in each enabled standard in the calling account.

Parameter Syntax

$result = $client->listStandardsControlAssociations([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'SecurityControlId' => '<string>', // REQUIRED
]);

Parameter Details

Members
MaxResults
Type: int

An optional parameter that limits the total results of the API response to the specified number. If this parameter isn't provided in the request, the results include the first 25 standard and control associations. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 associations. This repeats until all associations for the specified control are returned. The number of results is limited by the number of supported Security Hub standards that you've enabled in the calling account.

NextToken
Type: string

Optional pagination parameter.

SecurityControlId
Required: Yes
Type: string

The identifier of the control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) that you want to determine the enablement status of in each enabled standard.

Result Syntax

[
    'NextToken' => '<string>',
    'StandardsControlAssociationSummaries' => [
        [
            'AssociationStatus' => 'ENABLED|DISABLED',
            'RelatedRequirements' => ['<string>', ...],
            'SecurityControlArn' => '<string>',
            'SecurityControlId' => '<string>',
            'StandardsArn' => '<string>',
            'StandardsControlDescription' => '<string>',
            'StandardsControlTitle' => '<string>',
            'UpdatedAt' => <DateTime>,
            'UpdatedReason' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

A pagination parameter that's included in the response only if it was included in the request.

StandardsControlAssociationSummaries
Required: Yes
Type: Array of StandardsControlAssociationSummary structures

An array that provides the enablement status and other details for each security control that applies to each enabled standard.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

Examples

Example 1: To say whether standard

The following example specifies whether a control is currently enabled or disabled in each enabled standard in the calling account. The response also provides other details about the control.

$result = $client->listStandardsControlAssociations([
    'SecurityControlId' => 'S3.1',
]);

Result syntax:

[
    'StandardsControlAssociationSummaries' => [
        [
            'AssociationStatus' => 'ENABLED',
            'RelatedRequirements' => [
                'PCI DSS 1.2.1',
                'PCI DSS 1.3.1',
                'PCI DSS 1.3.2',
                'PCI DSS 1.3.4',
                'PCI DSS 1.3.6',
            ],
            'SecurityControlArn' => 'arn:aws:securityhub:us-west-2:110479873537:security-control/S3.1',
            'SecurityControlId' => 'S3.1',
            'StandardsArn' => 'arn:aws:securityhub:us-west-2::standards/pci-dss/v/3.2.1',
            'StandardsControlDescription' => 'This AWS control checks whether the following public access block settings are configured from account level: ignorePublicAcls: True, blockPublicPolicy: True, blockPublicAcls: True, restrictPublicBuckets: True.',
            'StandardsControlTitle' => 'S3 Block Public Access setting should be enabled',
            'UpdatedAt' => ,
        ],
        [
            'AssociationStatus' => 'DISABLED',
            'RelatedRequirements' => [
            ],
            'SecurityControlArn' => 'arn:aws:securityhub:us-west-2:110479873537:security-control/S3.1',
            'SecurityControlId' => 'S3.1',
            'StandardsArn' => 'arn:aws:securityhub:us-west-2::standards/aws-foundational-security-best-practices/v/1.0.0',
            'StandardsControlDescription' => 'This AWS control checks whether the following public access block settings are configured from account level: ignorePublicAcls: True, blockPublicPolicy: True, blockPublicAcls: True, restrictPublicBuckets: True.',
            'StandardsControlTitle' => 'S3 Block Public Access setting should be enabled',
            'UpdatedAt' => ,
            'UpdatedReason' => 'Not relevant to environment',
        ],
    ],
]

ListTagsForResource

$result = $client->listTagsForResource([/* ... */]);
$promise = $client->listTagsForResourceAsync([/* ... */]);

Returns a list of tags associated with a resource.

Parameter Syntax

$result = $client->listTagsForResource([
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
ResourceArn
Required: Yes
Type: string

The ARN of the resource to retrieve tags for.

Result Syntax

[
    'Tags' => ['<string>', ...],
]

Result Details

Members
Tags
Type: Associative array of custom strings keys (TagKey) to strings

The tags associated with a resource.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To get a list of tags for a resource

The following example returns a list of tags associated with the specified resource.

$result = $client->listTagsForResource([
    'ResourceArn' => 'arn:aws:securityhub:us-west-1:123456789012:hub/default',
]);

Result syntax:

[
    'Tags' => [
        'Area' => 'USMidwest',
        'Department' => 'Operations',
    ],
]

StartConfigurationPolicyAssociation

$result = $client->startConfigurationPolicyAssociation([/* ... */]);
$promise = $client->startConfigurationPolicyAssociationAsync([/* ... */]);

Associates a target account, organizational unit, or the root with a specified configuration. The target can be associated with a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Parameter Syntax

$result = $client->startConfigurationPolicyAssociation([
    'ConfigurationPolicyIdentifier' => '<string>', // REQUIRED
    'Target' => [ // REQUIRED
        'AccountId' => '<string>',
        'OrganizationalUnitId' => '<string>',
        'RootId' => '<string>',
    ],
]);

Parameter Details

Members
ConfigurationPolicyIdentifier
Required: Yes
Type: string

The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of SELF_MANAGED_SECURITY_HUB for a self-managed configuration.

Target
Required: Yes
Type: Target structure

The identifier of the target account, organizational unit, or the root to associate with the specified configuration.

Result Syntax

[
    'AssociationStatus' => 'PENDING|SUCCESS|FAILED',
    'AssociationStatusMessage' => '<string>',
    'AssociationType' => 'INHERITED|APPLIED',
    'ConfigurationPolicyId' => '<string>',
    'TargetId' => '<string>',
    'TargetType' => 'ACCOUNT|ORGANIZATIONAL_UNIT|ROOT',
    'UpdatedAt' => <DateTime>,
]

Result Details

Members
AssociationStatus
Type: string

The current status of the association between the specified target and the configuration.

AssociationStatusMessage
Type: string

An explanation for a FAILED value for AssociationStatus.

AssociationType
Type: string

Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

ConfigurationPolicyId
Type: string

The UUID of the configuration policy.

TargetId
Type: string

The identifier of the target account, organizational unit, or the organization root with which the configuration is associated.

TargetType
Type: string

Indicates whether the target is an Amazon Web Services account, organizational unit, or the organization root.

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

Errors

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To associate a configuration with a target

This operation associates a configuration policy or self-managed behavior with the target account, organizational unit, or the root.

$result = $client->startConfigurationPolicyAssociation([
    'ConfigurationPolicyIdentifier' => 'arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'Target' => [
        'AccountId' => '111122223333',
    ],
]);

Result syntax:

[
    'AssociationStatus' => 'SUCCESS',
    'AssociationStatusMessage' => 'This field is populated only if the association fails',
    'AssociationType' => 'APPLIED',
    'ConfigurationPolicyId' => 'a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'TargetId' => '111122223333',
    'TargetType' => 'ACCOUNT',
    'UpdatedAt' => ,
]

StartConfigurationPolicyDisassociation

$result = $client->startConfigurationPolicyDisassociation([/* ... */]);
$promise = $client->startConfigurationPolicyDisassociationAsync([/* ... */]);

Disassociates a target account, organizational unit, or the root from a specified configuration. When you disassociate a configuration from its target, the target inherits the configuration of the closest parent. If there’s no configuration to inherit, the target retains its settings but becomes a self-managed account. A target can be disassociated from a configuration policy or self-managed behavior. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Parameter Syntax

$result = $client->startConfigurationPolicyDisassociation([
    'ConfigurationPolicyIdentifier' => '<string>', // REQUIRED
    'Target' => [
        'AccountId' => '<string>',
        'OrganizationalUnitId' => '<string>',
        'RootId' => '<string>',
    ],
]);

Parameter Details

Members
ConfigurationPolicyIdentifier
Required: Yes
Type: string

The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of SELF_MANAGED_SECURITY_HUB for a self-managed configuration.

Target
Type: Target structure

The identifier of the target account, organizational unit, or the root to disassociate from the specified configuration.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To disassociate a configuration from a target

This operation disassociates a configuration policy or self-managed behavior from the target account, organizational unit, or the root.

$result = $client->startConfigurationPolicyDisassociation([
    'ConfigurationPolicyIdentifier' => 'SELF_MANAGED_SECURITY_HUB',
    'Target' => [
        'RootId' => 'r-f6g7h8i9j0example',
    ],
]);

TagResource

$result = $client->tagResource([/* ... */]);
$promise = $client->tagResourceAsync([/* ... */]);

Adds one or more tags to a resource.

Parameter Syntax

$result = $client->tagResource([
    'ResourceArn' => '<string>', // REQUIRED
    'Tags' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
ResourceArn
Required: Yes
Type: string

The ARN of the resource to apply the tags to.

Tags
Required: Yes
Type: Associative array of custom strings keys (TagKey) to strings

The tags to add to the resource. You can add up to 50 tags at a time. The tag keys can be no longer than 128 characters. The tag values can be no longer than 256 characters.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To tag a resource

The following example adds the 'Department' and 'Area' tags to the specified resource.

$result = $client->tagResource([
    'ResourceArn' => 'arn:aws:securityhub:us-west-1:123456789012:hub/default',
    'Tags' => [
        'Area' => 'USMidwest',
        'Department' => 'Operations',
    ],
]);

UntagResource

$result = $client->untagResource([/* ... */]);
$promise = $client->untagResourceAsync([/* ... */]);

Removes one or more tags from a resource.

Parameter Syntax

$result = $client->untagResource([
    'ResourceArn' => '<string>', // REQUIRED
    'TagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
ResourceArn
Required: Yes
Type: string

The ARN of the resource to remove the tags from.

TagKeys
Required: Yes
Type: Array of strings

The tag keys associated with the tags to remove from the resource. You can remove up to 50 tags at a time.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To remove tags from a resource

The following example removes the 'Department' tag from the specified resource.

$result = $client->untagResource([
    'ResourceArn' => 'arn:aws:securityhub:us-west-1:123456789012:hub/default',
    'TagKeys' => [
        'Department',
    ],
]);

UpdateActionTarget

$result = $client->updateActionTarget([/* ... */]);
$promise = $client->updateActionTargetAsync([/* ... */]);

Updates the name and description of a custom action target in Security Hub.

Parameter Syntax

$result = $client->updateActionTarget([
    'ActionTargetArn' => '<string>', // REQUIRED
    'Description' => '<string>',
    'Name' => '<string>',
]);

Parameter Details

Members
ActionTargetArn
Required: Yes
Type: string

The ARN of the custom action target to update.

Description
Type: string

The updated description for the custom action target.

Name
Type: string

The updated name of the custom action target.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To update the name and description of a custom action target

The following example updates the name and description of a custom action target in Security Hub. You can create custom actions to automatically respond to Security Hub findings using Amazon EventBridge.

$result = $client->updateActionTarget([
    'ActionTargetArn' => 'arn:aws:securityhub:us-west-1:123456789012:action/custom/Remediation',
    'Description' => 'Sends specified findings to customer service chat',
    'Name' => 'Chat custom action',
]);

UpdateConfigurationPolicy

$result = $client->updateConfigurationPolicy([/* ... */]);
$promise = $client->updateConfigurationPolicyAsync([/* ... */]);

Updates a configuration policy. Only the Security Hub delegated administrator can invoke this operation from the home Region.

Parameter Syntax

$result = $client->updateConfigurationPolicy([
    'ConfigurationPolicy' => [
        'SecurityHub' => [
            'EnabledStandardIdentifiers' => ['<string>', ...],
            'SecurityControlsConfiguration' => [
                'DisabledSecurityControlIdentifiers' => ['<string>', ...],
                'EnabledSecurityControlIdentifiers' => ['<string>', ...],
                'SecurityControlCustomParameters' => [
                    [
                        'Parameters' => [
                            '<NonEmptyString>' => [
                                'Value' => [
                                    'Boolean' => true || false,
                                    'Double' => <float>,
                                    'Enum' => '<string>',
                                    'EnumList' => ['<string>', ...],
                                    'Integer' => <integer>,
                                    'IntegerList' => [<integer>, ...],
                                    'String' => '<string>',
                                    'StringList' => ['<string>', ...],
                                ],
                                'ValueType' => 'DEFAULT|CUSTOM', // REQUIRED
                            ],
                            // ...
                        ],
                        'SecurityControlId' => '<string>',
                    ],
                    // ...
                ],
            ],
            'ServiceEnabled' => true || false,
        ],
    ],
    'Description' => '<string>',
    'Identifier' => '<string>', // REQUIRED
    'Name' => '<string>',
    'UpdatedReason' => '<string>',
]);

Parameter Details

Members
ConfigurationPolicy
Type: Policy structure

An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

When updating a configuration policy, provide a complete list of standards that you want to enable and a complete list of controls that you want to enable or disable. The updated configuration replaces the current configuration.

Description
Type: string

The description of the configuration policy.

Identifier
Required: Yes
Type: string

The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

Name
Type: string

The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, /.

UpdatedReason
Type: string

The reason for updating the configuration policy.

Result Syntax

[
    'Arn' => '<string>',
    'ConfigurationPolicy' => [
        'SecurityHub' => [
            'EnabledStandardIdentifiers' => ['<string>', ...],
            'SecurityControlsConfiguration' => [
                'DisabledSecurityControlIdentifiers' => ['<string>', ...],
                'EnabledSecurityControlIdentifiers' => ['<string>', ...],
                'SecurityControlCustomParameters' => [
                    [
                        'Parameters' => [
                            '<NonEmptyString>' => [
                                'Value' => [
                                    'Boolean' => true || false,
                                    'Double' => <float>,
                                    'Enum' => '<string>',
                                    'EnumList' => ['<string>', ...],
                                    'Integer' => <integer>,
                                    'IntegerList' => [<integer>, ...],
                                    'String' => '<string>',
                                    'StringList' => ['<string>', ...],
                                ],
                                'ValueType' => 'DEFAULT|CUSTOM',
                            ],
                            // ...
                        ],
                        'SecurityControlId' => '<string>',
                    ],
                    // ...
                ],
            ],
            'ServiceEnabled' => true || false,
        ],
    ],
    'CreatedAt' => <DateTime>,
    'Description' => '<string>',
    'Id' => '<string>',
    'Name' => '<string>',
    'UpdatedAt' => <DateTime>,
]

Result Details

Members
Arn
Type: string

The ARN of the configuration policy.

ConfigurationPolicy
Type: Policy structure

An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If the request included a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If the request included a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in UTC and ISO 8601 format, that the configuration policy was created.

Description
Type: string

The description of the configuration policy.

Id
Type: string

The UUID of the configuration policy.

Name
Type: string

The name of the configuration policy.

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.

Errors

InternalException:

Internal server error.

InvalidAccessException:

The account doesn't have permission to perform this action.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

ResourceConflictException:

The resource specified in the request conflicts with an existing resource.

Examples

Example 1: To update a configuration policy

This operation updates the specified configuration policy.

$result = $client->updateConfigurationPolicy([
    'ConfigurationPolicy' => [
        'SecurityHub' => [
            'EnabledStandardIdentifiers' => [
                'arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0',
                'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0',
            ],
            'SecurityControlsConfiguration' => [
                'DisabledSecurityControlIdentifiers' => [
                    'CloudWatch.1',
                    'CloudWatch.2',
                ],
                'SecurityControlCustomParameters' => [
                    [
                        'Parameters' => [
                            'daysToExpiration' => [
                                'Value' => [
                                    'Integer' => 21,
                                ],
                                'ValueType' => 'CUSTOM',
                            ],
                        ],
                        'SecurityControlId' => 'ACM.1',
                    ],
                ],
            ],
            'ServiceEnabled' => 1,
        ],
    ],
    'Description' => 'Updated configuration policy for testing FSBP and CIS',
    'Identifier' => 'arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'Name' => 'TestConfigurationPolicy',
    'UpdatedReason' => 'Enabling ACM.2',
]);

Result syntax:

[
    'Arn' => 'arn:aws:securityhub:us-east-1:123456789012:configuration-policy/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'ConfigurationPolicy' => [
        'SecurityHub' => [
            'EnabledStandardIdentifiers' => [
                'arn:aws:securityhub:us-east-1::standards/aws-foundational-security-best-practices/v/1.0.0',
                'arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0',
            ],
            'SecurityControlsConfiguration' => [
                'DisabledSecurityControlIdentifiers' => [
                    'CloudWatch.1',
                    'CloudWatch.2',
                ],
                'SecurityControlCustomParameters' => [
                    [
                        'Parameters' => [
                            'daysToExpiration' => [
                                'Value' => [
                                    'Integer' => 21,
                                ],
                                'ValueType' => 'CUSTOM',
                            ],
                        ],
                        'SecurityControlId' => 'ACM.1',
                    ],
                ],
            ],
            'ServiceEnabled' => 1,
        ],
    ],
    'CreatedAt' => ,
    'Description' => 'Updated configuration policy for testing FSBP and CIS',
    'Id' => 'a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'Name' => 'TestConfigurationPolicy',
    'UpdatedAt' => ,
]

UpdateFindingAggregator

$result = $client->updateFindingAggregator([/* ... */]);
$promise = $client->updateFindingAggregatorAsync([/* ... */]);

The aggregation Region is now called the home Region.

Updates cross-Region aggregation settings. You can use this operation to update the Region linking mode and the list of included or excluded Amazon Web Services Regions. However, you can't use this operation to change the home Region.

You can invoke this operation from the current home Region only.

Parameter Syntax

$result = $client->updateFindingAggregator([
    'FindingAggregatorArn' => '<string>', // REQUIRED
    'RegionLinkingMode' => '<string>', // REQUIRED
    'Regions' => ['<string>', ...],
]);

Parameter Details

Members
FindingAggregatorArn
Required: Yes
Type: string

The ARN of the finding aggregator. To obtain the ARN, use ListFindingAggregators.

RegionLinkingMode
Required: Yes
Type: string

Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

The selected option also determines how to use the Regions provided in the Regions list.

The options are as follows:

  • ALL_REGIONS - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

  • ALL_REGIONS_EXCEPT_SPECIFIED - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

  • SPECIFIED_REGIONS - Aggregates findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.

  • NO_REGIONS - Aggregates no data because no Regions are selected as linked Regions.

Regions
Type: Array of strings

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do replicate and send findings to the home Region.

An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.

Result Syntax

[
    'FindingAggregationRegion' => '<string>',
    'FindingAggregatorArn' => '<string>',
    'RegionLinkingMode' => '<string>',
    'Regions' => ['<string>', ...],
]

Result Details

Members
FindingAggregationRegion
Type: string

The home Region. Findings generated in linked Regions are replicated and sent to the home Region.

FindingAggregatorArn
Type: string

The ARN of the finding aggregator.

RegionLinkingMode
Type: string

Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.

Regions
Type: Array of strings

The list of excluded Regions or included Regions.

Errors

InternalException:

Internal server error.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To update cross-Region aggregation settings

The following example updates the cross-Region aggregation configuration. You use this operation to change the list of linked Regions and the treatment of new Regions. However, you cannot use this operation to change the aggregation Region.

$result = $client->updateFindingAggregator([
    'FindingAggregatorArn' => 'arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'RegionLinkingMode' => 'SPECIFIED_REGIONS',
    'Regions' => [
        'us-west-1',
        'us-west-2',
    ],
]);

Result syntax:

[
    'FindingAggregationRegion' => 'us-east-1',
    'FindingAggregatorArn' => 'arn:aws:securityhub:us-east-1:123456789012:finding-aggregator/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'RegionLinkingMode' => 'SPECIFIED_REGIONS',
    'Regions' => [
        'us-west-1',
        'us-west-2',
    ],
]

UpdateFindings

$result = $client->updateFindings([/* ... */]);
$promise = $client->updateFindingsAsync([/* ... */]);

UpdateFindings is a deprecated operation. Instead of UpdateFindings, use the BatchUpdateFindings operation.

The UpdateFindings operation updates the Note and RecordState of the Security Hub aggregated findings that the filter attributes specify. Any member account that can view the finding can also see the update to the finding.

Finding updates made with UpdateFindings aren't persisted if the same finding is later updated by the finding provider through the BatchImportFindings operation. In addition, Security Hub doesn't record updates made with UpdateFindings in the finding history.

Parameter Syntax

$result = $client->updateFindings([
    'Filters' => [ // REQUIRED
        'AwsAccountId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'AwsAccountName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'CompanyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceAssociatedStandardsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlParametersName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlParametersValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Confidence' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'CreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'Criticality' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'Description' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsConfidence' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'FindingProviderFieldsCriticality' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'FindingProviderFieldsRelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsRelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsSeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsSeverityOriginal' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsTypes' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FirstObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'GeneratorId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Id' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Keyword' => [
            [
                'Value' => '<string>',
            ],
            // ...
        ],
        'LastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'MalwareName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwarePath' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationPort' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NetworkDirection' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkProtocol' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceMac' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourcePort' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NoteText' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedBy' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProcessName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessParentPid' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessPath' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessPid' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessTerminatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductFields' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecommendationText' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecordState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Region' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceApplicationArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceApplicationName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV4Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV6Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceKeyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceSubnetId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceVpcId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyCreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyPrincipalName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamUserUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceDetailsOther' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourcePartition' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceRegion' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceTags' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Sample' => [
            [
                'Value' => true || false,
            ],
            // ...
        ],
        'SeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityNormalized' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SeverityProduct' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorCategory' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorLastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSource' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Title' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Type' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'UpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'UserDefinedFields' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VerificationState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VulnerabilitiesExploitAvailable' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VulnerabilitiesFixAvailable' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
    ],
    'Note' => [
        'Text' => '<string>', // REQUIRED
        'UpdatedBy' => '<string>', // REQUIRED
    ],
    'RecordState' => 'ACTIVE|ARCHIVED',
]);

Parameter Details

Members
Filters
Required: Yes
Type: AwsSecurityFindingFilters structure

A collection of attributes that specify which findings you want to update.

Note
Type: NoteUpdate structure

The updated note for the finding.

RecordState
Type: string

The updated record state for the finding.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

UpdateInsight

$result = $client->updateInsight([/* ... */]);
$promise = $client->updateInsightAsync([/* ... */]);

Updates the Security Hub insight identified by the specified insight ARN.

Parameter Syntax

$result = $client->updateInsight([
    'Filters' => [
        'AwsAccountId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'AwsAccountName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'CompanyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceAssociatedStandardsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlParametersName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceSecurityControlParametersValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ComplianceStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Confidence' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'CreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'Criticality' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'Description' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsConfidence' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'FindingProviderFieldsCriticality' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'FindingProviderFieldsRelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsRelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsSeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsSeverityOriginal' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FindingProviderFieldsTypes' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'FirstObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'GeneratorId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Id' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Keyword' => [
            [
                'Value' => '<string>',
            ],
            // ...
        ],
        'LastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'MalwareName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwarePath' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'MalwareType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkDestinationPort' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NetworkDirection' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkProtocol' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceDomain' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV4' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceIpV6' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'NetworkSourceMac' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NetworkSourcePort' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'NoteText' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'NoteUpdatedBy' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProcessName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessParentPid' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessPath' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProcessPid' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'ProcessTerminatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductFields' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ProductName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecommendationText' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RecordState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Region' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'RelatedFindingsProductArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceApplicationArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceApplicationName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIamInstanceProfileArn' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV4Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceIpV6Addresses' => [
            [
                'Cidr' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceKeyName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceSubnetId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsEc2InstanceVpcId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyCreatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyPrincipalName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamAccessKeyUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsIamUserUserName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceAwsS3BucketOwnerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerImageName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerLaunchedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ResourceContainerName' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceDetailsOther' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceId' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourcePartition' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceRegion' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceTags' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ResourceType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Sample' => [
            [
                'Value' => true || false,
            ],
            // ...
        ],
        'SeverityLabel' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'SeverityNormalized' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SeverityProduct' => [
            [
                'Eq' => <float>,
                'Gt' => <float>,
                'Gte' => <float>,
                'Lt' => <float>,
                'Lte' => <float>,
            ],
            // ...
        ],
        'SourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorCategory' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorLastObservedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSource' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorSourceUrl' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorType' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'ThreatIntelIndicatorValue' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Title' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'Type' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'UpdatedAt' => [
            [
                'DateRange' => [
                    'Unit' => 'DAYS',
                    'Value' => <integer>,
                ],
                'End' => '<string>',
                'Start' => '<string>',
            ],
            // ...
        ],
        'UserDefinedFields' => [
            [
                'Comparison' => 'EQUALS|NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VerificationState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VulnerabilitiesExploitAvailable' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'VulnerabilitiesFixAvailable' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowState' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
        'WorkflowStatus' => [
            [
                'Comparison' => 'EQUALS|PREFIX|NOT_EQUALS|PREFIX_NOT_EQUALS|CONTAINS|NOT_CONTAINS',
                'Value' => '<string>',
            ],
            // ...
        ],
    ],
    'GroupByAttribute' => '<string>',
    'InsightArn' => '<string>', // REQUIRED
    'Name' => '<string>',
]);

Parameter Details

Members
Filters
Type: AwsSecurityFindingFilters structure

The updated filters that define this insight.

GroupByAttribute
Type: string

The updated GroupBy attribute that defines this insight.

InsightArn
Required: Yes
Type: string

The ARN of the insight that you want to update.

Name
Type: string

The updated name for the insight.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

Examples

Example 1: To update an insight

The following example updates the specified Security Hub insight.

$result = $client->updateInsight([
    'Filters' => [
        'ResourceType' => [
            [
                'Comparison' => 'EQUALS',
                'Value' => 'AwsIamRole',
            ],
        ],
        'SeverityLabel' => [
            [
                'Comparison' => 'EQUALS',
                'Value' => 'HIGH',
            ],
        ],
    ],
    'InsightArn' => 'arn:aws:securityhub:us-west-1:123456789012:insight/123456789012/custom/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111',
    'Name' => 'High severity role findings',
]);

UpdateOrganizationConfiguration

$result = $client->updateOrganizationConfiguration([/* ... */]);
$promise = $client->updateOrganizationConfigurationAsync([/* ... */]);

Updates the configuration of your organization in Security Hub. Only the Security Hub administrator account can invoke this operation.

Parameter Syntax

$result = $client->updateOrganizationConfiguration([
    'AutoEnable' => true || false, // REQUIRED
    'AutoEnableStandards' => 'NONE|DEFAULT',
    'OrganizationConfiguration' => [
        'ConfigurationType' => 'CENTRAL|LOCAL',
        'Status' => 'PENDING|ENABLED|FAILED',
        'StatusMessage' => '<string>',
    ],
]);

Parameter Details

Members
AutoEnable
Required: Yes
Type: boolean

Whether to automatically enable Security Hub in new member accounts when they join the organization.

If set to true, then Security Hub is automatically enabled in new accounts. If set to false, then Security Hub isn't enabled in new accounts automatically. The default value is false.

If the ConfigurationType of your organization is set to CENTRAL, then this field is set to false and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which Security Hub is enabled and associate the policy with new organization accounts.

AutoEnableStandards
Type: string

Whether to automatically enable Security Hub default standards in new member accounts when they join the organization.

The default value of this parameter is equal to DEFAULT.

If equal to DEFAULT, then Security Hub default standards are automatically enabled for new member accounts. If equal to NONE, then default standards are not automatically enabled for new member accounts.

If the ConfigurationType of your organization is set to CENTRAL, then this field is set to NONE and can't be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which specific security standards are enabled and associate the policy with new organization accounts.

OrganizationConfiguration
Type: OrganizationConfiguration structure

Provides information about the way an organization is configured in Security Hub.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

ResourceConflictException:

The resource specified in the request conflicts with an existing resource.

Examples

Example 1: To update organization configuration

This operation updates the way your organization is configured in Security Hub. Only a Security Hub administrator account can invoke this operation.

$result = $client->updateOrganizationConfiguration([
    'AutoEnable' => ,
    'AutoEnableStandards' => 'NONE',
    'OrganizationConfiguration' => [
        'ConfigurationType' => 'CENTRAL',
    ],
]);

UpdateSecurityControl

$result = $client->updateSecurityControl([/* ... */]);
$promise = $client->updateSecurityControlAsync([/* ... */]);

Updates the properties of a security control.

Parameter Syntax

$result = $client->updateSecurityControl([
    'LastUpdateReason' => '<string>',
    'Parameters' => [ // REQUIRED
        '<NonEmptyString>' => [
            'Value' => [
                'Boolean' => true || false,
                'Double' => <float>,
                'Enum' => '<string>',
                'EnumList' => ['<string>', ...],
                'Integer' => <integer>,
                'IntegerList' => [<integer>, ...],
                'String' => '<string>',
                'StringList' => ['<string>', ...],
            ],
            'ValueType' => 'DEFAULT|CUSTOM', // REQUIRED
        ],
        // ...
    ],
    'SecurityControlId' => '<string>', // REQUIRED
]);

Parameter Details

Members
LastUpdateReason
Type: string

The most recent reason for updating the properties of the security control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.

Parameters
Required: Yes
Type: Associative array of custom strings keys (NonEmptyString) to ParameterConfiguration structures

An object that specifies which security control parameters to update.

SecurityControlId
Required: Yes
Type: string

The Amazon Resource Name (ARN) or ID of the control to update.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

ResourceInUseException:

The request was rejected because it conflicts with the resource's availability. For example, you tried to update a security control that's currently in the UPDATING state.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

ResourceInUseException:

The request was rejected because it conflicts with the resource's availability. For example, you tried to update a security control that's currently in the UPDATING state.

Examples

Example 1: To update security control properties

The following example updates the specified security control. Specifically, this example updates control parameters.

$result = $client->updateSecurityControl([
    'LastUpdateReason' => 'Comply with internal requirements',
    'Parameters' => [
        'maxCredentialUsageAge' => [
            'Value' => [
                'Integer' => 15,
            ],
            'ValueType' => 'CUSTOM',
        ],
    ],
    'SecurityControlId' => 'ACM.1',
]);

Result syntax:

[
]

UpdateSecurityHubConfiguration

$result = $client->updateSecurityHubConfiguration([/* ... */]);
$promise = $client->updateSecurityHubConfigurationAsync([/* ... */]);

Updates configuration options for Security Hub.

Parameter Syntax

$result = $client->updateSecurityHubConfiguration([
    'AutoEnableControls' => true || false,
    'ControlFindingGenerator' => 'STANDARD_CONTROL|SECURITY_CONTROL',
]);

Parameter Details

Members
AutoEnableControls
Type: boolean

Whether to automatically enable new controls when they are added to standards that are enabled.

By default, this is set to true, and new controls are enabled automatically. To not automatically enable new controls, set this to false.

When you automatically enable new controls, you can interact with the controls in the console and programmatically immediately after release. However, automatically enabled controls have a temporary default status of DISABLED. It can take up to several days for Security Hub to process the control release and designate the control as ENABLED in your account. During the processing period, you can manually enable or disable a control, and Security Hub will maintain that designation regardless of whether you have AutoEnableControls set to true.

ControlFindingGenerator
Type: string

Updates whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.

If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.

For accounts that are part of an organization, this value can only be updated in the administrator account.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

LimitExceededException:

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To update Security Hub settings

The following example updates Security Hub settings to turn on consolidated control findings, and to automatically enable new controls in enabled standards.

$result = $client->updateSecurityHubConfiguration([
    'AutoEnableControls' => 1,
    'ControlFindingGenerator' => 'SECURITY_CONTROL',
]);

UpdateStandardsControl

$result = $client->updateStandardsControl([/* ... */]);
$promise = $client->updateStandardsControlAsync([/* ... */]);

Used to control whether an individual security standard control is enabled or disabled.

Parameter Syntax

$result = $client->updateStandardsControl([
    'ControlStatus' => 'ENABLED|DISABLED',
    'DisabledReason' => '<string>',
    'StandardsControlArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
ControlStatus
Type: string

The updated status of the security standard control.

DisabledReason
Type: string

A description of the reason why you are disabling a security standard control. If you are disabling a control, then this is required.

StandardsControlArn
Required: Yes
Type: string

The ARN of the security standard control to enable or disable.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalException:

Internal server error.

InvalidInputException:

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

InvalidAccessException:

The account doesn't have permission to perform this action.

ResourceNotFoundException:

The request was rejected because we can't find the specified resource.

AccessDeniedException:

You don't have permission to perform the action specified in the request.

Examples

Example 1: To update the enablement status of a standard control

The following example disables the specified control in the specified security standard.

$result = $client->updateStandardsControl([
    'ControlStatus' => 'DISABLED',
    'DisabledReason' => 'Not applicable to my service',
    'StandardsControlArn' => 'arn:aws:securityhub:us-west-1:123456789012:control/pci-dss/v/3.2.1/PCI.AutoScaling.1',
]);

Shapes

AccessDeniedException

Description

You don't have permission to perform the action specified in the request.

Members
Code
Type: string
Message
Type: string

AccountDetails

Description

The details of an Amazon Web Services account.

Members
AccountId
Required: Yes
Type: string

The ID of an Amazon Web Services account.

Email
Type: string

The email of an Amazon Web Services account.

Action

Description

Provides details about one of the following actions that affects or that was taken on a resource:

  • A remote IP address issued an Amazon Web Services API call

  • A DNS request was received

  • A remote IP address attempted to connect to an EC2 instance

  • A remote IP address attempted a port probe on an EC2 instance

Members
ActionType
Type: string

The type of action that was detected. The possible action types are:

  • NETWORK_CONNECTION

  • AWS_API_CALL

  • DNS_REQUEST

  • PORT_PROBE

AwsApiCallAction
Type: AwsApiCallAction structure

Included if ActionType is AWS_API_CALL. Provides details about the API call that was detected.

DnsRequestAction
Type: DnsRequestAction structure

Included if ActionType is DNS_REQUEST. Provides details about the DNS request that was detected.

NetworkConnectionAction
Type: NetworkConnectionAction structure

Included if ActionType is NETWORK_CONNECTION. Provides details about the network connection that was detected.

PortProbeAction
Type: PortProbeAction structure

Included if ActionType is PORT_PROBE. Provides details about the port probe that was detected.

ActionLocalIpDetails

Description

Provides information about the IP address where the scanned port is located.

Members
IpAddressV4
Type: string

The IP address.

ActionLocalPortDetails

Description

For NetworkConnectionAction and PortProbeDetails, LocalPortDetails provides information about the local port that was involved in the action.

Members
Port
Type: int

The number of the port.

PortName
Type: string

The port name of the local connection.

Length Constraints: 128.

ActionRemoteIpDetails

Description

For AwsApiAction, NetworkConnectionAction, and PortProbeAction, RemoteIpDetails provides information about the remote IP address that was involved in the action.

Members
City
Type: City structure

The city where the remote IP address is located.

Country
Type: Country structure

The country where the remote IP address is located.

GeoLocation
Type: GeoLocation structure

The coordinates of the location of the remote IP address.

IpAddressV4
Type: string

The IP address.

Organization
Type: IpOrganizationDetails structure

The internet service provider (ISP) organization associated with the remote IP address.

ActionRemotePortDetails

Description

Provides information about the remote port that was involved in an attempted network connection.

Members
Port
Type: int

The number of the port.

PortName
Type: string

The port name of the remote connection.

Length Constraints: 128.

ActionTarget

Description

An ActionTarget object.

Members
ActionTargetArn
Required: Yes
Type: string

The ARN for the target action.

Description
Required: Yes
Type: string

The description of the target action.

Name
Required: Yes
Type: string

The name of the action target.

Actor

Description

Information about the threat actor identified in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

Members
Id
Type: string

The ID of the threat actor.

Session
Type: ActorSession structure

Contains information about the user session where the activity initiated.

User
Type: ActorUser structure

Contains information about the user credentials used by the threat actor.

ActorSession

Description

Contains information about the authenticated session used by the threat actor identified in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

Members
CreatedTime
Type: long (int|float)

The timestamp for when the session was created.

In CloudTrail, you can find this value as userIdentity.sessionContext.attributes.creationDate.

Issuer
Type: string

The issuer of the session.

In CloudTrail, you can find this value as userIdentity.sessionContext.sessionIssuer.arn.

MfaStatus
Type: string

Indicates whether multi-factor authentication (MFA) was used for authentication during the session.

In CloudTrail, you can find this value as userIdentity.sessionContext.attributes.mfaAuthenticated.

Uid
Type: string

Unique identifier of the session.

ActorUser

Description

Contains information about the credentials used by the threat actor identified in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

Members
Account
Type: UserAccount structure

The account of the threat actor.

CredentialUid
Type: string

Unique identifier of the threat actor’s user credentials.

Name
Type: string

The name of the threat actor.

Type
Type: string

The type of user.

Uid
Type: string

The unique identifier of the threat actor.

Adjustment

Description

An adjustment to the CVSS metric.

Members
Metric
Type: string

The metric to adjust.

Reason
Type: string

The reason for the adjustment.

AdminAccount

Description

Represents a Security Hub administrator account designated by an organization management account.

Members
AccountId
Type: string

The Amazon Web Services account identifier of the Security Hub administrator account.

Status
Type: string

The current status of the Security Hub administrator account. Indicates whether the account is currently enabled as a Security Hub administrator.

AssociatedStandard

Description

Information about an enabled security standard in which a security control is enabled.

Members
StandardsId
Type: string

The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

AssociationFilters

Description

Options for filtering the ListConfigurationPolicyAssociations response. You can filter by the Amazon Resource Name (ARN) or universally unique identifier (UUID) of a configuration policy, AssociationType, or AssociationStatus.

Members
AssociationStatus
Type: string

The current status of the association between a target and a configuration policy.

AssociationType
Type: string

Indicates whether the association between a target and a configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

ConfigurationPolicyId
Type: string

The ARN or UUID of the configuration policy.

AssociationSetDetails

Description

The associations between a route table and one or more subnets or a gateway.

Members
AssociationState
Type: AssociationStateDetails structure

The state of the association between a route table and a subnet or gateway.

GatewayId
Type: string

The ID of the internet gateway or virtual private gateway.

Main
Type: boolean

Indicates whether this is the main route table.

RouteTableAssociationId
Type: string

The ID of the association.

RouteTableId
Type: string

The ID of the route table.

SubnetId
Type: string

The ID of the subnet. A subnet ID is not returned for an implicit association.

AssociationStateDetails

Description

Describes the state of an association between a route table and a subnet or gateway.

Members
State
Type: string

The state of the association.

StatusMessage
Type: string

The status message, if applicable.

AutomationRulesAction

Description

One or more actions that Security Hub takes when a finding matches the defined criteria of a rule.

Members
FindingFieldsUpdate

Specifies that the automation rule action is an update to a finding field.

Type
Type: string

Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.

AutomationRulesConfig

Description

Defines the configuration of an automation rule.

Members
Actions
Type: Array of AutomationRulesAction structures

One or more actions to update finding fields if a finding matches the defined criteria of the rule.

CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp that indicates when the rule was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

CreatedBy
Type: string

The principal that created a rule.

Criteria

A set of Amazon Web Services Security Finding Format finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub applies the rule action to the finding.

Description
Type: string

A description of the rule.

IsTerminal
Type: boolean

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.

RuleArn
Type: string

The Amazon Resource Name (ARN) of a rule.

RuleName
Type: string

The name of the rule.

RuleOrder
Type: int

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

RuleStatus
Type: string

Whether the rule is active after it is created. If this parameter is equal to ENABLED, Security Hub starts applying the rule to findings and finding updates after the rule is created.

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp that indicates when the rule was most recently updated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

AutomationRulesFindingFieldsUpdate

Description

Identifies the finding fields that the automation rule action updates when a finding matches the defined criteria.

Members
Confidence
Type: int

The rule action updates the Confidence field of a finding.

Criticality
Type: int

The rule action updates the Criticality field of a finding.

Note
Type: NoteUpdate structure

The updated note.

RelatedFindings
Type: Array of RelatedFinding structures

The rule action updates the RelatedFindings field of a finding.

Severity
Type: SeverityUpdate structure

Updates to the severity information for a finding.

Types
Type: Array of strings

The rule action updates the Types field of a finding.

UserDefinedFields
Type: Associative array of custom strings keys (NonEmptyString) to strings

The rule action updates the UserDefinedFields field of a finding.

VerificationState
Type: string

The rule action updates the VerificationState field of a finding.

Workflow
Type: WorkflowUpdate structure

Used to update information about the investigation into the finding.

AutomationRulesFindingFilters

Description

The criteria that determine which findings a rule applies to.

Members
AwsAccountId
Type: Array of StringFilter structures

The Amazon Web Services account ID in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

AwsAccountName
Type: Array of StringFilter structures

The name of the Amazon Web Services account in which a finding was generated.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

CompanyName
Type: Array of StringFilter structures

The name of the company for the product that generated the finding. For control-based findings, the company is Amazon Web Services.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceAssociatedStandardsId
Type: Array of StringFilter structures

The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceSecurityControlId
Type: Array of StringFilter structures

The security control ID for which a finding was generated. Security control IDs are the same across standards.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ComplianceStatus
Type: Array of StringFilter structures

The result of a security check. This field is only used for findings generated from controls.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Confidence
Type: Array of NumberFilter structures

The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0–100 basis using a ratio scale. A value of 0 means 0 percent confidence, and a value of 100 means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see Confidence in the Security Hub User Guide.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

CreatedAt
Type: Array of DateFilter structures

A timestamp that indicates when this finding record was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Criticality
Type: Array of NumberFilter structures

The level of importance that is assigned to the resources that are associated with a finding. Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. For more information, see Criticality in the Security Hub User Guide.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Description
Type: Array of StringFilter structures

A finding's description.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

FirstObservedAt
Type: Array of DateFilter structures

A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

GeneratorId
Type: Array of StringFilter structures

The identifier for the solution-specific component that generated a finding.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Id
Type: Array of StringFilter structures

The product-specific identifier for a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

LastObservedAt
Type: Array of DateFilter structures

A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteText
Type: Array of StringFilter structures

The text of a user-defined note that's added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteUpdatedAt
Type: Array of DateFilter structures

The timestamp of when the note was updated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

NoteUpdatedBy
Type: Array of StringFilter structures

The principal that created a note.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductArn
Type: Array of StringFilter structures

The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ProductName
Type: Array of StringFilter structures

Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

RecordState
Type: Array of StringFilter structures

Provides the current state of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

RelatedFindingsId
Type: Array of StringFilter structures

The product-generated identifier for a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

RelatedFindingsProductArn
Type: Array of StringFilter structures

The ARN for the product that generated a related finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceApplicationArn
Type: Array of StringFilter structures

The Amazon Resource Name (ARN) of the application that is related to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceApplicationName
Type: Array of StringFilter structures

The name of the application that is related to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceDetailsOther
Type: Array of MapFilter structures

Custom fields and values about the resource that a finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceId
Type: Array of StringFilter structures

The identifier for the given resource type. For Amazon Web Services resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, this is the identifier as defined by the Amazon Web Services service that created the resource. For non-Amazon Web Services resources, this is a unique identifier that is associated with the resource.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

ResourcePartition
Type: Array of StringFilter structures

The partition in which the resource that the finding pertains to is located. A partition is a group of Amazon Web Services Regions. Each Amazon Web Services account is scoped to one partition.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceRegion
Type: Array of StringFilter structures

The Amazon Web Services Region where the resource that a finding pertains to is located.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceTags
Type: Array of MapFilter structures

A list of Amazon Web Services tags associated with a resource at the time the finding was processed.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

ResourceType
Type: Array of StringFilter structures

The type of resource that the finding pertains to.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

SeverityLabel
Type: Array of StringFilter structures

The severity value of the finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

SourceUrl
Type: Array of StringFilter structures

Provides a URL that links to a page about the current finding in the finding product.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

Title
Type: Array of StringFilter structures

A finding's title.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

Type
Type: Array of StringFilter structures

One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see Types taxonomy for ASFF in the Security Hub User Guide.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

UpdatedAt
Type: Array of DateFilter structures

A timestamp that indicates when the finding record was most recently updated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

UserDefinedFields
Type: Array of MapFilter structures

A list of user-defined name and value string pairs added to a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

VerificationState
Type: Array of StringFilter structures

Provides the veracity of a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

WorkflowStatus
Type: Array of StringFilter structures

Provides information about the status of the investigation into a finding.

Array Members: Minimum number of 1 item. Maximum number of 20 items.

AutomationRulesMetadata

Description

Metadata for automation rules in the calling account. The response includes rules with a RuleStatus of ENABLED and DISABLED.

Members
CreatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp that indicates when the rule was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

CreatedBy
Type: string

The principal that created a rule.

Description
Type: string

A description of the rule.

IsTerminal
Type: boolean

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.

RuleArn
Type: string

The Amazon Resource Name (ARN) for the rule.

RuleName
Type: string

The name of the rule.

RuleOrder
Type: int

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

RuleStatus
Type: string

Whether the rule is active after it is created. If this parameter is equal to ENABLED, Security Hub starts applying the rule to findings and finding updates after the rule is created. To change the value of this parameter after creating a rule, use BatchUpdateAutomationRules .

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp that indicates when the rule was most recently updated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

AvailabilityZone

Description

Information about an Availability Zone.

Members
SubnetId
Type: string

The ID of the subnet. You can specify one subnet per Availability Zone.

ZoneName
Type: string

The name of the Availability Zone.

AwsAmazonMqBrokerDetails

Description

Provides details about an Amazon MQ message broker. A message broker allows software applications and components to communicate using various programming languages, operating systems, and formal messaging protocols.

Members
AuthenticationStrategy
Type: string

The authentication strategy used to secure the broker. The default is SIMPLE.

AutoMinorVersionUpgrade
Type: boolean

Whether automatically upgrade new minor versions for brokers, as new versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window of the broker or after a manual broker reboot.

BrokerArn
Type: string

The Amazon Resource Name (ARN) of the broker.

BrokerId
Type: string

The unique ID that Amazon MQ generates for the broker.

BrokerName
Type: string

The broker's name.

DeploymentMode
Type: string

The broker's deployment mode.

EncryptionOptions

Encryption options for the broker. Doesn’t apply to RabbitMQ brokers.

EngineType
Type: string

The type of broker engine.

EngineVersion
Type: string

The version of the broker engine.

HostInstanceType
Type: string

The broker's instance type.

LdapServerMetadata

The metadata of the Lightweight Directory Access Protocol (LDAP) server used to authenticate and authorize connections to the broker. This is an optional failover server.

Logs

Turns on Amazon CloudWatch logging for brokers.

MaintenanceWindowStartTime

The scheduled time period (UTC) during which Amazon MQ begins to apply pending updates or patches to the broker.

PubliclyAccessible
Type: boolean

Permits connections from applications outside of the VPC that hosts the broker's subnets.

SecurityGroups
Type: Array of strings

The list of rules (one minimum, 125 maximum) that authorize connections to brokers.

StorageType
Type: string

The broker's storage type.

SubnetIds
Type: Array of strings

The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones.

Users
Type: Array of AwsAmazonMqBrokerUsersDetails structures

The list of all broker usernames for the specified broker. Doesn't apply to RabbitMQ brokers.

AwsAmazonMqBrokerEncryptionOptionsDetails

Description

Provides details about broker encryption options.

Members
KmsKeyId
Type: string

The KMS key that’s used to encrypt your data at rest. If not provided, Amazon MQ will use a default KMS key to encrypt your data.

UseAwsOwnedKey
Type: boolean

Specifies that an KMS key should be used for at-rest encryption. Set to true by default if no value is provided (for example, for RabbitMQ brokers).

AwsAmazonMqBrokerLdapServerMetadataDetails

Description

The metadata of the Lightweight Directory Access Protocol (LDAP) server used to authenticate and authorize connections to the broker. This is an optional failover server.

Members
Hosts
Type: Array of strings

Specifies the location of the LDAP server, such as Amazon Web Services Directory Service for Microsoft Active Directory.

RoleBase
Type: string

The distinguished name of the node in the directory information tree (DIT) to search for roles or groups.

RoleName
Type: string

The group name attribute in a role entry whose value is the name of that role.

RoleSearchMatching
Type: string

The LDAP search filter used to find roles within the roleBase.

RoleSearchSubtree
Type: boolean

The directory search scope for the role. If set to true, the scope is to search the entire subtree.

ServiceAccountUsername
Type: string

A username for the service account, which is an account in your LDAP server that has access to initiate a connection.

UserBase
Type: string

Selects a particular subtree of the directory information tree (DIT) to search for user entries.

UserRoleName
Type: string

The name of the LDAP attribute in the user's directory entry for the user's group membership.

UserSearchMatching
Type: string

The LDAP search filter used to find users within the userBase.

UserSearchSubtree
Type: boolean

The directory search scope for the user. If set to true, the scope is to search the entire subtree.

AwsAmazonMqBrokerLogsDetails

Description

Provides information about logs to be activated for the specified broker.

Members
Audit
Type: boolean

Activates audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged. Doesn't apply to RabbitMQ brokers.

AuditLogGroup
Type: string

The location of the CloudWatch Logs log group where audit logs are sent.

General
Type: boolean

Activates general logging.

GeneralLogGroup
Type: string

The location of the CloudWatch Logs log group where general logs are sent.

Pending

The list of information about logs that are to be turned on for the specified broker.

AwsAmazonMqBrokerLogsPendingDetails

Description

Provides information about logs to be activated for the specified broker.

Members
Audit
Type: boolean

Activates audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged. Doesn't apply to RabbitMQ brokers.

General
Type: boolean

Activates general logging.

AwsAmazonMqBrokerMaintenanceWindowStartTimeDetails

Description

The scheduled time period (UTC) during which Amazon MQ begins to apply pending updates or patches to the broker.

Members
DayOfWeek
Type: string

The day of the week on which the maintenance window falls.

TimeOfDay
Type: string

The time, in 24-hour format, on which the maintenance window falls.

TimeZone
Type: string

The time zone in either the Country/City format or the UTC offset format. UTC is the default format.

AwsAmazonMqBrokerUsersDetails

Description

Provides details about the broker usernames for the specified broker. Doesn't apply to RabbitMQ brokers.

Members
PendingChange
Type: string

The type of change pending for the broker user.

Username
Type: string

The username of the broker user.

AwsApiCallAction

Description

Provided if ActionType is AWS_API_CALL. It provides details about the API call that was detected.

Members
AffectedResources
Type: Associative array of custom strings keys (NonEmptyString) to strings

Identifies the resources that were affected by the API call.

Api
Type: string

The name of the API method that was issued.

Length Constraints: 128.

CallerType
Type: string

Indicates whether the API call originated from a remote IP address (remoteip) or from a DNS domain (domain).

DomainDetails

Provided if CallerType is domain. Provides information about the DNS domain that the API call originated from.

FirstSeen
Type: string

A timestamp that indicates when the API call was first observed.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

LastSeen
Type: string

A timestamp that indicates when the API call was most recently observed.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

RemoteIpDetails
Type: ActionRemoteIpDetails structure

Provided if CallerType is remoteip. Provides information about the remote IP address that the API call originated from.

ServiceName
Type: string

The name of the Amazon Web Services service that the API method belongs to.

Length Constraints: 128.

AwsApiCallActionDomainDetails

Description

Provided if CallerType is domain. It provides information about the DNS domain that issued the API call.

Members
Domain
Type: string

The name of the DNS domain that issued the API call.

Length Constraints: 128.

AwsApiGatewayAccessLogSettings

Description

Contains information about settings for logging access for the stage.

Members
DestinationArn
Type: string

The ARN of the CloudWatch Logs log group that receives the access logs.

Format
Type: string

A single-line format of the access logs of data, as specified by selected $context variables. The format must include at least $context.requestId.

AwsApiGatewayCanarySettings

Description

Contains information about settings for canary deployment in the stage.

Members
DeploymentId
Type: string

The deployment identifier for the canary deployment.

PercentTraffic
Type: double

The percentage of traffic that is diverted to a canary deployment.

StageVariableOverrides
Type: Associative array of custom strings keys (NonEmptyString) to strings

Stage variables that are overridden in the canary release deployment. The variables include new stage variables that are introduced in the canary.

Each variable is represented as a string-to-string map between the stage variable name and the variable value.

UseStageCache
Type: boolean

Indicates whether the canary deployment uses the stage cache.

AwsApiGatewayEndpointConfiguration

Description

Contains information about the endpoints for the API.

Members
Types
Type: Array of strings

A list of endpoint types for the REST API.

For an edge-optimized API, the endpoint type is EDGE. For a Regional API, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

AwsApiGatewayMethodSettings

Description

Defines settings for a method for the stage.

Members
CacheDataEncrypted
Type: boolean

Indicates whether the cached responses are encrypted.

CacheTtlInSeconds
Type: int

Specifies the time to live (TTL), in seconds, for cached responses. The higher the TTL, the longer the response is cached.

CachingEnabled
Type: boolean

Indicates whether responses are cached and returned for requests. For responses to be cached, a cache cluster must be enabled on the stage.

DataTraceEnabled
Type: boolean

Indicates whether data trace logging is enabled for the method. Data trace logging affects the log entries that are pushed to CloudWatch Logs.

HttpMethod
Type: string

The HTTP method. You can use an asterisk (*) as a wildcard to apply method settings to multiple methods.

LoggingLevel
Type: string

The logging level for this method. The logging level affects the log entries that are pushed to CloudWatch Logs.

If the logging level is ERROR, then the logs only include error-level entries.

If the logging level is INFO, then the logs include both ERROR events and extra informational events.

Valid values: OFF | ERROR | INFO

MetricsEnabled
Type: boolean

Indicates whether CloudWatch metrics are enabled for the method.

RequireAuthorizationForCacheControl
Type: boolean

Indicates whether authorization is required for a cache invalidation request.

ResourcePath
Type: string

The resource path for this method. Forward slashes (/) are encoded as ~1 . The initial slash must include a forward slash.

For example, the path value /resource/subresource must be encoded as /~1resource~1subresource.

To specify the root path, use only a slash (/). You can use an asterisk (*) as a wildcard to apply method settings to multiple methods.

ThrottlingBurstLimit
Type: int

The throttling burst limit for the method.

ThrottlingRateLimit
Type: double

The throttling rate limit for the method.

UnauthorizedCacheControlHeaderStrategy
Type: string

Indicates how to handle unauthorized requests for cache invalidation.

Valid values: FAIL_WITH_403 | SUCCEED_WITH_RESPONSE_HEADER | SUCCEED_WITHOUT_RESPONSE_HEADER

AwsApiGatewayRestApiDetails

Description

Contains information about a REST API in version 1 of Amazon API Gateway.

Members
ApiKeySource
Type: string

The source of the API key for metering requests according to a usage plan.

HEADER indicates whether to read the API key from the X-API-Key header of a request.

AUTHORIZER indicates whether to read the API key from the UsageIdentifierKey from a custom authorizer.

BinaryMediaTypes
Type: Array of strings

The list of binary media types supported by the REST API.

CreatedDate
Type: string

Indicates when the API was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Description
Type: string

A description of the REST API.

EndpointConfiguration

The endpoint configuration of the REST API.

Id
Type: string

The identifier of the REST API.

MinimumCompressionSize
Type: int

The minimum size in bytes of a payload before compression is enabled.

If null, then compression is disabled.

If 0, then all payloads are compressed.

Name
Type: string

The name of the REST API.

Version
Type: string

The version identifier for the REST API.

AwsApiGatewayStageDetails

Description

Provides information about a version 1 Amazon API Gateway stage.

Members
AccessLogSettings

Settings for logging access for the stage.

CacheClusterEnabled
Type: boolean

Indicates whether a cache cluster is enabled for the stage.

CacheClusterSize
Type: string

If a cache cluster is enabled, the size of the cache cluster.

CacheClusterStatus
Type: string

If a cache cluster is enabled, the status of the cache cluster.

CanarySettings
Type: AwsApiGatewayCanarySettings structure

Information about settings for canary deployment in the stage.

ClientCertificateId
Type: string

The identifier of the client certificate for the stage.

CreatedDate
Type: string

Indicates when the stage was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

DeploymentId
Type: string

The identifier of the deployment that the stage points to.

Description
Type: string

A description of the stage.

DocumentationVersion
Type: string

The version of the API documentation that is associated with the stage.

LastUpdatedDate
Type: string

Indicates when the stage was most recently updated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

MethodSettings
Type: Array of AwsApiGatewayMethodSettings structures

Defines the method settings for the stage.

StageName
Type: string

The name of the stage.

TracingEnabled
Type: boolean

Indicates whether active tracing with X-Ray is enabled for the stage.

Variables
Type: Associative array of custom strings keys (NonEmptyString) to strings

A map that defines the stage variables for the stage.

Variable names can have alphanumeric and underscore characters.

Variable values can contain the following characters:

  • Uppercase and lowercase letters

  • Numbers

  • Special characters -._~:/?#&=,

WebAclArn
Type: string

The ARN of the web ACL associated with the stage.

AwsApiGatewayV2ApiDetails

Description

Contains information about a version 2 API in Amazon API Gateway.

Members
ApiEndpoint
Type: string

The URI of the API.

Uses the format <api-id>.execute-api.<region>.amazonaws.com

The stage name is typically appended to the URI to form a complete path to a deployed API stage.

ApiId
Type: string

The identifier of the API.

ApiKeySelectionExpression
Type: string

An API key selection expression. Supported only for WebSocket APIs.

CorsConfiguration
Type: AwsCorsConfiguration structure

A cross-origin resource sharing (CORS) configuration. Supported only for HTTP APIs.

CreatedDate
Type: string

Indicates when the API was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Description
Type: string

A description of the API.

Name
Type: string

The name of the API.

ProtocolType
Type: string

The API protocol for the API.

Valid values: WEBSOCKET | HTTP

RouteSelectionExpression
Type: string

The route selection expression for the API.

For HTTP APIs, must be ${request.method} ${request.path}. This is the default value for HTTP APIs.

For WebSocket APIs, there is no default value.

Version
Type: string

The version identifier for the API.

AwsApiGatewayV2RouteSettings

Description

Contains route settings for a stage.

Members
DataTraceEnabled
Type: boolean

Indicates whether data trace logging is enabled. Data trace logging affects the log entries that are pushed to CloudWatch Logs. Supported only for WebSocket APIs.

DetailedMetricsEnabled
Type: boolean

Indicates whether detailed metrics are enabled.

LoggingLevel
Type: string

The logging level. The logging level affects the log entries that are pushed to CloudWatch Logs. Supported only for WebSocket APIs.

If the logging level is ERROR, then the logs only include error-level entries.

If the logging level is INFO, then the logs include both ERROR events and extra informational events.

Valid values: OFF | ERROR | INFO

ThrottlingBurstLimit
Type: int

The throttling burst limit.

ThrottlingRateLimit
Type: double

The throttling rate limit.

AwsApiGatewayV2StageDetails

Description

Contains information about a version 2 stage for Amazon API Gateway.

Members
AccessLogSettings

Information about settings for logging access for the stage.

ApiGatewayManaged
Type: boolean

Indicates whether the stage is managed by API Gateway.

AutoDeploy
Type: boolean

Indicates whether updates to an API automatically trigger a new deployment.

ClientCertificateId
Type: string

The identifier of a client certificate for a stage. Supported only for WebSocket API calls.

CreatedDate
Type: string

Indicates when the stage was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

DefaultRouteSettings

Default route settings for the stage.

DeploymentId
Type: string

The identifier of the deployment that the stage is associated with.

Description
Type: string

The description of the stage.

LastDeploymentStatusMessage
Type: string

The status of the last deployment of a stage. Supported only if the stage has automatic deployment enabled.

LastUpdatedDate
Type: string

Indicates when the stage was most recently updated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

RouteSettings

The route settings for the stage.

StageName
Type: string

The name of the stage.

StageVariables
Type: Associative array of custom strings keys (NonEmptyString) to strings

A map that defines the stage variables for the stage.

Variable names can have alphanumeric and underscore characters.

Variable values can contain the following characters:

  • Uppercase and lowercase letters

  • Numbers

  • Special characters -._~:/?#&=,

AwsAppSyncGraphQlApiAdditionalAuthenticationProvidersDetails

Description

A list of additional authentication providers for the GraphqlApi API.

Members
AuthenticationType
Type: string

The type of security configuration for your GraphQL API: API key, Identity and Access Management (IAM), OpenID Connect (OIDC), Amazon Cognito user pools, or Lambda.

LambdaAuthorizerConfig

The configuration for Lambda function authorization.

OpenIdConnectConfig

The OpenID Connect configuration.

UserPoolConfig

The Amazon Cognito user pools configuration.

AwsAppSyncGraphQlApiDetails

Description

Provides details about an AppSync Graph QL API, which lets you query multiple databases, microservices, and APIs from a single GraphQL endpoint.

Members
AdditionalAuthenticationProviders

A list of additional authentication providers for the GraphQL API.

ApiId
Type: string

The unique identifier for the API.

Arn
Type: string

The Amazon Resource Name (ARN) of the API.

AuthenticationType
Type: string

The type of security configuration for your GraphQL API: API key, Identity and Access Management (IAM), OpenID Connect (OIDC), Amazon Cognito user pools, or Lambda.

Id
Type: string

The unique identifier for the API.

LambdaAuthorizerConfig

Specifies the configuration for Lambda function authorization.

LogConfig

The Amazon CloudWatch Logs configuration.

Name
Type: string

The API name.

OpenIdConnectConfig

Specifies the authorization configuration for using an OpenID Connect compliant service with an AppSync GraphQL API endpoint.

UserPoolConfig

The Amazon Cognito user pools configuration.

WafWebAclArn
Type: string

The Amazon Resource Name (ARN) of the WAF web access control list (web ACL) associated with this GraphQL API, if one exists.

XrayEnabled
Type: boolean

Indicates whether to use X-Ray tracing for the GraphQL API.

AwsAppSyncGraphQlApiLambdaAuthorizerConfigDetails

Description

Specifies the authorization configuration for using an Lambda function with your AppSync GraphQL API endpoint.

Members
AuthorizerResultTtlInSeconds
Type: int

The number of seconds a response should be cached for. The default is 5 minutes (300 seconds).

AuthorizerUri
Type: string

The Amazon Resource Name (ARN) of the Lambda function to be called for authorization. This can be a standard Lambda ARN, a version ARN (.../v3), or an alias ARN.

IdentityValidationExpression
Type: string

A regular expression for validation of tokens before the Lambda function is called.

AwsAppSyncGraphQlApiLogConfigDetails

Description

Specifies the logging configuration when writing GraphQL operations and tracing to Amazon CloudWatch for an AppSync GraphQL API.

Members
CloudWatchLogsRoleArn
Type: string

The Amazon Resource Name (ARN) of the service role that AppSync assumes to publish to CloudWatch Logs in your account.

ExcludeVerboseContent
Type: boolean

Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level.

FieldLogLevel
Type: string

The field logging level.

AwsAppSyncGraphQlApiOpenIdConnectConfigDetails

Description

Specifies the authorization configuration for using an OpenID Connect compliant service with your AppSync GraphQL API endpoint.

Members
AuthTtL
Type: long (int|float)

The number of milliseconds that a token is valid after being authenticated.

ClientId
Type: string

The client identifier of the relying party at the OpenID identity provider. This identifier is typically obtained when the relying party is registered with the OpenID identity provider. You can specify a regular expression so that AppSync can validate against multiple client identifiers at a time.

IatTtL
Type: long (int|float)

The number of milliseconds that a token is valid after it's issued to a user.

Issuer
Type: string

The issuer for the OIDC configuration. The issuer returned by discovery must exactly match the value of iss in the ID token.

AwsAppSyncGraphQlApiUserPoolConfigDetails

Description

Specifies the authorization configuration for using Amazon Cognito user pools with your AppSync GraphQL API endpoint.

Members
AppIdClientRegex
Type: string

A regular expression for validating the incoming Amazon Cognito user pools app client ID. If this value isn't set, no filtering is applied.

AwsRegion
Type: string

The Amazon Web Services Region in which the user pool was created.

DefaultAction
Type: string

The action that you want your GraphQL API to take when a request that uses Amazon Cognito user pools authentication doesn't match the Amazon Cognito user pools configuration.

UserPoolId
Type: string

The user pool ID.

AwsAthenaWorkGroupConfigurationDetails

Description

The configuration of the workgroup, which includes the location in Amazon Simple Storage Service (Amazon S3) where query results are stored, the encryption option, if any, used for query results, whether Amazon CloudWatch metrics are enabled for the workgroup, and the limit for the amount of bytes scanned (cutoff) per query, if it is specified.

Members
ResultConfiguration

The location in Amazon S3 where query and calculation results are stored and the encryption option, if any, used for query and calculation results. These are known as client-side settings. If workgroup settings override client-side settings, then the query uses the workgroup settings.

AwsAthenaWorkGroupConfigurationResultConfigurationDetails

Description

The location in Amazon Simple Storage Service (Amazon S3) where query and calculation results are stored and the encryption option, if any, used for query and calculation results. These are known as client-side settings. If workgroup settings override client-side settings, then the query uses the workgroup settings.

Members
EncryptionConfiguration

Specifies the method used to encrypt the user’s data stores in the Athena workgroup.

AwsAthenaWorkGroupConfigurationResultConfigurationEncryptionConfigurationDetails

Description

Specifies the method used to encrypt the user’s data stores in the Athena workgroup.

Members
EncryptionOption
Type: string

Indicates whether Amazon Simple Storage Service (Amazon S3) server-side encryption with Amazon S3 managed keys (SSE_S3), server-side encryption with KMS keys (SSE_KMS), or client-side encryption with KMS customer managed keys (CSE_KMS) is used.

KmsKey
Type: string

For SSE_KMS and CSE_KMS, this is the KMS key Amazon Resource Name (ARN) or ID.

AwsAthenaWorkGroupDetails

Description

Provides information about an Amazon Athena workgroup.

Members
Configuration

The configuration of the workgroup, which includes the location in Amazon Simple Storage Service (Amazon S3) where query results are stored, the encryption option, if any, used for query results, whether Amazon CloudWatch metrics are enabled for the workgroup, and the limit for the amount of bytes scanned (cutoff) per query, if it is specified.

Description
Type: string

The workgroup description.

Name
Type: string

The workgroup name.

State
Type: string

Whether the workgroup is enabled or disabled.

AwsAutoScalingAutoScalingGroupAvailabilityZonesListDetails

Description

An Availability Zone for the automatic scaling group.

Members
Value
Type: string

The name of the Availability Zone.

AwsAutoScalingAutoScalingGroupDetails

Description

Provides details about an auto scaling group.

Members
AvailabilityZones

The list of Availability Zones for the automatic scaling group.

CapacityRebalance
Type: boolean

Indicates whether capacity rebalancing is enabled.

CreatedTime
Type: string

Indicates when the auto scaling group was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

HealthCheckGracePeriod
Type: int

The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before it checks the health status of an EC2 instance that has come into service.

HealthCheckType
Type: string

The service to use for the health checks. Valid values are EC2 or ELB.

LaunchConfigurationName
Type: string

The name of the launch configuration.

LaunchTemplate

The launch template to use.

LoadBalancerNames
Type: Array of strings

The list of load balancers associated with the group.

MixedInstancesPolicy

The mixed instances policy for the automatic scaling group.

AwsAutoScalingAutoScalingGroupLaunchTemplateLaunchTemplateSpecification

Description

Details about the launch template to use.

Members
LaunchTemplateId
Type: string

The identifier of the launch template. You must specify either LaunchTemplateId or LaunchTemplateName.

LaunchTemplateName
Type: string

The name of the launch template. You must specify either LaunchTemplateId or LaunchTemplateName.

Version
Type: string

Identifies the version of the launch template. You can specify a version identifier, or use the values $Latest or $Default.

AwsAutoScalingAutoScalingGroupMixedInstancesPolicyDetails

Description

The mixed instances policy for the automatic scaling group.

Members
InstancesDistribution

The instances distribution. The instances distribution specifies the distribution of On-Demand Instances and Spot Instances, the maximum price to pay for Spot Instances, and how the Auto Scaling group allocates instance types to fulfill On-Demand and Spot capacity.

LaunchTemplate

The launch template to use and the instance types (overrides) to use to provision EC2 instances to fulfill On-Demand and Spot capacities.

AwsAutoScalingAutoScalingGroupMixedInstancesPolicyInstancesDistributionDetails

Description

Information about the instances distribution.

Members
OnDemandAllocationStrategy
Type: string

How to allocate instance types to fulfill On-Demand capacity. The valid value is prioritized.

OnDemandBaseCapacity
Type: int

The minimum amount of the Auto Scaling group's capacity that must be fulfilled by On-Demand Instances.

OnDemandPercentageAboveBaseCapacity
Type: int

The percentage of On-Demand Instances and Spot Instances for additional capacity beyond OnDemandBaseCapacity.

SpotAllocationStrategy
Type: string

How to allocate instances across Spot Instance pools. Valid values are as follows:

  • lowest-price

  • capacity-optimized

  • capacity-optimized-prioritized

SpotInstancePools
Type: int

The number of Spot Instance pools across which to allocate your Spot Instances.

SpotMaxPrice
Type: string

The maximum price per unit hour that you are willing to pay for a Spot Instance.

AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateDetails

Description

Describes a launch template and overrides for a mixed instances policy.

Members
LaunchTemplateSpecification

The launch template to use for a mixed instances policy.

Overrides

Property values to use to override the values in the launch template.

AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification

Description

Details about the launch template to use for a mixed instances policy.

Members
LaunchTemplateId
Type: string

The identifier of the launch template. You must specify either LaunchTemplateId or LaunchTemplateName.

LaunchTemplateName
Type: string

The name of the launch template. You must specify either LaunchTemplateId or LaunchTemplateName.

Version
Type: string

Identifies the version of the launch template. You can specify a version identifier, or use the values $Latest or $Default.

AwsAutoScalingAutoScalingGroupMixedInstancesPolicyLaunchTemplateOverridesListDetails

Description

Property values to use to override the values in the launch template.

Members
InstanceType
Type: string

The instance type. For example, m3.xlarge.

WeightedCapacity
Type: string

The number of capacity units provided by the specified instance type in terms of virtual CPUs, memory, storage, throughput, or other relative performance characteristic.

AwsAutoScalingLaunchConfigurationBlockDeviceMappingsDetails

Description

A block device for the instance.

Members
DeviceName
Type: string

The device name that is exposed to the EC2 instance. For example, /dev/sdh or xvdh.

Ebs

Parameters that are used to automatically set up Amazon EBS volumes when an instance is launched.

NoDevice
Type: boolean

Whether to suppress the device that is included in the block device mapping of the Amazon Machine Image (AMI).

If NoDevice is true, then you cannot specify Ebs.>

VirtualName
Type: string

The name of the virtual device (for example, ephemeral0).

You can provide either VirtualName or Ebs, but not both.

AwsAutoScalingLaunchConfigurationBlockDeviceMappingsEbsDetails

Description

Parameters that are used to automatically set up EBS volumes when an instance is launched.

Members
DeleteOnTermination
Type: boolean

Whether to delete the volume when the instance is terminated.

Encrypted
Type: boolean

Whether to encrypt the volume.

Iops
Type: int

The number of input/output (I/O) operations per second (IOPS) to provision for the volume.

Only supported for gp3 or io1 volumes. Required for io1 volumes. Not used with standard, gp2, st1, or sc1 volumes.

SnapshotId
Type: string

The snapshot ID of the volume to use.

You must specify either VolumeSize or SnapshotId.

VolumeSize
Type: int

The volume size, in GiBs. The following are the supported volumes sizes for each volume type:

  • gp2 and gp3: 1-16,384

  • io1: 4-16,384

  • st1 and sc1: 125-16,384

  • standard: 1-1,024

You must specify either SnapshotId or VolumeSize. If you specify both SnapshotId and VolumeSize, the volume size must be equal or greater than the size of the snapshot.

VolumeType
Type: string

The volume type. Valid values are as follows:

  • gp2

  • gp3

  • io1

  • sc1

  • st1

  • standard

AwsAutoScalingLaunchConfigurationDetails

Description

Details about a launch configuration.

Members
AssociatePublicIpAddress
Type: boolean

For Auto Scaling groups that run in a VPC, specifies whether to assign a public IP address to the group's instances.

BlockDeviceMappings

Specifies the block devices for the instance.

ClassicLinkVpcId
Type: string

The identifier of a ClassicLink-enabled VPC that EC2-Classic instances are linked to.

ClassicLinkVpcSecurityGroups
Type: Array of strings

The identifiers of one or more security groups for the VPC that is specified in ClassicLinkVPCId.

CreatedTime
Type: string

The creation date and time for the launch configuration.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

EbsOptimized
Type: boolean

Whether the launch configuration is optimized for Amazon EBS I/O.

IamInstanceProfile
Type: string

The name or the ARN of the instance profile associated with the IAM role for the instance. The instance profile contains the IAM role.

ImageId
Type: string

The identifier of the Amazon Machine Image (AMI) that is used to launch EC2 instances.

InstanceMonitoring

Indicates the type of monitoring for instances in the group.

InstanceType
Type: string

The instance type for the instances.

KernelId
Type: string

The identifier of the kernel associated with the AMI.

KeyName
Type: string

The name of the key pair.

LaunchConfigurationName
Type: string

The name of the launch configuration.

MetadataOptions

The metadata options for the instances.

PlacementTenancy
Type: string

The tenancy of the instance. An instance with dedicated tenancy runs on isolated, single-tenant hardware and can only be launched into a VPC.

RamdiskId
Type: string

The identifier of the RAM disk associated with the AMI.

SecurityGroups
Type: Array of strings

The security groups to assign to the instances in the Auto Scaling group.

SpotPrice
Type: string

The maximum hourly price to be paid for any Spot Instance that is launched to fulfill the request.

UserData
Type: string

The user data to make available to the launched EC2 instances. Must be base64-encoded text.

AwsAutoScalingLaunchConfigurationInstanceMonitoringDetails

Description

Information about the type of monitoring for instances in the group.

Members
Enabled
Type: boolean

If set to true, then instances in the group launch with detailed monitoring.

If set to false, then instances in the group launch with basic monitoring.

AwsAutoScalingLaunchConfigurationMetadataOptions

Description

The metadata options for the instances.

Members
HttpEndpoint
Type: string

Enables or disables the HTTP metadata endpoint on your instances. By default, the metadata endpoint is enabled.

HttpPutResponseHopLimit
Type: int

The HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.

HttpTokens
Type: string

Indicates whether token usage is required or optional for metadata requests. By default, token usage is optional.

AwsBackupBackupPlanAdvancedBackupSettingsDetails

Description

Provides a list of backup options for each resource type.

Members
BackupOptions
Type: Associative array of custom strings keys (NonEmptyString) to strings

Specifies the backup option for a selected resource. This option is only available for Windows Volume Shadow Copy Service (VSS) backup jobs. Valid values are as follows:

  • Set to WindowsVSS: enabled to enable the WindowsVSS backup option and create a Windows VSS backup.

  • Set to WindowsVSS: disabled to create a regular backup. The WindowsVSS option is not enabled by default.

ResourceType
Type: string

The name of a resource type. The only supported resource type is Amazon EC2 instances with Windows VSS.

The only valid value is EC2.

AwsBackupBackupPlanBackupPlanDetails

Description

Provides details about an Backup backup plan and an array of BackupRule objects, each of which specifies a backup rule.

Members
AdvancedBackupSettings

A list of backup options for each resource type.

BackupPlanName
Type: string

The display name of a backup plan.

BackupPlanRule
Type: Array of AwsBackupBackupPlanRuleDetails structures

An array of BackupRule objects, each of which specifies a scheduled task that is used to back up a selection of resources.

AwsBackupBackupPlanDetails

Description

Provides details about an Backup backup plan and an array of BackupRule objects, each of which specifies a backup rule.

Members
BackupPlan

Uniquely identifies the backup plan to be associated with the selection of resources.

BackupPlanArn
Type: string

An Amazon Resource Name (ARN) that uniquely identifies the backup plan.

BackupPlanId
Type: string

A unique ID for the backup plan.

VersionId
Type: string

Unique, randomly generated, Unicode, UTF-8 encoded strings. Version IDs cannot be edited.

AwsBackupBackupPlanLifecycleDetails

Description

Provides lifecycle details for the backup plan. A lifecycle defines when a backup is transitioned to cold storage and when it expires.

Members
DeleteAfterDays
Type: long (int|float)

Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays.

MoveToColdStorageAfterDays
Type: long (int|float)

Specifies the number of days after creation that a recovery point is moved to cold storage.

AwsBackupBackupPlanRuleCopyActionsDetails

Description

An array of CopyAction objects, each of which contains details of the copy operation.

Members
DestinationBackupVaultArn
Type: string

An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup.

Lifecycle

Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you don't specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.

AwsBackupBackupPlanRuleDetails

Description

Provides details about an array of BackupRule objects, each of which specifies a scheduled task that is used to back up a selection of resources.

Members
CompletionWindowMinutes
Type: long (int|float)

A value in minutes after a backup job is successfully started before it must be completed, or it is canceled by Backup.

CopyActions
Type: Array of AwsBackupBackupPlanRuleCopyActionsDetails structures

An array of CopyAction objects, each of which contains details of the copy operation.

EnableContinuousBackup
Type: boolean

Specifies whether Backup creates continuous backups capable of point-in-time restore (PITR).

Lifecycle

Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you don't specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.

RuleId
Type: string

Uniquely identifies a rule that is used to schedule the backup of a selection of resources.

RuleName
Type: string

A display name for a backup rule. Must contain 1 to 50 alphanumeric or '-_.' characters.

ScheduleExpression
Type: string

A cron expression in UTC specifying when Backup initiates a backup job.

StartWindowMinutes
Type: long (int|float)

A value in minutes after a backup is scheduled before a job will be canceled if it doesn't start successfully.

TargetBackupVault
Type: string

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the Amazon Web Services account used to create them and the Amazon Web Services Region where they are created. They consist of letters, numbers, and hyphens.

AwsBackupBackupVaultDetails

Description

Provides details about an Backup backup vault. In Backup, a backup vault is a container that stores and organizes your backups.

Members
AccessPolicy
Type: string

A resource-based policy that is used to manage access permissions on the target backup vault.

BackupVaultArn
Type: string

An Amazon Resource Name (ARN) that uniquely identifies a backup vault.

BackupVaultName
Type: string

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the Amazon Web Services account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

EncryptionKeyArn
Type: string

The unique ARN associated with the server-side encryption key. You can specify a key to encrypt your backups from services that support full Backup management. If you don't specify a key, Backup creates an KMS key for you by default.

Notifications

The Amazon SNS event notifications for the specified backup vault.

AwsBackupBackupVaultNotificationsDetails

Description

Provides details about the Amazon SNS event notifications for the specified backup vault.

Members
BackupVaultEvents
Type: Array of strings

An array of events that indicate the status of jobs to back up resources to the backup vault. The following events are supported:

  • BACKUP_JOB_STARTED | BACKUP_JOB_COMPLETED

  • COPY_JOB_STARTED | COPY_JOB_SUCCESSFUL | COPY_JOB_FAILED

  • RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED | RECOVERY_POINT_MODIFIED

  • S3_BACKUP_OBJECT_FAILED | S3_RESTORE_OBJECT_FAILED

SnsTopicArn
Type: string

The Amazon Resource Name (ARN) that uniquely identifies the Amazon SNS topic for a backup vault's events.

AwsBackupRecoveryPointCalculatedLifecycleDetails

Description

Specifies how long in days before a recovery point transitions to cold storage or is deleted.

Members
DeleteAt
Type: string

Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays.

MoveToColdStorageAt
Type: string

Specifies the number of days after creation that a recovery point is moved to cold storage.

AwsBackupRecoveryPointCreatedByDetails

Description

Contains information about the backup plan and rule that Backup used to initiate the recovery point backup.

Members
BackupPlanArn
Type: string

An Amazon Resource Name (ARN) that uniquely identifies a backup plan.

BackupPlanId
Type: string

Uniquely identifies a backup plan.

BackupPlanVersion
Type: string

Unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. Version IDs cannot be edited.

BackupRuleId
Type: string

Uniquely identifies a rule used to schedule the backup of a selection of resources.

AwsBackupRecoveryPointDetails

Description

Contains detailed information about the recovery points stored in an Backup backup vault. A backup, or recovery point, represents the content of a resource at a specified time.

Members
BackupSizeInBytes
Type: long (int|float)

The size, in bytes, of a backup.

BackupVaultArn
Type: string

An Amazon Resource Name (ARN) that uniquely identifies a backup vault.

BackupVaultName
Type: string

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the Amazon Web Services account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

CalculatedLifecycle

A CalculatedLifecycle object containing DeleteAt and MoveToColdStorageAt timestamps.

CompletionDate
Type: string

The date and time that a job to create a recovery point is completed, in Unix format and UTC. The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

CreatedBy

Contains identifying information about the creation of a recovery point, including the BackupPlanArn, BackupPlanId, BackupPlanVersion, and BackupRuleId of the backup plan that is used to create it.

CreationDate
Type: string

The date and time a recovery point is created, in Unix format and UTC. The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

EncryptionKeyArn
Type: string

The ARN for the server-side encryption key that is used to protect your backups.

IamRoleArn
Type: string

Specifies the IAM role ARN used to create the target recovery point

IsEncrypted
Type: boolean

A Boolean value that is returned as TRUE if the specified recovery point is encrypted, or FALSE if the recovery point is not encrypted.

LastRestoreTime
Type: string

The date and time that a recovery point was last restored, in Unix format and UTC. The value of LastRestoreTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

Lifecycle

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define

RecoveryPointArn
Type: string

An ARN that uniquely identifies a recovery point.

ResourceArn
Type: string

An ARN that uniquely identifies a resource. The format of the ARN depends on the resource type.

ResourceType
Type: string

The type of Amazon Web Services resource saved as a recovery point, such as an Amazon EBS volume or an Amazon RDS database.

SourceBackupVaultArn
Type: string

The ARN for the backup vault where the recovery point was originally copied from. If the recovery point is restored to the same account, this value will be null.

Status
Type: string

A status code specifying the state of the recovery point. Valid values are as follows:

  • COMPLETED

  • DELETING

  • EXPIRED

  • PARTIAL

StatusMessage
Type: string

A message explaining the reason of the recovery point deletion failure.

StorageClass
Type: string

Specifies the storage class of the recovery point. Valid values are as follows:

  • COLD

  • DELETED

  • WARM

AwsBackupRecoveryPointLifecycleDetails

Description

Contains an array of Transition objects specifying how long in days before a recovery point transitions to cold storage or is deleted.

Members
DeleteAfterDays
Type: long (int|float)

Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays.

MoveToColdStorageAfterDays
Type: long (int|float)

Specifies the number of days after creation that a recovery point is moved to cold storage.

AwsCertificateManagerCertificateDetails

Description

Provides details about an Certificate Manager certificate.

Members
CertificateAuthorityArn
Type: string

The ARN of the private certificate authority (CA) that will be used to issue the certificate.

CreatedAt
Type: string

Indicates when the certificate was requested.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

DomainName
Type: string

The fully qualified domain name (FQDN), such as www.example.com, that is secured by the certificate.

DomainValidationOptions

Contains information about the initial validation of each domain name that occurs as a result of the RequestCertificate request.

Only provided if the certificate type is AMAZON_ISSUED.

ExtendedKeyUsages

Contains a list of Extended Key Usage X.509 v3 extension objects. Each object specifies a purpose for which the certificate public key can be used and consists of a name and an object identifier (OID).

FailureReason
Type: string

For a failed certificate request, the reason for the failure.

Valid values: NO_AVAILABLE_CONTACTS | ADDITIONAL_VERIFICATION_REQUIRED | DOMAIN_NOT_ALLOWED | INVALID_PUBLIC_DOMAIN | DOMAIN_VALIDATION_DENIED | CAA_ERROR | PCA_LIMIT_EXCEEDED | PCA_INVALID_ARN | PCA_INVALID_STATE | PCA_REQUEST_FAILED | PCA_NAME_CONSTRAINTS_VALIDATION | PCA_RESOURCE_NOT_FOUND | PCA_INVALID_ARGS | PCA_INVALID_DURATION | PCA_ACCESS_DENIED | SLR_NOT_FOUND | OTHER

ImportedAt
Type: string

Indicates when the certificate was imported. Provided if the certificate type is IMPORTED.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

InUseBy
Type: Array of strings

The list of ARNs for the Amazon Web Services resources that use the certificate.

IssuedAt
Type: string

Indicates when the certificate was issued. Provided if the certificate type is AMAZON_ISSUED.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Issuer
Type: string

The name of the certificate authority that issued and signed the certificate.

KeyAlgorithm
Type: string

The algorithm that was used to generate the public-private key pair.

Valid values: RSA_2048 | RSA_1024 | RSA_4096 | EC_prime256v1 | EC_secp384r1 | EC_secp521r1

KeyUsages
Type: Array of AwsCertificateManagerCertificateKeyUsage structures

A list of key usage X.509 v3 extension objects.

NotAfter
Type: string

The time after which the certificate becomes invalid.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

NotBefore
Type: string

The time before which the certificate is not valid.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Options

Provides a value that specifies whether to add the certificate to a transparency log.

RenewalEligibility
Type: string

Whether the certificate is eligible for renewal.

Valid values: ELIGIBLE | INELIGIBLE

RenewalSummary

Information about the status of the Certificate Manager managed renewal for the certificate. Provided only when the certificate type is AMAZON_ISSUED.

Serial
Type: string

The serial number of the certificate.

SignatureAlgorithm
Type: string

The algorithm that was used to sign the certificate.

Status
Type: string

The status of the certificate.

Valid values: PENDING_VALIDATION | ISSUED | INACTIVE | EXPIRED | VALIDATION_TIMED_OUT | REVOKED | FAILED

Subject
Type: string

The name of the entity that is associated with the public key contained in the certificate.

SubjectAlternativeNames
Type: Array of strings

One or more domain names (subject alternative names) included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate.

The subject alternative names include the canonical domain name (CN) of the certificate and additional domain names that can be used to connect to the website.

Type
Type: string

The source of the certificate. For certificates that Certificate Manager provides, Type is AMAZON_ISSUED. For certificates that are imported with ImportCertificate, Type is IMPORTED.

Valid values: IMPORTED | AMAZON_ISSUED | PRIVATE

AwsCertificateManagerCertificateDomainValidationOption

Description

Contains information about one of the following:

  • The initial validation of each domain name that occurs as a result of the RequestCertificate request

  • The validation of each domain name in the certificate, as it pertains to Certificate Manager managed renewal

Members
DomainName
Type: string

A fully qualified domain name (FQDN) in the certificate.

ResourceRecord

The CNAME record that is added to the DNS database for domain validation.

ValidationDomain
Type: string

The domain name that Certificate Manager uses to send domain validation emails.

ValidationEmails
Type: Array of strings

A list of email addresses that Certificate Manager uses to send domain validation emails.

ValidationMethod
Type: string

The method used to validate the domain name.

ValidationStatus
Type: string

The validation status of the domain name.

AwsCertificateManagerCertificateExtendedKeyUsage

Description

Contains information about an extended key usage X.509 v3 extension object.

Members
Name
Type: string

The name of an extension value. Indicates the purpose for which the certificate public key can be used.

OId
Type: string

An object identifier (OID) for the extension value.

The format is numbers separated by periods.

AwsCertificateManagerCertificateKeyUsage

Description

Contains information about a key usage X.509 v3 extension object.

Members
Name
Type: string

The key usage extension name.

AwsCertificateManagerCertificateOptions

Description

Contains other options for the certificate.

Members
CertificateTransparencyLoggingPreference
Type: string

Whether to add the certificate to a transparency log.

Valid values: DISABLED | ENABLED

AwsCertificateManagerCertificateRenewalSummary

Description

Contains information about the Certificate Manager managed renewal for an AMAZON_ISSUED certificate.

Members
DomainValidationOptions

Information about the validation of each domain name in the certificate, as it pertains to Certificate Manager managed renewal. Provided only when the certificate type is AMAZON_ISSUED.

RenewalStatus
Type: string

The status of the Certificate Manager managed renewal of the certificate.

Valid values: PENDING_AUTO_RENEWAL | PENDING_VALIDATION | SUCCESS | FAILED

RenewalStatusReason
Type: string

The reason that a renewal request was unsuccessful. This attribute is used only when RenewalStatus is FAILED.

Valid values: NO_AVAILABLE_CONTACTS | ADDITIONAL_VERIFICATION_REQUIRED | DOMAIN_NOT_ALLOWED | INVALID_PUBLIC_DOMAIN | DOMAIN_VALIDATION_DENIED | CAA_ERROR | PCA_LIMIT_EXCEEDED | PCA_INVALID_ARN | PCA_INVALID_STATE | PCA_REQUEST_FAILED | PCA_NAME_CONSTRAINTS_VALIDATION | PCA_RESOURCE_NOT_FOUND | PCA_INVALID_ARGS | PCA_INVALID_DURATION | PCA_ACCESS_DENIED | SLR_NOT_FOUND | OTHER

UpdatedAt
Type: string

Indicates when the renewal summary was last updated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

AwsCertificateManagerCertificateResourceRecord

Description

Provides details about the CNAME record that is added to the DNS database for domain validation.

Members
Name
Type: string

The name of the resource.

Type
Type: string

The type of resource.

Value
Type: string

The value of the resource.

AwsCloudFormationStackDetails

Description

Nests a stack as a resource in a top-level template. Nested stacks are stacks created as resources for another stack.

Members
Capabilities
Type: Array of strings

The capabilities allowed in the stack.

CreationTime
Type: string

The time at which the stack was created.

Description
Type: string

A user-defined description associated with the stack.

DisableRollback
Type: boolean

Boolean to enable or disable rollback on stack creation failures.

DriftInformation

Information about whether a stack's actual configuration differs, or has drifted, from its expected configuration, as defined in the stack template and any values specified as template parameters.

EnableTerminationProtection
Type: boolean

Whether termination protection is enabled for the stack.

LastUpdatedTime
Type: string

The time the nested stack was last updated. This field will only be returned if the stack has been updated at least once.

NotificationArns
Type: Array of strings

The Amazon Resource Names (ARNs) of the Amazon SNS topic to which stack-related events are published.

Outputs
Type: Array of AwsCloudFormationStackOutputsDetails structures

A list of output structures.

RoleArn
Type: string

The ARN of an IAM role that's associated with the stack.

StackId
Type: string

Unique identifier of the stack.

StackName
Type: string

The name associated with the stack.

StackStatus
Type: string

Current status of the stack.

StackStatusReason
Type: string

Success or failure message associated with the stack status.

TimeoutInMinutes
Type: int

The length of time, in minutes, that CloudFormation waits for the nested stack to reach the CREATE_COMPLETE state.

AwsCloudFormationStackDriftInformationDetails

Description

Provides information about the stack's conformity to its expected template configuration.

Members
StackDriftStatus
Type: string

Status of the stack's actual configuration compared to its expected template configuration.

AwsCloudFormationStackOutputsDetails

Description

Provides information about the CloudFormation stack output.

Members
Description
Type: string

A user-defined description associated with the output.

OutputKey
Type: string

The key associated with the output.

OutputValue
Type: string

The value associated with the output.

AwsCloudFrontDistributionCacheBehavior

Description

Information about a cache behavior for the distribution.

Members
ViewerProtocolPolicy
Type: string

The protocol that viewers can use to access the files in an origin. You can specify the following options:

  • allow-all - Viewers can use HTTP or HTTPS.

  • redirect-to-https - CloudFront responds to HTTP requests with an HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The viewer then uses the new URL to resubmit.

  • https-only - CloudFront responds to HTTP request with an HTTP status code of 403 (Forbidden).

AwsCloudFrontDistributionCacheBehaviors

Description

Provides information about caching for the CloudFront distribution.

Members
Items
Type: Array of AwsCloudFrontDistributionCacheBehavior structures

The cache behaviors for the distribution.

AwsCloudFrontDistributionDefaultCacheBehavior

Description

Contains information about the default cache configuration for the CloudFront distribution.

Members
ViewerProtocolPolicy
Type: string

The protocol that viewers can use to access the files in an origin. You can specify the following options:

  • allow-all - Viewers can use HTTP or HTTPS.

  • redirect-to-https - CloudFront responds to HTTP requests with an HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The viewer then uses the new URL to resubmit.

  • https-only - CloudFront responds to HTTP request with an HTTP status code of 403 (Forbidden).

AwsCloudFrontDistributionDetails

Description

A CloudFront distribution configuration.

Members
CacheBehaviors

Provides information about the cache configuration for the distribution.

DefaultCacheBehavior

The default cache behavior for the configuration.

DefaultRootObject
Type: string

The object that CloudFront sends in response to requests from the origin (for example, index.html) when a viewer requests the root URL for the distribution (http://www.example.com) instead of an object in your distribution (http://www.example.com/product-description.html).

DomainName
Type: string

The domain name corresponding to the distribution.

ETag
Type: string

The entity tag is a hash of the object.

LastModifiedTime
Type: string

Indicates when that the distribution was last modified.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Logging

A complex type that controls whether access logs are written for the distribution.

OriginGroups

Provides information about the origin groups in the distribution.

Origins

A complex type that contains information about origins for this distribution.

Status
Type: string

Indicates the current status of the distribution.

ViewerCertificate

Provides information about the TLS/SSL configuration that the distribution uses to communicate with viewers.

WebAclId
Type: string

A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution.

AwsCloudFrontDistributionLogging

Description

A complex type that controls whether access logs are written for the CloudFront distribution.

Members
Bucket
Type: string

The S3 bucket to store the access logs in.

Enabled
Type: boolean

With this field, you can enable or disable the selected distribution.

IncludeCookies
Type: boolean

Specifies whether you want CloudFront to include cookies in access logs.

Prefix
Type: string

An optional string that you want CloudFront to use as a prefix to the access log filenames for this distribution.

AwsCloudFrontDistributionOriginCustomOriginConfig

Description

A custom origin. A custom origin is any origin that is not an Amazon S3 bucket, with one exception. An Amazon S3 bucket that is configured with static website hosting is a custom origin.

Members
HttpPort
Type: int

The HTTP port that CloudFront uses to connect to the origin.

HttpsPort
Type: int

The HTTPS port that CloudFront uses to connect to the origin.

OriginKeepaliveTimeout
Type: int

Specifies how long, in seconds, CloudFront persists its connection to the origin.

OriginProtocolPolicy
Type: string

Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect to the origin.

OriginReadTimeout
Type: int

Specifies how long, in seconds, CloudFront waits for a response from the origin.

OriginSslProtocols

Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS.

AwsCloudFrontDistributionOriginGroup

Description

Information about an origin group for the CloudFront distribution.

Members
FailoverCriteria

Provides the criteria for an origin group to fail over.

AwsCloudFrontDistributionOriginGroupFailover

Description

Provides information about when an origin group fails over.

Members
StatusCodes

Information about the status codes that cause an origin group to fail over.

AwsCloudFrontDistributionOriginGroupFailoverStatusCodes

Description

The status codes that cause an origin group to fail over.

Members
Items
Type: Array of ints

The list of status code values that can cause a failover to the next origin.

Quantity
Type: int

The number of status codes that can cause a failover.

AwsCloudFrontDistributionOriginGroups

Description

Provides information about origin groups that are associated with the CloudFront distribution.

Members
Items
Type: Array of AwsCloudFrontDistributionOriginGroup structures

The list of origin groups.

AwsCloudFrontDistributionOriginItem

Description

A complex type that describes the Amazon S3 bucket, HTTP server (for example, a web server), Elemental MediaStore, or other server from which CloudFront gets your files.

Members
CustomOriginConfig

An origin that is not an Amazon S3 bucket, with one exception. If the Amazon S3 bucket is configured with static website hosting, use this attribute. If the Amazon S3 bucket is not configured with static website hosting, use the S3OriginConfig type instead.

DomainName
Type: string

Amazon S3 origins: The DNS name of the S3 bucket from which you want CloudFront to get objects for this origin.

Id
Type: string

A unique identifier for the origin or origin group.

OriginPath
Type: string

An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.

S3OriginConfig

An origin that is an S3 bucket that is not configured with static website hosting.

AwsCloudFrontDistributionOriginS3OriginConfig

Description

Information about an origin that is an Amazon S3 bucket that is not configured with static website hosting.

Members
OriginAccessIdentity
Type: string

The CloudFront origin access identity to associate with the origin.

AwsCloudFrontDistributionOriginSslProtocols

Description

A complex type that contains information about the SSL/TLS protocols that CloudFront can use when establishing an HTTPS connection with your origin.

Members
Items
Type: Array of strings

A list that contains allowed SSL/TLS protocols for this distribution.

Quantity
Type: int

The number of SSL/TLS protocols that you want to allow CloudFront to use when establishing an HTTPS connection with this origin.

AwsCloudFrontDistributionOrigins

Description

A complex type that contains information about origins and origin groups for this CloudFront distribution.

Members
Items
Type: Array of AwsCloudFrontDistributionOriginItem structures

A complex type that contains origins or origin groups for this distribution.

AwsCloudFrontDistributionViewerCertificate

Description

Provides information about the TLS/SSL configuration that the CloudFront distribution uses to communicate with viewers.

Members
AcmCertificateArn
Type: string

The ARN of the ACM certificate. Used if the certificate is stored in ACM. If you provide an ACM certificate ARN, you must also provide MinimumCertificateVersion and SslSupportMethod.

Certificate
Type: string

The identifier of the certificate. Note that in CloudFront, this attribute is deprecated.

CertificateSource
Type: string

The source of the certificate identified by Certificate. Note that in CloudFront, this attribute is deprecated.

CloudFrontDefaultCertificate
Type: boolean

Whether the distribution uses the CloudFront domain name. If set to false, then you provide either AcmCertificateArn or IamCertificateId.

IamCertificateId
Type: string

The identifier of the IAM certificate. Used if the certificate is stored in IAM. If you provide IamCertificateId, then you also must provide MinimumProtocolVersion and SslSupportMethod.

MinimumProtocolVersion
Type: string

The security policy that CloudFront uses for HTTPS connections with viewers. If SslSupportMethod is sni-only, then MinimumProtocolVersion must be TLSv1 or higher.

SslSupportMethod
Type: string

The viewers that the distribution accepts HTTPS connections from.

AwsCloudTrailTrailDetails

Description

Provides details about a CloudTrail trail.

Members
CloudWatchLogsLogGroupArn
Type: string

The ARN of the log group that CloudTrail logs are delivered to.

CloudWatchLogsRoleArn
Type: string

The ARN of the role that the CloudWatch Events endpoint assumes when it writes to the log group.

HasCustomEventSelectors
Type: boolean

Indicates whether the trail has custom event selectors.

HomeRegion
Type: string

The Region where the trail was created.

IncludeGlobalServiceEvents
Type: boolean

Indicates whether the trail publishes events from global services such as IAM to the log files.

IsMultiRegionTrail
Type: boolean

Indicates whether the trail applies only to the current Region or to all Regions.

IsOrganizationTrail
Type: boolean

Whether the trail is created for all accounts in an organization in Organizations, or only for the current Amazon Web Services account.

KmsKeyId
Type: string

The KMS key ID to use to encrypt the logs.

LogFileValidationEnabled
Type: boolean

Indicates whether CloudTrail log file validation is enabled.

Name
Type: string

The name of the trail.

S3BucketName
Type: string

The name of the S3 bucket where the log files are published.

S3KeyPrefix
Type: string

The S3 key prefix. The key prefix is added after the name of the S3 bucket where the log files are published.

SnsTopicArn
Type: string

The ARN of the SNS topic that is used for notifications of log file delivery.

SnsTopicName
Type: string

The name of the SNS topic that is used for notifications of log file delivery.

TrailArn
Type: string

The ARN of the trail.

AwsCloudWatchAlarmDetails

Description

Specifies an alarm and associates it with the specified metric or metric math expression.

Members
ActionsEnabled
Type: boolean

Indicates whether actions should be executed during any changes to the alarm state.

AlarmActions
Type: Array of strings

The list of actions, specified as Amazon Resource Names (ARNs) to execute when this alarm transitions into an ALARM state from any other state.

AlarmArn
Type: string

The ARN of the alarm.

AlarmConfigurationUpdatedTimestamp
Type: string

The time stamp of the last update to the alarm configuration.

AlarmDescription
Type: string

The description of the alarm.

AlarmName
Type: string

The name of the alarm. If you don't specify a name, CloudFront generates a unique physical ID and uses that ID for the alarm name.

ComparisonOperator
Type: string

The arithmetic operation to use when comparing the specified statistic and threshold. The specified statistic value is used as the first operand.

DatapointsToAlarm
Type: int

The number of datapoints that must be breaching to trigger the alarm.

Dimensions
Type: Array of AwsCloudWatchAlarmDimensionsDetails structures

The dimensions for the metric associated with the alarm.

EvaluateLowSampleCountPercentile
Type: string

Used only for alarms based on percentiles. If ignore, the alarm state does not change during periods with too few data points to be statistically significant. If evaluate or this parameter is not used, the alarm is always evaluated and possibly changes state no matter how many data points are available.

EvaluationPeriods
Type: int

The number of periods over which data is compared to the specified threshold.

ExtendedStatistic
Type: string

The percentile statistic for the metric associated with the alarm.

InsufficientDataActions
Type: Array of strings

The actions to execute when this alarm transitions to the INSUFFICIENT_DATA state from any other state. Each action is specified as an ARN.

MetricName
Type: string

The name of the metric associated with the alarm. This is required for an alarm based on a metric. For an alarm based on a math expression, you use Metrics instead and you can't specify MetricName.

Namespace
Type: string

The namespace of the metric associated with the alarm. This is required for an alarm based on a metric. For an alarm based on a math expression, you can't specify Namespace and you use Metrics instead.

OkActions
Type: Array of strings

The actions to execute when this alarm transitions to the OK state from any other state. Each action is specified as an ARN.

Period
Type: int

The period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric.

Statistic
Type: string

The statistic for the metric associated with the alarm, other than percentile. For percentile statistics, use ExtendedStatistic.

For an alarm based on a metric, you must specify either Statistic or ExtendedStatistic but not both.

For an alarm based on a math expression, you can't specify Statistic. Instead, you use Metrics.

Threshold
Type: double

The value to compare with the specified statistic.

ThresholdMetricId
Type: string

n an alarm based on an anomaly detection model, this is the ID of the ANOMALY_DETECTION_BAND function used as the threshold for the alarm.

TreatMissingData
Type: string

Sets how this alarm is to handle missing data points.

Unit
Type: string

The unit of the metric associated with the alarm.

AwsCloudWatchAlarmDimensionsDetails

Description

Details about the dimensions for the metric associated with the alarm.

Members
Name
Type: string

The name of a dimension.

Value
Type: string

The value of a dimension.

AwsCodeBuildProjectArtifactsDetails

Description

Information about the build artifacts for the CodeBuild project.

Members
ArtifactIdentifier
Type: string

An identifier for the artifact definition.

EncryptionDisabled
Type: boolean

Indicates whether to disable encryption on the artifact. Only valid when Type is S3.

Location
Type: string

Only used when Type is S3. The name of the S3 bucket where the artifact is located.

Name
Type: string

Only used when Type is S3. The name of the artifact. Used with NamepaceType and Path to determine the pattern for storing the artifact.

NamespaceType
Type: string

Only used when Type is S3. The value to use for the namespace. Used with Name and Path to determine the pattern for storing the artifact.

OverrideArtifactName
Type: boolean

Whether the name specified in the buildspec file overrides the artifact name.

Packaging
Type: string

Only used when Type is S3. The type of output artifact to create.

Path
Type: string

Only used when Type is S3. The path to the artifact. Used with Name and NamespaceType to determine the pattern for storing the artifact.

Type
Type: string

The type of build artifact.

AwsCodeBuildProjectDetails

Description

Information about an CodeBuild project.

Members
Artifacts
Type: Array of AwsCodeBuildProjectArtifactsDetails structures

Information about the build artifacts for the CodeBuild project.

EncryptionKey
Type: string

The KMS key used to encrypt the build output artifacts.

You can specify either the ARN of the KMS key or, if available, the KMS key alias (using the format alias/alias-name).

Environment

Information about the build environment for this build project.

LogsConfig

Information about logs for the build project.

Name
Type: string

The name of the build project.

SecondaryArtifacts
Type: Array of AwsCodeBuildProjectArtifactsDetails structures

Information about the secondary artifacts for the CodeBuild project.

ServiceRole
Type: string

The ARN of the IAM role that enables CodeBuild to interact with dependent Amazon Web Services services on behalf of the Amazon Web Services account.

Source
Type: AwsCodeBuildProjectSource structure

Information about the build input source code for this build project.

VpcConfig

Information about the VPC configuration that CodeBuild accesses.

AwsCodeBuildProjectEnvironment

Description

Information about the build environment for this build project.

Members
Certificate
Type: string

The certificate to use with this build project.

EnvironmentVariables

A set of environment variables to make available to builds for the build project.

ImagePullCredentialsType
Type: string

The type of credentials CodeBuild uses to pull images in your build.

Valid values:

  • CODEBUILD specifies that CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust the CodeBuild service principal.

  • SERVICE_ROLE specifies that CodeBuild uses your build project's service role.

When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an CodeBuild curated image, you must use CODEBUILD credentials.

PrivilegedMode
Type: boolean

Whether to allow the Docker daemon to run inside a Docker container. Set to true if the build project is used to build Docker images.

RegistryCredential

The credentials for access to a private registry.

Type
Type: string

The type of build environment to use for related builds.

The environment type ARM_CONTAINER is available only in Regions US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney), and Europe (Frankfurt).

The environment type LINUX_CONTAINER with compute type build.general1.2xlarge is available only in Regions US East (N. Virginia), US East (N. Virginia), US West (Oregon), Canada (Central), Europe (Ireland), Europe (London), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and China (Ningxia).

The environment type LINUX_GPU_CONTAINER is available only in Regions US East (N. Virginia), US East (N. Virginia), US West (Oregon), Canada (Central), Europe (Ireland), Europe (London), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing), and China (Ningxia).

Valid values: WINDOWS_CONTAINER | LINUX_CONTAINER | LINUX_GPU_CONTAINER | ARM_CONTAINER

AwsCodeBuildProjectEnvironmentEnvironmentVariablesDetails

Description

Information about an environment variable that is available to builds for the build project.

Members
Name
Type: string

The name of the environment variable.

Type
Type: string

The type of environment variable.

Value
Type: string

The value of the environment variable.

AwsCodeBuildProjectEnvironmentRegistryCredential

Description

The credentials for access to a private registry.

Members
Credential
Type: string

The ARN or name of credentials created using Secrets Manager.

The credential can use the name of the credentials only if they exist in your current Amazon Web Services Region.

CredentialProvider
Type: string

The service that created the credentials to access a private Docker registry.

The valid value, SECRETS_MANAGER, is for Secrets Manager.

AwsCodeBuildProjectLogsConfigCloudWatchLogsDetails

Description

Information about CloudWatch Logs for the build project.

Members
GroupName
Type: string

The group name of the logs in CloudWatch Logs.

Status
Type: string

The current status of the logs in CloudWatch Logs for a build project.

StreamName
Type: string

The prefix of the stream name of the CloudWatch Logs.

AwsCodeBuildProjectLogsConfigS3LogsDetails

Description

Information about logs built to an S3 bucket for a build project.

Members
EncryptionDisabled
Type: boolean

Whether to disable encryption of the S3 build log output.

Location
Type: string

The ARN of the S3 bucket and the path prefix for S3 logs.

Status
Type: string

The current status of the S3 build logs.

AwsCodeBuildProjectSource

Description

Information about the build input source code for this build project.

Members
GitCloneDepth
Type: int

Information about the Git clone depth for the build project.

InsecureSsl
Type: boolean

Whether to ignore SSL warnings while connecting to the project source code.

Location
Type: string

Information about the location of the source code to be built.

Valid values include:

  • For source code settings that are specified in the source action of a pipeline in CodePipeline, location should not be specified. If it is specified, CodePipeline ignores it. This is because CodePipeline uses the settings in a pipeline's source action instead of this value.

  • For source code in an CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the build spec file (for example, https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ).

  • For source code in an S3 input bucket, one of the following.

    • The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).

    • The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).

  • For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the build spec file.

  • For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the build spec file.

Type
Type: string

The type of repository that contains the source code to be built. Valid values are:

  • BITBUCKET - The source code is in a Bitbucket repository.

  • CODECOMMIT - The source code is in an CodeCommit repository.

  • CODEPIPELINE - The source code settings are specified in the source action of a pipeline in CodePipeline.

  • GITHUB - The source code is in a GitHub repository.

  • GITHUB_ENTERPRISE - The source code is in a GitHub Enterprise repository.

  • NO_SOURCE - The project does not have input source code.

  • S3 - The source code is in an S3 input bucket.

AwsCodeBuildProjectVpcConfig

Description

Information about the VPC configuration that CodeBuild accesses.

Members
SecurityGroupIds
Type: Array of strings

A list of one or more security group IDs in your VPC.

Subnets
Type: Array of strings

A list of one or more subnet IDs in your VPC.

VpcId
Type: string

The ID of the VPC.

AwsCorsConfiguration

Description

Contains the cross-origin resource sharing (CORS) configuration for the API. CORS is only supported for HTTP APIs.

Members
AllowCredentials
Type: boolean

Indicates whether the CORS request includes credentials.

AllowHeaders
Type: Array of strings

The allowed headers for CORS requests.

AllowMethods
Type: Array of strings

The allowed methods for CORS requests.

AllowOrigins
Type: Array of strings

The allowed origins for CORS requests.

ExposeHeaders
Type: Array of strings

The exposed headers for CORS requests.

MaxAge
Type: int

The number of seconds for which the browser caches preflight request results.

AwsDmsEndpointDetails

Description

Provides details about an Database Migration Service (DMS) endpoint. An endpoint provides connection, data store type, and location information about your data store.

Members
CertificateArn
Type: string

The Amazon Resource Name (ARN) for the SSL certificate that encrypts connections between the DMS endpoint and the replication instance.

DatabaseName
Type: string

The name of the endpoint database.

EndpointArn
Type: string

The Amazon Resource Name (ARN) of the endpoint.

EndpointIdentifier
Type: string

The database endpoint identifier.

EndpointType
Type: string

The type of endpoint. Valid values are source and target.

EngineName
Type: string

The type of engine for the endpoint, depending on the EndpointType value.

ExternalId
Type: string

A value that can be used for cross-account validation.

ExtraConnectionAttributes
Type: string

Additional attributes associated with the connection.

KmsKeyId
Type: string

An DMS key identifier that is used to encrypt the connection parameters for the endpoint. If you don't specify a value for the KmsKeyId parameter, then DMS uses your default encryption key. KMS creates the default encryption key for your Amazon Web Services account. Your Amazon Web Services account has a different default encryption key for each Amazon Web Services Region.

Port
Type: int

The port used to access the endpoint.

ServerName
Type: string

The name of the server where the endpoint database resides.

SslMode
Type: string

The SSL mode used to connect to the endpoint. The default is none.

Username
Type: string

The user name to be used to log in to the endpoint database.

AwsDmsReplicationInstanceDetails

Description

Provides details about an Database Migration Service (DMS) replication instance. DMS uses a replication instance to connect to your source data store, read the source data, and format the data for consumption by the target data store.

Members
AllocatedStorage
Type: int

The amount of storage (in gigabytes) that is allocated for the replication instance.

AutoMinorVersionUpgrade
Type: boolean

Indicates whether minor engine upgrades are applied automatically to the replication instance during the maintenance window.

AvailabilityZone
Type: string

The Availability Zone that the replication instance is created in. The default value is a random, system-chosen Availability Zone in the endpoint's Amazon Web Services Region, such as us-east-1d.

EngineVersion
Type: string

The engine version number of the replication instance. If an engine version number is not specified when a replication instance is created, the default is the latest engine version available.

KmsKeyId
Type: string

An KMS key identifier that is used to encrypt the data on the replication instance. If you don't specify a value for the KmsKeyId parameter, DMS uses your default encryption key. KMS creates the default encryption key for your Amazon Web Services account. Your Amazon Web Services account has a different default encryption key for each Amazon Web Services Region.

MultiAZ
Type: boolean

Specifies whether the replication instance is deployed across multiple Availability Zones (AZs). You can't set the AvailabilityZone parameter if the MultiAZ parameter is set to true.

PreferredMaintenanceWindow
Type: string

The maintenance window times for the replication instance. Upgrades to the replication instance are performed during this time.

PubliclyAccessible
Type: boolean

Specifies the accessibility options for the replication instance. A value of true represents an instance with a public IP address. A value of false represents an instance with a private IP address. The default value is true.

ReplicationInstanceClass
Type: string

The compute and memory capacity of the replication instance as defined for the specified replication instance class.

ReplicationInstanceIdentifier
Type: string

The replication instance identifier.

ReplicationSubnetGroup

The subnet group for the replication instance.

VpcSecurityGroups

The virtual private cloud (VPC) security group for the replication instance.

AwsDmsReplicationInstanceReplicationSubnetGroupDetails

Description

Provides details about the replication subnet group.

Members
ReplicationSubnetGroupIdentifier
Type: string

The identifier of the replication subnet group.

AwsDmsReplicationInstanceVpcSecurityGroupsDetails

Description

Provides details about the virtual private cloud (VPC) security group that’s associated with the replication instance.

Members
VpcSecurityGroupId
Type: string

The identifier of the VPC security group that’s associated with the replication instance.

AwsDmsReplicationTaskDetails

Description

Provides details about an Database Migration Service (DMS) replication task. A replication task moves a set of data from the source endpoint to the target endpoint.

Members
CdcStartPosition
Type: string

Indicates when you want a change data capture (CDC) operation to start. CCdcStartPosition or CCdcStartTime specifies when you want a CDC operation to start. Only a value for one of these fields is included.

CdcStartTime
Type: string

Indicates the start time for a CDC operation. CdcStartPosition or CCdcStartTime specifies when you want a CDC operation to start. Only a value for one of these fields is included.

CdcStopPosition
Type: string

Indicates when you want a CDC operation to stop. The value can be either server time or commit time.

Id
Type: string

The identifier of the replication task.

MigrationType
Type: string

The migration type.

ReplicationInstanceArn
Type: string

The Amazon Resource Name (ARN) of a replication instance.

ReplicationTaskIdentifier
Type: string

The user-defined replication task identifier or name.

ReplicationTaskSettings
Type: string

The settings for the replication task.

ResourceIdentifier
Type: string

A display name for the resource identifier at the end of the EndpointArn response parameter. If you don't specify a ResourceIdentifier value, DMS generates a default identifier value for the end of EndpointArn.

SourceEndpointArn
Type: string

The ARN of the source endpoint.

TableMappings
Type: string

The table mappings for the replication task, in JSON format.

TargetEndpointArn
Type: string

The ARN of the target endpoint.

TaskData
Type: string

Supplemental information that the task requires to migrate the data for certain source and target endpoints.

AwsDynamoDbTableAttributeDefinition

Description

Contains a definition of an attribute for the table.

Members
AttributeName
Type: string

The name of the attribute.

AttributeType
Type: string

The type of the attribute.

AwsDynamoDbTableBillingModeSummary

Description

Provides information about the billing for read/write capacity on the table.

Members
BillingMode
Type: string

The method used to charge for read and write throughput and to manage capacity.

LastUpdateToPayPerRequestDateTime
Type: string

If the billing mode is PAY_PER_REQUEST, indicates when the billing mode was set to that value.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

AwsDynamoDbTableDetails

Description

Provides details about a DynamoDB table.

Members
AttributeDefinitions
Type: Array of AwsDynamoDbTableAttributeDefinition structures

A list of attribute definitions for the table.

BillingModeSummary

Information about the billing for read/write capacity on the table.

CreationDateTime
Type: string

Indicates when the table was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

DeletionProtectionEnabled
Type: boolean

Indicates whether deletion protection is to be enabled (true) or disabled (false) on the table.

GlobalSecondaryIndexes
Type: Array of AwsDynamoDbTableGlobalSecondaryIndex structures

List of global secondary indexes for the table.

GlobalTableVersion
Type: string

The version of global tables being used.

ItemCount
Type: int

The number of items in the table.

KeySchema
Type: Array of AwsDynamoDbTableKeySchema structures

The primary key structure for the table.

LatestStreamArn
Type: string

The ARN of the latest stream for the table.

LatestStreamLabel
Type: string

The label of the latest stream. The label is not a unique identifier.

LocalSecondaryIndexes
Type: Array of AwsDynamoDbTableLocalSecondaryIndex structures

The list of local secondary indexes for the table.

ProvisionedThroughput

Information about the provisioned throughput for the table.

Replicas
Type: Array of AwsDynamoDbTableReplica structures

The list of replicas of this table.

RestoreSummary

Information about the restore for the table.

SseDescription

Information about the server-side encryption for the table.

StreamSpecification

The current DynamoDB Streams configuration for the table.

TableId
Type: string

The identifier of the table.

TableName
Type: string

The name of the table.

TableSizeBytes
Type: long (int|float)

The total size of the table in bytes.

TableStatus
Type: string

The current status of the table. Valid values are as follows:

  • ACTIVE

  • ARCHIVED

  • ARCHIVING

  • CREATING

  • DELETING

  • INACCESSIBLE_ENCRYPTION_CREDENTIALS

  • UPDATING

AwsDynamoDbTableGlobalSecondaryIndex

Description

Information abut a global secondary index for the table.

Members
Backfilling
Type: boolean

Whether the index is currently backfilling.

IndexArn
Type: string

The ARN of the index.

IndexName
Type: string

The name of the index.

IndexSizeBytes
Type: long (int|float)

The total size in bytes of the index.

IndexStatus
Type: string

The current status of the index.

  • ACTIVE

  • CREATING

  • DELETING

  • UPDATING

ItemCount
Type: int

The number of items in the index.

KeySchema
Type: Array of AwsDynamoDbTableKeySchema structures

The key schema for the index.

Projection
Type: AwsDynamoDbTableProjection structure

Attributes that are copied from the table into an index.

ProvisionedThroughput

Information about the provisioned throughput settings for the indexes.

AwsDynamoDbTableKeySchema

Description

A component of the key schema for the DynamoDB table, a global secondary index, or a local secondary index.

Members
AttributeName
Type: string

The name of the key schema attribute.

KeyType
Type: string

The type of key used for the key schema attribute. Valid values are HASH or RANGE.

AwsDynamoDbTableLocalSecondaryIndex

Description

Information about a local secondary index for a DynamoDB table.

Members
IndexArn
Type: string

The ARN of the index.

IndexName
Type: string

The name of the index.

KeySchema
Type: Array of AwsDynamoDbTableKeySchema structures

The complete key schema for the index.

Projection
Type: AwsDynamoDbTableProjection structure

Attributes that are copied from the table into the index. These are in addition to the primary key attributes and index key attributes, which are automatically projected.

AwsDynamoDbTableProjection

Description

For global and local secondary indexes, identifies the attributes that are copied from the table into the index.

Members
NonKeyAttributes
Type: Array of strings

The nonkey attributes that are projected into the index. For each attribute, provide the attribute name.

ProjectionType
Type: string

The types of attributes that are projected into the index. Valid values are as follows:

  • ALL

  • INCLUDE

  • KEYS_ONLY

AwsDynamoDbTableProvisionedThroughput

Description

Information about the provisioned throughput for the table or for a global secondary index.

Members
LastDecreaseDateTime
Type: string

Indicates when the provisioned throughput was last decreased.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

LastIncreaseDateTime
Type: string

Indicates when the provisioned throughput was last increased.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

NumberOfDecreasesToday
Type: int

The number of times during the current UTC calendar day that the provisioned throughput was decreased.

ReadCapacityUnits
Type: int

The maximum number of strongly consistent reads consumed per second before DynamoDB returns a ThrottlingException.

WriteCapacityUnits
Type: int

The maximum number of writes consumed per second before DynamoDB returns a ThrottlingException.

AwsDynamoDbTableProvisionedThroughputOverride

Description

Replica-specific configuration for the provisioned throughput.

Members
ReadCapacityUnits
Type: int

The read capacity units for the replica.

AwsDynamoDbTableReplica

Description

Information about a replica of a DynamoDB table.

Members
GlobalSecondaryIndexes

List of global secondary indexes for the replica.

KmsMasterKeyId
Type: string

The identifier of the KMS key that will be used for KMS encryption for the replica.

ProvisionedThroughputOverride

Replica-specific configuration for the provisioned throughput.

RegionName
Type: string

The name of the Region where the replica is located.

ReplicaStatus
Type: string

The current status of the replica. Valid values are as follows:

  • ACTIVE

  • CREATING

  • CREATION_FAILED

  • DELETING

  • UPDATING

ReplicaStatusDescription
Type: string

Detailed information about the replica status.

AwsDynamoDbTableReplicaGlobalSecondaryIndex

Description

Information about a global secondary index for a DynamoDB table replica.

Members
IndexName
Type: string

The name of the index.

ProvisionedThroughputOverride

Replica-specific configuration for the provisioned throughput for the index.

AwsDynamoDbTableRestoreSummary

Description

Information about the restore for the table.

Members
RestoreDateTime
Type: string

Indicates the point in time that the table was restored to.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

RestoreInProgress
Type: boolean

Whether a restore is currently in progress.

SourceBackupArn
Type: string

The ARN of the source backup from which the table was restored.

SourceTableArn
Type: string

The ARN of the source table for the backup.

AwsDynamoDbTableSseDescription

Description

Information about the server-side encryption for the table.

Members
InaccessibleEncryptionDateTime
Type: string

If the key is inaccessible, the date and time when DynamoDB detected that the key was inaccessible.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

KmsMasterKeyArn
Type: string

The ARN of the KMS key that is used for the KMS encryption.

SseType
Type: string

The type of server-side encryption.

Status
Type: string

The status of the server-side encryption.

AwsDynamoDbTableStreamSpecification

Description

The current DynamoDB Streams configuration for the table.

Members
StreamEnabled
Type: boolean

Indicates whether DynamoDB Streams is enabled on the table.

StreamViewType
Type: string

Determines the information that is written to the table.

AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails

Description

Provides details about an Active Directory that’s used to authenticate an Client VPN endpoint.

Members
DirectoryId
Type: string

The ID of the Active Directory used for authentication.

AwsEc2ClientVpnEndpointAuthenticationOptionsDetails

Description

Information about the authentication method used by the Client VPN endpoint.

Members
ActiveDirectory

Information about the Active Directory, if applicable. With Active Directory authentication, clients are authenticated against existing Active Directory groups.

FederatedAuthentication

Information about the IAM SAML identity provider, if applicable.

MutualAuthentication

Information about the authentication certificates, if applicable.

Type
Type: string

The authentication type used.

AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails

Description

Describes the IAM SAML identity providers used for federated authentication.

Members
SamlProviderArn
Type: string

The Amazon Resource Name (ARN) of the IAM SAML identity provider.

SelfServiceSamlProviderArn
Type: string

The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal.

AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails

Description

Information about the client certificate used for authentication.

Members
ClientRootCertificateChain
Type: string

The Amazon Resource Name (ARN) of the client certificate.

AwsEc2ClientVpnEndpointClientConnectOptionsDetails

Description

The options for managing connection authorization for new client connections.

Members
Enabled
Type: boolean

Indicates whether client connect options are enabled.

LambdaFunctionArn
Type: string

The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

Status

The status of any updates to the client connect options.

AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails

Description

Describes the status of the Client VPN endpoint attribute.

Members
Code
Type: string

The status code.

Message
Type: string

The status message.

AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails

Description

Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

Members
BannerText
Type: string

Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established.

Enabled
Type: boolean

Current state of text banner feature.

AwsEc2ClientVpnEndpointConnectionLogOptionsDetails

Description

Information about the client connection logging options for the Client VPN endpoint.

Members
CloudwatchLogGroup
Type: string

The name of the Amazon CloudWatch Logs log group to which connection logging data is published.

CloudwatchLogStream
Type: string

The name of the Amazon CloudWatch Logs log stream to which connection logging data is published.

Enabled
Type: boolean

Indicates whether client connection logging is enabled for the Client VPN endpoint.

AwsEc2ClientVpnEndpointDetails

Description

Describes an Client VPN endpoint. A Client VPN endpoint is the resource that you create and configure to enable and manage client VPN sessions. It's the termination point for all client VPN sessions.

Members
AuthenticationOptions

Information about the authentication method used by the Client VPN endpoint.

ClientCidrBlock
Type: string

The IPv4 address range, in CIDR notation, from which client IP addresses are assigned.

ClientConnectOptions

The options for managing connection authorization for new client connections.

ClientLoginBannerOptions

Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.

ClientVpnEndpointId
Type: string

The ID of the Client VPN endpoint.

ConnectionLogOptions

Information about the client connection logging options for the Client VPN endpoint.

Description
Type: string

A brief description of the endpoint.

DnsServer
Type: Array of strings

Information about the DNS servers to be used for DNS resolution.

SecurityGroupIdSet
Type: Array of strings

The IDs of the security groups for the target network.

SelfServicePortalUrl
Type: string

The URL of the self-service portal.

ServerCertificateArn
Type: string

The Amazon Resource Name (ARN) of the server certificate.

SessionTimeoutHours
Type: int

The maximum VPN session duration time in hours.

SplitTunnel
Type: boolean

Indicates whether split-tunnel is enabled in the Client VPN endpoint.

TransportProtocol
Type: string

The transport protocol used by the Client VPN endpoint.

VpcId
Type: string

The ID of the VPC.

VpnPort
Type: int

The port number for the Client VPN endpoint.

AwsEc2EipDetails

Description

Information about an Elastic IP address.

Members
AllocationId
Type: string

The identifier that Amazon Web Services assigns to represent the allocation of the Elastic IP address for use with Amazon VPC.

AssociationId
Type: string

The identifier that represents the association of the Elastic IP address with an EC2 instance.

Domain
Type: string

The domain in which to allocate the address.

If the address is for use with EC2 instances in a VPC, then Domain is vpc. Otherwise, Domain is standard.

InstanceId
Type: string

The identifier of the EC2 instance.

NetworkBorderGroup
Type: string

The name of the location from which the Elastic IP address is advertised.

NetworkInterfaceId
Type: string

The identifier of the network interface.

NetworkInterfaceOwnerId
Type: string

The Amazon Web Services account ID of the owner of the network interface.

PrivateIpAddress
Type: string

The private IP address that is associated with the Elastic IP address.

PublicIp
Type: string

A public IP address that is associated with the EC2 instance.

PublicIpv4Pool
Type: string

The identifier of an IP address pool. This parameter allows Amazon EC2 to select an IP address from the address pool.

AwsEc2InstanceDetails

Description

The details of an Amazon EC2 instance.

Members
IamInstanceProfileArn
Type: string

The IAM profile ARN of the instance.

ImageId
Type: string

The Amazon Machine Image (AMI) ID of the instance.

IpV4Addresses
Type: Array of strings

The IPv4 addresses associated with the instance.

IpV6Addresses
Type: Array of strings

The IPv6 addresses associated with the instance.

KeyName
Type: string

The key name associated with the instance.

LaunchedAt
Type: string

Indicates when the instance was launched.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

MetadataOptions

Details about the metadata options for the Amazon EC2 instance.

Monitoring

Describes the type of monitoring that’s turned on for an instance.

NetworkInterfaces
Type: Array of AwsEc2InstanceNetworkInterfacesDetails structures

The identifiers of the network interfaces for the EC2 instance. The details for each network interface are in a corresponding AwsEc2NetworkInterfacesDetails object.

SubnetId
Type: string

The identifier of the subnet that the instance was launched in.

Type
Type: string

The instance type of the instance.

VirtualizationType
Type: string

The virtualization type of the Amazon Machine Image (AMI) required to launch the instance.

VpcId
Type: string

The identifier of the VPC that the instance was launched in.

AwsEc2InstanceMetadataOptions

Description

Metadata options that allow you to configure and secure the Amazon EC2 instance.

Members
HttpEndpoint
Type: string

Enables or disables the HTTP metadata endpoint on the instance.

HttpProtocolIpv6
Type: string

Enables or disables the IPv6 endpoint for the instance metadata service.

HttpPutResponseHopLimit
Type: int

The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.

HttpTokens
Type: string

The state of token usage for your instance metadata requests.

InstanceMetadataTags
Type: string

Specifies whether to allow access to instance tags from the instance metadata.

AwsEc2InstanceMonitoringDetails

Description

The type of monitoring that’s turned on for an Amazon EC2 instance.

Members
State
Type: string

Indicates whether detailed monitoring is turned on. Otherwise, basic monitoring is turned on.

AwsEc2InstanceNetworkInterfacesDetails

Description

Identifies a network interface for the Amazon EC2 instance.

Members
NetworkInterfaceId
Type: string

The identifier of the network interface. The details are in a corresponding AwsEc2NetworkInterfacesDetails object.

AwsEc2LaunchTemplateDataBlockDeviceMappingSetDetails

Description

Information about a block device mapping for an Amazon Elastic Compute Cloud (Amazon EC2) launch template.

Members
DeviceName
Type: string

The device name.

Ebs

Parameters used to automatically set up Amazon EBS volumes when the instance is launched.

NoDevice
Type: string

Omits the device from the block device mapping when an empty string is specified.

VirtualName
Type: string

The virtual device name (ephemeralN). Instance store volumes are numbered starting from 0. An instance type with 2 available instance store volumes can specify mappings for ephemeral0 and ephemeral1. The number of available instance store volumes depends on the instance type.

AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails

Description

Parameters for a block device for an Amazon Elastic Block Store (Amazon EBS) volume in an Amazon EC2 launch template.

Members
DeleteOnTermination
Type: boolean

Indicates whether the EBS volume is deleted on instance termination.

Encrypted
Type: boolean

Indicates whether the EBS volume is encrypted. Encrypted volumes can only be attached to instances that support Amazon EBS encryption. If you're creating a volume from a snapshot, you can't specify an encryption value.

Iops
Type: int

The number of I/O operations per second (IOPS).

KmsKeyId
Type: string

The Amazon Resource Name (ARN) of the symmetric Key Management Service (KMS) customer managed key used for encryption.

SnapshotId
Type: string

The ID of the EBS snapshot.

Throughput
Type: int

The throughput to provision for a gp3 volume, with a maximum of 1,000 MiB/s.

VolumeSize
Type: int

The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size.

VolumeType
Type: string

The volume type.

AwsEc2LaunchTemplateDataCapacityReservationSpecificationCapacityReservationTargetDetails

Description

Information about the target Capacity Reservation or Capacity Reservation group in which to run an Amazon EC2 instance.

Members
CapacityReservationId
Type: string

The ID of the Capacity Reservation in which to run the instance.

CapacityReservationResourceGroupArn
Type: string

The Amazon Resource Name (ARN) of the Capacity Reservation resource group in which to run the instance.

AwsEc2LaunchTemplateDataCapacityReservationSpecificationDetails

Description

Specifies the Capacity Reservation targeting option of an Amazon EC2 instance.

Members
CapacityReservationPreference
Type: string

Indicates the instance's Capacity Reservation preferences. If equal to open, the instance can run in any open Capacity Reservation that has matching attributes (instance type, platform, Availability Zone). If equal to none, the instance avoids running in a Capacity Reservation even if one is available. The instance runs in On-Demand capacity.

CapacityReservationTarget

Specifies a target Capacity Reservation.

AwsEc2LaunchTemplateDataCpuOptionsDetails

Description

Specifies the CPU options for an Amazon EC2 instance. For more information, see Optimize CPU options in the Amazon Elastic Compute Cloud User Guide.

Members
CoreCount
Type: int

The number of CPU cores for the instance.

ThreadsPerCore
Type: int

The number of threads per CPU core. A value of 1 disables multithreading for the instance, The default value is 2.

AwsEc2LaunchTemplateDataCreditSpecificationDetails

Description

Specifies the credit option for CPU usage of a T2, T3, or T3a Amazon EC2 instance.

Members
CpuCredits
Type: string

The credit option for CPU usage of a T instance.

AwsEc2LaunchTemplateDataDetails

Description

The information to include in an Amazon Elastic Compute Cloud (Amazon EC2) launch template.

Members
BlockDeviceMappingSet

Information about a block device mapping for an Amazon EC2 launch template.

CapacityReservationSpecification

Specifies an instance's Capacity Reservation targeting option. You can specify only one option at a time.

CpuOptions

Specifies the CPU options for an instance. For more information, see Optimize CPU options in the Amazon Elastic Compute Cloud User Guide.

CreditSpecification

Specifies the credit option for CPU usage of a T2, T3, or T3a instance.

DisableApiStop
Type: boolean

Indicates whether to enable the instance for stop protection. For more information, see Enable stop protection in the Amazon EC2 User Guide.

DisableApiTermination
Type: boolean

If you set this parameter to true, you can't terminate the instance using the Amazon EC2 console, CLI, or API. If set to true, you can.

EbsOptimized
Type: boolean

Indicates whether the instance is optimized for Amazon EBS I/O.

ElasticGpuSpecificationSet

Provides details about Elastic Graphics accelerators to associate with the instance.

ElasticInferenceAcceleratorSet

The Amazon Elastic Inference accelerator for the instance.

EnclaveOptions

Indicates whether the Amazon EC2 instance is enabled for Amazon Web Services Nitro Enclaves.

HibernationOptions

Specifies whether your Amazon EC2 instance is configured for hibernation.

IamInstanceProfile

The name or Amazon Resource Name (ARN) of an IAM instance profile.

ImageId
Type: string

The ID of the Amazon Machine Image (AMI).

InstanceInitiatedShutdownBehavior
Type: string

Provides the options for specifying the instance initiated shutdown behavior.

InstanceMarketOptions

Specifies the market (purchasing) option for an instance.

InstanceRequirements

The attributes for the instance types. When you specify instance attributes, Amazon EC2 will identify instance types with these attributes. If you specify InstanceRequirements, you can't specify InstanceType.

InstanceType
Type: string

The instance type. For more information, see Instance types in the Amazon EC2 User Guide. If you specify InstanceType, you can't specify InstanceRequirements.

KernelId
Type: string

The ID of the kernel.

KeyName
Type: string

The name of the key pair that allows users to connect to the instance.

LicenseSet
Type: Array of AwsEc2LaunchTemplateDataLicenseSetDetails structures

Specifies a license configuration for an instance.

MaintenanceOptions

The maintenance options of your instance.

MetadataOptions

The metadata options for the instance. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.

Monitoring

The monitoring for the instance.

NetworkInterfaceSet

Specifies the parameters for a network interface that is attached to the instance.

Placement

Specifies the placement of an instance.

PrivateDnsNameOptions

The options for the instance hostname.

RamDiskId
Type: string

The ID of the RAM disk.

SecurityGroupIdSet
Type: Array of strings

One or more security group IDs.

SecurityGroupSet
Type: Array of strings

One or more security group names. For a nondefault VPC, you must use security group IDs instead. You cannot specify both a security group ID and security name in the same request.

UserData
Type: string

The user data to make available to the instance.

AwsEc2LaunchTemplateDataElasticGpuSpecificationSetDetails

Description

Provides details about an Elastic Graphics specification for an Amazon EC2 launch template.

Members
Type
Type: string

The type of Elastic Graphics accelerator.

AwsEc2LaunchTemplateDataElasticInferenceAcceleratorSetDetails

Description

Provides details for an Amazon Elastic Inference accelerator.

Members
Count
Type: int

The number of Elastic Inference accelerators to attach to the instance.

Type
Type: string

The type of Elastic Inference accelerator.

AwsEc2LaunchTemplateDataEnclaveOptionsDetails

Description

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.

Members
Enabled
Type: boolean

If this parameter is set to true, the instance is enabled for Amazon Web Services Nitro Enclaves.

AwsEc2LaunchTemplateDataHibernationOptionsDetails

Description

Specifies whether your Amazon EC2 instance is configured for hibernation.

Members
Configured
Type: boolean

If you set this parameter to true, the instance is enabled for hibernation.

AwsEc2LaunchTemplateDataIamInstanceProfileDetails

Description

Provides details for an Identity and Access Management (IAM) instance profile, which is a container for an IAM role for your instance.

Members
Arn
Type: string

The Amazon Resource Name (ARN) of the instance profile.

Name
Type: string

The name of the instance profile.

AwsEc2LaunchTemplateDataInstanceMarketOptionsDetails

Description

Provides details about the market (purchasing) option for an Amazon EC2 instance.

Members
MarketType
Type: string

The market type.

SpotOptions

The options for Spot Instances.

AwsEc2LaunchTemplateDataInstanceMarketOptionsSpotOptionsDetails

Description

Provides details about the market (purchasing) options for Spot Instances.

Members
BlockDurationMinutes
Type: int

Deprecated.

InstanceInterruptionBehavior
Type: string

The behavior when a Spot Instance is interrupted.

MaxPrice
Type: string

The maximum hourly price you're willing to pay for the Spot Instances.

SpotInstanceType
Type: string

The Spot Instance request type.

ValidUntil
Type: string

The end date of the request, in UTC format (YYYY-MM-DDTHH:MM:SSZ), for persistent requests.

AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorCountDetails

Description

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an Amazon EC2 instance.

Members
Max
Type: int

The maximum number of accelerators. If this parameter isn't specified, there's no maximum limit. To exclude accelerator-enabled instance types, set Max to 0.

Min
Type: int

The minimum number of accelerators. If this parameter isn't specified, there's no minimum limit.

AwsEc2LaunchTemplateDataInstanceRequirementsAcceleratorTotalMemoryMiBDetails

Description

The minimum and maximum amount of memory, in MiB, for the accelerators on an Amazon EC2 instance.

Members
Max
Type: int

The maximum amount of memory, in MiB. If this parameter isn't specified, there's no maximum limit.

Min
Type: int

The minimum amount of memory, in MiB. If 0 is specified, there's no maximum limit.

AwsEc2LaunchTemplateDataInstanceRequirementsBaselineEbsBandwidthMbpsDetails

Description

The minimum and maximum baseline bandwidth to Amazon Elastic Block Store (Amazon EBS), in Mbps. For more information, see Amazon EBS–optimized instances in the Amazon EC2 User Guide.

Members
Max
Type: int

The maximum baseline bandwidth, in Mbps. If this parameter is omitted, there's no maximum limit.

Min
Type: int

The minimum baseline bandwidth, in Mbps. If this parameter is omitted, there's no minimum limit.

AwsEc2LaunchTemplateDataInstanceRequirementsDetails

Description

The attributes for the Amazon EC2 instance types.

Members
AcceleratorCount

The minimum and maximum number of accelerators (GPUs, FPGAs, or Amazon Web Services Inferentia chips) on an instance.

AcceleratorManufacturers
Type: Array of strings

Indicates whether instance types must have accelerators by specific manufacturers.

AcceleratorNames
Type: Array of strings

The accelerators that must be on the instance type.

AcceleratorTotalMemoryMiB

The minimum and maximum amount of total accelerator memory, in MiB.

AcceleratorTypes
Type: Array of strings

The accelerator types that must be on the instance type.

BareMetal
Type: string

Indicates whether bare metal instance types must be included, excluded, or required.

BaselineEbsBandwidthMbps

The minimum and maximum baseline bandwidth to Amazon EBS, in Mbps. For more information, see Amazon EBS optimized instances in the Amazon EC2 User Guide.

BurstablePerformance
Type: string

Indicates whether burstable performance T instance types are included, excluded, or required. For more information, Burstable performance instances in the Amazon EC2 User Guide.

CpuManufacturers
Type: Array of strings

The CPU manufacturers to include.

ExcludedInstanceTypes
Type: Array of strings

The instance types to exclude.

InstanceGenerations
Type: Array of strings

Indicates whether current or previous generation instance types are included.

LocalStorage
Type: string

Indicates whether instance types with instance store volumes are included, excluded, or required. For more information, see Amazon EC2 instance store in the Amazon EC2 User Guide.

LocalStorageTypes
Type: Array of strings

The type of local storage that is required.

MemoryGiBPerVCpu

The minimum and maximum amount of memory per vCPU, in GiB.

MemoryMiB

The minimum and maximum amount of memory, in MiB.

NetworkInterfaceCount

The minimum and maximum number of network interfaces.

OnDemandMaxPricePercentageOverLowestPrice
Type: int

The price protection threshold for On-Demand Instances. This is the maximum you'll pay for an On-Demand Instance, expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.

The parameter accepts an integer, which Amazon EC2 interprets as a percentage.

A high value, such as 999999, turns off price protection.

RequireHibernateSupport
Type: boolean

Indicates whether instance types must support hibernation for On-Demand Instances.

SpotMaxPricePercentageOverLowestPrice
Type: int

The price protection threshold for Spot Instances. This is the maximum you'll pay for a Spot Instance, expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance types priced above your threshold.

The parameter accepts an integer, which Amazon EC2 interprets as a percentage.

A high value, such as 999999, turns off price protection.

TotalLocalStorageGB

The minimum and maximum amount of total local storage, in GB.

VCpuCount

The minimum and maximum number of vCPUs.

AwsEc2LaunchTemplateDataInstanceRequirementsMemoryGiBPerVCpuDetails

Description

The minimum and maximum amount of memory per vCPU, in GiB.

Members
Max
Type: double

The maximum amount of memory per vCPU, in GiB. If this parameter is omitted, there's no maximum limit.

Min
Type: double

The minimum amount of memory per vCPU, in GiB. If this parameter is omitted, there's no maximum limit.

AwsEc2LaunchTemplateDataInstanceRequirementsMemoryMiBDetails

Description

The minimum and maximum amount of memory, in MiB, for an Amazon EC2 instance.

Members
Max
Type: int

The maximum amount of memory, in MiB.

Min
Type: int

The minimum amount of memory, in MiB.

AwsEc2LaunchTemplateDataInstanceRequirementsNetworkInterfaceCountDetails

Description

The minimum and maximum number of network interfaces to be attached to an Amazon EC2 instance.

Members
Max
Type: int

The maximum number of network interfaces.

Min
Type: int

The minimum number of network interfaces.

AwsEc2LaunchTemplateDataInstanceRequirementsTotalLocalStorageGBDetails

Description

The minimum and maximum amount of total local storage, in GB, that an Amazon EC2 instance uses.

Members
Max
Type: double

The maximum amount of total local storage, in GB.

Min
Type: double

The minimum amount of total local storage, in GB.

AwsEc2LaunchTemplateDataInstanceRequirementsVCpuCountDetails

Description

The minimum and maximum number of vCPUs for an Amazon EC2 instance.

Members
Max
Type: int

The maximum number of vCPUs.

Min
Type: int

The minimum number of vCPUs.

AwsEc2LaunchTemplateDataLicenseSetDetails

Description

Provides details about the license configuration for an Amazon EC2 instance.

Members
LicenseConfigurationArn
Type: string

The Amazon Resource Name (ARN) of the license configuration.

AwsEc2LaunchTemplateDataMaintenanceOptionsDetails

Description

The maintenance options of an Amazon EC2 instance.

Members
AutoRecovery
Type: string

Disables the automatic recovery behavior of your instance or sets it to default.

AwsEc2LaunchTemplateDataMetadataOptionsDetails

Description

Specifies the metadata options for an Amazon EC2 instance.

Members
HttpEndpoint
Type: string

Enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is enabled, and you won't be able to access your instance metadata.

HttpProtocolIpv6
Type: string

Enables or disables the IPv6 endpoint for the instance metadata service.

HttpPutResponseHopLimit
Type: int

The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.

HttpTokens
Type: string

The state of token usage for your instance metadata requests.

InstanceMetadataTags
Type: string

When set to enabled, this parameter allows access to instance tags from the instance metadata. When set to disabled, it turns off access to instance tags from the instance metadata. For more information, see Work with instance tags in instance metadata in the Amazon EC2 User Guide.

AwsEc2LaunchTemplateDataMonitoringDetails

Description

The monitoring for an Amazon EC2 instance.

Members
Enabled
Type: boolean

Enables detailed monitoring when true is specified. Otherwise, basic monitoring is enabled. For more information about detailed monitoring, see Enable or turn off detailed monitoring for your instances in the Amazon EC2 User Guide.

AwsEc2LaunchTemplateDataNetworkInterfaceSetDetails

Description

One or more network interfaces to attach to an Amazon EC2 instance. If you specify a network interface, you must specify security groups and subnets as part of the network interface.

Members
AssociateCarrierIpAddress
Type: boolean

Indicates whether to associate a Carrier IP address with eth0 for a new network interface. You use this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. For more information, see Carrier IP address in the Wavelength Developer Guide.

AssociatePublicIpAddress
Type: boolean

Associates a public IPv4 address with eth0 for a new network interface.

DeleteOnTermination
Type: boolean

Indicates whether the network interface is deleted when the instance is terminated.

Description
Type: string

A description for the network interface.

DeviceIndex
Type: int

The device index for the network interface attachment.

Groups
Type: Array of strings

The IDs of one or more security groups.

InterfaceType
Type: string

The type of network interface.

Ipv4PrefixCount
Type: int

The number of IPv4 prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv4Prefixes option.

Ipv4Prefixes

One or more IPv4 prefixes to be assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.

Ipv6AddressCount
Type: int

The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can't use this option if you use Ipv6Addresses.

Ipv6Addresses

One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can't use this option if you use Ipv6AddressCount.

Ipv6PrefixCount
Type: int

The number of IPv6 prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv6Prefix option.

Ipv6Prefixes

One or more IPv6 prefixes to be assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.

NetworkCardIndex
Type: int

The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0.

NetworkInterfaceId
Type: string

The ID of the network interface.

PrivateIpAddress
Type: string

The primary private IPv4 address of the network interface.

PrivateIpAddresses

One or more private IPv4 addresses.

SecondaryPrivateIpAddressCount
Type: int

The number of secondary private IPv4 addresses to assign to a network interface.

SubnetId
Type: string

The ID of the subnet for the network interface.

AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv4PrefixesDetails

Description

Provides details on one or more IPv4 prefixes for a network interface.

Members
Ipv4Prefix
Type: string

The IPv4 prefix. For more information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.

AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6AddressesDetails

Description

Specifies an IPv6 address in an Amazon EC2 launch template.

Members
Ipv6Address
Type: string

One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet.

AwsEc2LaunchTemplateDataNetworkInterfaceSetIpv6PrefixesDetails

Description

Provides details on one or more IPv6 prefixes to be assigned to the network interface.

Members
Ipv6Prefix
Type: string

The IPv6 prefix.

AwsEc2LaunchTemplateDataNetworkInterfaceSetPrivateIpAddressesDetails

Description

One or more private IPv4 addresses.

Members
Primary
Type: boolean

Indicates whether the private IPv4 address is the primary private IPv4 address. Only one IPv4 address can be designated as primary.

PrivateIpAddress
Type: string

The private IPv4 address.

AwsEc2LaunchTemplateDataPlacementDetails

Description

Provides details about the placement of an Amazon EC2 instance.

Members
Affinity
Type: string

The affinity setting for an instance on an EC2 Dedicated Host.

AvailabilityZone
Type: string

The Availability Zone for the instance.

GroupName
Type: string

The name of the placement group for the instance.

HostId
Type: string

The ID of the Dedicated Host for the instance.

HostResourceGroupArn
Type: string

The Amazon Resource Name (ARN) of the host resource group in which to launch the instances.

PartitionNumber
Type: int

The number of the partition the instance should launch in.

SpreadDomain
Type: string

Reserved for future use.

Tenancy
Type: string

The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware.

AwsEc2LaunchTemplateDataPrivateDnsNameOptionsDetails

Description

Describes the options for Amazon EC2 instance hostnames.

Members
EnableResourceNameDnsAAAARecord
Type: boolean

Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.

EnableResourceNameDnsARecord
Type: boolean

Indicates whether to respond to DNS queries for instance hostnames with DNS A records.

HostnameType
Type: string

The type of hostname for EC2 instances.

AwsEc2LaunchTemplateDetails

Description

Specifies the properties for creating an Amazon Elastic Compute Cloud (Amazon EC2) launch template.

Members
DefaultVersionNumber
Type: long (int|float)

The default version of the launch template.

Id
Type: string

An ID for the launch template.

LatestVersionNumber
Type: long (int|float)

The latest version of the launch template.

LaunchTemplateData

The information to include in the launch template.

LaunchTemplateName
Type: string

A name for the launch template.

AwsEc2NetworkAclAssociation

Description

An association between the network ACL and a subnet.

Members
NetworkAclAssociationId
Type: string

The identifier of the association between the network ACL and the subnet.

NetworkAclId
Type: string

The identifier of the network ACL.

SubnetId
Type: string

The identifier of the subnet that is associated with the network ACL.

AwsEc2NetworkAclDetails

Description

Contains details about an Amazon EC2 network access control list (ACL).

Members
Associations
Type: Array of AwsEc2NetworkAclAssociation structures

Associations between the network ACL and subnets.

Entries
Type: Array of AwsEc2NetworkAclEntry structures

The set of rules in the network ACL.

IsDefault
Type: boolean

Whether this is the default network ACL for the VPC.

NetworkAclId
Type: string

The identifier of the network ACL.

OwnerId
Type: string

The identifier of the Amazon Web Services account that owns the network ACL.

VpcId
Type: string

The identifier of the VPC for the network ACL.

AwsEc2NetworkAclEntry

Description

A rule for the network ACL. Each rule allows or denies access based on the IP address, traffic direction, port, and protocol.

Members
CidrBlock
Type: string

The IPV4 network range for which to deny or allow access.

Egress
Type: boolean

Whether the rule is an egress rule. An egress rule is a rule that applies to traffic that leaves the subnet.

IcmpTypeCode
Type: IcmpTypeCode structure

The Internet Control Message Protocol (ICMP) type and code for which to deny or allow access.

Ipv6CidrBlock
Type: string

The IPV6 network range for which to deny or allow access.

PortRange
Type: PortRangeFromTo structure

For TCP or UDP protocols, the range of ports that the rule applies to.

Protocol
Type: string

The protocol that the rule applies to. To deny or allow access to all protocols, use the value -1.

RuleAction
Type: string

Whether the rule is used to allow access or deny access.

RuleNumber
Type: int

The rule number. The rules are processed in order by their number.

AwsEc2NetworkInterfaceAttachment

Description

Information about the network interface attachment.

Members
AttachTime
Type: string

Indicates when the attachment initiated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

AttachmentId
Type: string

The identifier of the network interface attachment

DeleteOnTermination
Type: boolean

Indicates whether the network interface is deleted when the instance is terminated.

DeviceIndex
Type: int

The device index of the network interface attachment on the instance.

InstanceId
Type: string

The ID of the instance.

InstanceOwnerId
Type: string

The Amazon Web Services account ID of the owner of the instance.

Status
Type: string

The attachment state.

Valid values: attaching | attached | detaching | detached

AwsEc2NetworkInterfaceDetails

Description

Details about the network interface

Members
Attachment

The network interface attachment.

IpV6Addresses
Type: Array of AwsEc2NetworkInterfaceIpV6AddressDetail structures

The IPv6 addresses associated with the network interface.

NetworkInterfaceId
Type: string

The ID of the network interface.

PrivateIpAddresses

The private IPv4 addresses associated with the network interface.

PublicDnsName
Type: string

The public DNS name of the network interface.

PublicIp
Type: string

The address of the Elastic IP address bound to the network interface.

SecurityGroups
Type: Array of AwsEc2NetworkInterfaceSecurityGroup structures

Security groups for the network interface.

SourceDestCheck
Type: boolean

Indicates whether traffic to or from the instance is validated.

AwsEc2NetworkInterfaceIpV6AddressDetail

Description

Provides information about an IPV6 address that is associated with the network interface.

Members
IpV6Address
Type: string

The IPV6 address.

AwsEc2NetworkInterfacePrivateIpAddressDetail

Description

Provides information about a private IPv4 address that is with the network interface.

Members
PrivateDnsName
Type: string

The private DNS name for the IP address.

PrivateIpAddress
Type: string

The IP address.

AwsEc2NetworkInterfaceSecurityGroup

Description

A security group associated with the network interface.

Members
GroupId
Type: string

The ID of the security group.

GroupName
Type: string

The name of the security group.

AwsEc2RouteTableDetails

Description

Provides details about a route table for the specified VPC.

Members
AssociationSet
Type: Array of AssociationSetDetails structures

The associations between a route table and one or more subnets or a gateway.

OwnerId
Type: string

The ID of the Amazon Web Services account that owns the route table.

PropagatingVgwSet
Type: Array of PropagatingVgwSetDetails structures

Describes a virtual private gateway propagating route.

RouteSet
Type: Array of RouteSetDetails structures

The routes in the route table.

RouteTableId
Type: string

The ID of the route table.

VpcId
Type: string

The ID of the virtual private cloud (VPC).

AwsEc2SecurityGroupDetails

Description

Details about an Amazon EC2 security group.

Members
GroupId
Type: string

The ID of the security group.

GroupName
Type: string

The name of the security group.

IpPermissions
Type: Array of AwsEc2SecurityGroupIpPermission structures

The inbound rules associated with the security group.

IpPermissionsEgress
Type: Array of AwsEc2SecurityGroupIpPermission structures

[VPC only] The outbound rules associated with the security group.

OwnerId
Type: string

The Amazon Web Services account ID of the owner of the security group.

VpcId
Type: string

[VPC only] The ID of the VPC for the security group.

AwsEc2SecurityGroupIpPermission

Description

An IP permission for an EC2 security group.

Members
FromPort
Type: int

The start of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.

A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

IpProtocol
Type: string

The IP protocol name (tcp, udp, icmp, icmpv6) or number.

[VPC only] Use -1 to specify all protocols.

When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify.

For tcp, udp, and icmp, you must specify a port range.

For icmpv6, the port range is optional. If you omit the port range, traffic for all types and codes is allowed.

IpRanges
Type: Array of AwsEc2SecurityGroupIpRange structures

The IPv4 ranges.

Ipv6Ranges
Type: Array of AwsEc2SecurityGroupIpv6Range structures

The IPv6 ranges.

PrefixListIds
Type: Array of AwsEc2SecurityGroupPrefixListId structures

[VPC only] The prefix list IDs for an Amazon Web Services service. With outbound rules, this is the Amazon Web Services service to access through a VPC endpoint from instances associated with the security group.

ToPort
Type: int

The end of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.

A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

UserIdGroupPairs
Type: Array of AwsEc2SecurityGroupUserIdGroupPair structures

The security group and Amazon Web Services account ID pairs.

AwsEc2SecurityGroupIpRange

Description

A range of IPv4 addresses.

Members
CidrIp
Type: string

The IPv4 CIDR range. You can specify either a CIDR range or a source security group, but not both. To specify a single IPv4 address, use the /32 prefix length.

AwsEc2SecurityGroupIpv6Range

Description

A range of IPv6 addresses.

Members
CidrIpv6
Type: string

The IPv6 CIDR range. You can specify either a CIDR range or a source security group, but not both. To specify a single IPv6 address, use the /128 prefix length.

AwsEc2SecurityGroupPrefixListId

Description

A prefix list ID.

Members
PrefixListId
Type: string

The ID of the prefix.

AwsEc2SecurityGroupUserIdGroupPair

Description

A relationship between a security group and a user.

Members
GroupId
Type: string

The ID of the security group.

GroupName
Type: string

The name of the security group.

PeeringStatus
Type: string

The status of a VPC peering connection, if applicable.

UserId
Type: string

The ID of an Amazon Web Services account.

For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.

[EC2-Classic] Required when adding or removing rules that reference a security group in another VPC.

VpcId
Type: string

The ID of the VPC for the referenced security group, if applicable.

VpcPeeringConnectionId
Type: string

The ID of the VPC peering connection, if applicable.

AwsEc2SubnetDetails

Description

Contains information about a subnet in Amazon EC2.

Members
AssignIpv6AddressOnCreation
Type: boolean

Whether to assign an IPV6 address to a network interface that is created in this subnet.

AvailabilityZone
Type: string

The Availability Zone for the subnet.

AvailabilityZoneId
Type: string

The identifier of the Availability Zone for the subnet.

AvailableIpAddressCount
Type: int

The number of available IPV4 addresses in the subnet. Does not include addresses for stopped instances.

CidrBlock
Type: string

The IPV4 CIDR block that is assigned to the subnet.

DefaultForAz
Type: boolean

Whether this subnet is the default subnet for the Availability Zone.

Ipv6CidrBlockAssociationSet
Type: Array of Ipv6CidrBlockAssociation structures

The IPV6 CIDR blocks that are associated with the subnet.

MapPublicIpOnLaunch
Type: boolean

Whether instances in this subnet receive a public IP address.

OwnerId
Type: string

The identifier of the Amazon Web Services account that owns the subnet.

State
Type: string

The current state of the subnet. Valid values are available or pending.

SubnetArn
Type: string

The ARN of the subnet.

SubnetId
Type: string

The identifier of the subnet.

VpcId
Type: string

The identifier of the VPC that contains the subnet.

AwsEc2TransitGatewayDetails

Description

Information about an Amazon Web Services Amazon EC2 Transit Gateway that interconnects virtual private clouds (VPCs) and on-premises networks.

Members
AmazonSideAsn
Type: int

A private Autonomous System Number (ASN) for the Amazon side of a BGP session.

AssociationDefaultRouteTableId
Type: string

The ID of the default association route table.

AutoAcceptSharedAttachments
Type: string

Turn on or turn off automatic acceptance of attachment requests.

DefaultRouteTableAssociation
Type: string

Turn on or turn off automatic association with the default association route table.

DefaultRouteTablePropagation
Type: string

Turn on or turn off automatic propagation of routes to the default propagation route table.

Description
Type: string

The description of the transit gateway.

DnsSupport
Type: string

Turn on or turn off DNS support.

Id
Type: string

The ID of the transit gateway.

MulticastSupport
Type: string

Indicates whether multicast is supported on the transit gateway.

PropagationDefaultRouteTableId
Type: string

The ID of the default propagation route table.

TransitGatewayCidrBlocks
Type: Array of strings

The transit gateway Classless Inter-Domain Routing (CIDR) blocks.

VpnEcmpSupport
Type: string

Turn on or turn off Equal Cost Multipath Protocol (ECMP) support.

AwsEc2VolumeAttachment

Description

An attachment to an Amazon EC2 volume.

Members
AttachTime
Type: string

The datetime when the attachment initiated.

DeleteOnTermination
Type: boolean

Whether the EBS volume is deleted when the EC2 instance is terminated.

InstanceId
Type: string

The identifier of the EC2 instance.

Status
Type: string

The attachment state of the volume. Valid values are as follows:

  • attaching

  • attached

  • busy

  • detaching

  • detached

AwsEc2VolumeDetails

Description

Details about an EC2 volume.

Members
Attachments
Type: Array of AwsEc2VolumeAttachment structures

The volume attachments.

CreateTime
Type: string

Indicates when the volume was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

DeviceName
Type: string

The device name for the volume that is attached to the instance.

Encrypted
Type: boolean

Specifies whether the volume is encrypted.

KmsKeyId
Type: string

The ARN of the KMS key that was used to protect the volume encryption key for the volume.

Size
Type: int

The size of the volume, in GiBs.

SnapshotId
Type: string

The snapshot from which the volume was created.

Status
Type: string

The volume state. Valid values are as follows:

  • available

  • creating

  • deleted

  • deleting

  • error

  • in-use

VolumeId
Type: string

The ID of the volume.

VolumeScanStatus
Type: string

Indicates whether the volume was scanned or skipped.

VolumeType
Type: string

The volume type.

AwsEc2VpcDetails

Description

Details about an EC2 VPC.

Members
CidrBlockAssociationSet
Type: Array of CidrBlockAssociation structures

Information about the IPv4 CIDR blocks associated with the VPC.

DhcpOptionsId
Type: string

The identifier of the set of Dynamic Host Configuration Protocol (DHCP) options that are associated with the VPC. If the default options are associated with the VPC, then this is default.

Ipv6CidrBlockAssociationSet
Type: Array of Ipv6CidrBlockAssociation structures

Information about the IPv6 CIDR blocks associated with the VPC.

State
Type: string

The current state of the VPC. Valid values are available or pending.

AwsEc2VpcEndpointServiceDetails

Description

Contains details about the service configuration for a VPC endpoint service.

Members
AcceptanceRequired
Type: boolean

Whether requests from other Amazon Web Services accounts to create an endpoint to the service must first be accepted.

AvailabilityZones
Type: Array of strings

The Availability Zones where the service is available.

BaseEndpointDnsNames
Type: Array of strings

The DNS names for the service.

GatewayLoadBalancerArns
Type: Array of strings

The ARNs of the Gateway Load Balancers for the service.

ManagesVpcEndpoints
Type: boolean

Whether the service manages its VPC endpoints.

NetworkLoadBalancerArns
Type: Array of strings

The ARNs of the Network Load Balancers for the service.

PrivateDnsName
Type: string

The private DNS name for the service.

ServiceId
Type: string

The identifier of the service.

ServiceName
Type: string

The name of the service.

ServiceState
Type: string

The current state of the service. Valid values are as follows:

  • Available

  • Deleted

  • Deleting

  • Failed

  • Pending

ServiceType
Type: Array of AwsEc2VpcEndpointServiceServiceTypeDetails structures

The types for the service.

AwsEc2VpcEndpointServiceServiceTypeDetails

Description

The service type information for a VPC endpoint service.

Members
ServiceType
Type: string

The type of service.

AwsEc2VpcPeeringConnectionDetails

Description

Provides information about a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection.

Members
AccepterVpcInfo

Information about the accepter VPC.

ExpirationTime
Type: string

The time at which an unaccepted VPC peering connection will expire.

RequesterVpcInfo

Information about the requester VPC.

Status

The status of the VPC peering connection.

VpcPeeringConnectionId
Type: string

The ID of the VPC peering connection.

AwsEc2VpcPeeringConnectionStatusDetails

Description

Details about the status of the VPC peering connection.

Members
Code
Type: string

The status of the VPC peering connection.

Message
Type: string

A message that provides more information about the status, if applicable.

AwsEc2VpcPeeringConnectionVpcInfoDetails

Description

Describes a VPC in a VPC peering connection.

Members
CidrBlock
Type: string

The IPv4 CIDR block for the VPC.

CidrBlockSet
Type: Array of VpcInfoCidrBlockSetDetails structures

Information about the IPv4 CIDR blocks for the VPC.

Ipv6CidrBlockSet
Type: Array of VpcInfoIpv6CidrBlockSetDetails structures

The IPv6 CIDR block for the VPC.

OwnerId
Type: string

The ID of the Amazon Web Services account that owns the VPC.

PeeringOptions

Information about the VPC peering connection options for the accepter or requester VPC.

Region
Type: string

The Amazon Web Services Region in which the VPC is located.

VpcId
Type: string

The ID of the VPC.

AwsEc2VpnConnectionDetails

Description

Details about an Amazon EC2 VPN connection.

Members
Category
Type: string

The category of the VPN connection. VPN indicates an Amazon Web Services VPN connection. VPN-Classic indicates an Amazon Web Services Classic VPN connection.

CustomerGatewayConfiguration
Type: string

The configuration information for the VPN connection's customer gateway, in the native XML format.

CustomerGatewayId
Type: string

The identifier of the customer gateway that is at your end of the VPN connection.

Options

The VPN connection options.

Routes
Type: Array of AwsEc2VpnConnectionRoutesDetails structures

The static routes that are associated with the VPN connection.

State
Type: string

The current state of the VPN connection. Valid values are as follows:

  • available

  • deleted

  • deleting

  • pending

TransitGatewayId
Type: string

The identifier of the transit gateway that is associated with the VPN connection.

Type
Type: string

The type of VPN connection.

VgwTelemetry
Type: Array of AwsEc2VpnConnectionVgwTelemetryDetails structures

Information about the VPN tunnel.

VpnConnectionId
Type: string

The identifier of the VPN connection.

VpnGatewayId
Type: string

The identifier of the virtual private gateway that is at the Amazon Web Services side of the VPN connection.

AwsEc2VpnConnectionOptionsDetails

Description

VPN connection options.

Members
StaticRoutesOnly
Type: boolean

Whether the VPN connection uses static routes only.

TunnelOptions

The VPN tunnel options.

AwsEc2VpnConnectionOptionsTunnelOptionsDetails

Description

The VPN tunnel options.

Members
DpdTimeoutSeconds
Type: int

The number of seconds after which a Dead Peer Detection (DPD) timeout occurs.

IkeVersions
Type: Array of strings

The Internet Key Exchange (IKE) versions that are permitted for the VPN tunnel.

OutsideIpAddress
Type: string

The external IP address of the VPN tunnel.

Phase1DhGroupNumbers
Type: Array of ints

The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 1 IKE negotiations.

Phase1EncryptionAlgorithms
Type: Array of strings

The permitted encryption algorithms for the VPN tunnel for phase 1 IKE negotiations.

Phase1IntegrityAlgorithms
Type: Array of strings

The permitted integrity algorithms for the VPN tunnel for phase 1 IKE negotiations.

Phase1LifetimeSeconds
Type: int

The lifetime for phase 1 of the IKE negotiation, in seconds.

Phase2DhGroupNumbers
Type: Array of ints

The permitted Diffie-Hellman group numbers for the VPN tunnel for phase 2 IKE negotiations.

Phase2EncryptionAlgorithms
Type: Array of strings

The permitted encryption algorithms for the VPN tunnel for phase 2 IKE negotiations.

Phase2IntegrityAlgorithms
Type: Array of strings

The permitted integrity algorithms for the VPN tunnel for phase 2 IKE negotiations.

Phase2LifetimeSeconds
Type: int

The lifetime for phase 2 of the IKE negotiation, in seconds.

PreSharedKey
Type: string

The preshared key to establish initial authentication between the virtual private gateway and the customer gateway.

RekeyFuzzPercentage
Type: int

The percentage of the rekey window, which is determined by RekeyMarginTimeSeconds during which the rekey time is randomly selected.

RekeyMarginTimeSeconds
Type: int

The margin time, in seconds, before the phase 2 lifetime expires, during which the Amazon Web Services side of the VPN connection performs an IKE rekey.

ReplayWindowSize
Type: int

The number of packets in an IKE replay window.

TunnelInsideCidr
Type: string

The range of inside IPv4 addresses for the tunnel.

AwsEc2VpnConnectionRoutesDetails

Description

A static routes associated with the VPN connection.

Members
DestinationCidrBlock
Type: string

The CIDR block associated with the local subnet of the customer data center.

State
Type: string

The current state of the static route.

AwsEc2VpnConnectionVgwTelemetryDetails

Description

Information about the VPN tunnel.

Members
AcceptedRouteCount
Type: int

The number of accepted routes.

CertificateArn
Type: string

The ARN of the VPN tunnel endpoint certificate.

LastStatusChange
Type: string

The date and time of the last change in status.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

OutsideIpAddress
Type: string

The Internet-routable IP address of the virtual private gateway's outside interface.

Status
Type: string

The status of the VPN tunnel. Valid values are DOWN or UP.

StatusMessage
Type: string

If an error occurs, a description of the error.

AwsEcrContainerImageDetails

Description

Information about an Amazon ECR image.

Members
Architecture
Type: string

The architecture of the image. Valid values are as follows:

  • arm64

  • i386

  • x86_64

ImageDigest
Type: string

The sha256 digest of the image manifest.

ImagePublishedAt
Type: string

The date and time when the image was pushed to the repository.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

ImageTags
Type: Array of strings

The list of tags that are associated with the image.

RegistryId
Type: string

The Amazon Web Services account identifier that is associated with the registry that the image belongs to.

RepositoryName
Type: string

The name of the repository that the image belongs to.

AwsEcrRepositoryDetails

Description

Provides information about an Amazon Elastic Container Registry repository.

Members
Arn
Type: string

The ARN of the repository.

ImageScanningConfiguration

The image scanning configuration for a repository.

ImageTagMutability
Type: string

The tag mutability setting for the repository. Valid values are IMMUTABLE or MUTABLE.

LifecyclePolicy

Information about the lifecycle policy for the repository.

RepositoryName
Type: string

The name of the repository.

RepositoryPolicyText
Type: string

The text of the repository policy.

AwsEcrRepositoryImageScanningConfigurationDetails

Description

The image scanning configuration for a repository.

Members
ScanOnPush
Type: boolean

Whether to scan images after they are pushed to a repository.

AwsEcrRepositoryLifecyclePolicyDetails

Description

Information about the lifecycle policy for the repository.

Members
LifecyclePolicyText
Type: string

The text of the lifecycle policy.

RegistryId
Type: string

The Amazon Web Services account identifier that is associated with the registry that contains the repository.

AwsEcsClusterClusterSettingsDetails

Description

Indicates whether to enable CloudWatch Container Insights for the ECS cluster.

Members
Name
Type: string

The name of the setting. The valid value is containerInsights.

Value
Type: string

The value of the setting. Valid values are disabled or enabled.

AwsEcsClusterConfigurationExecuteCommandConfigurationDetails

Description

Contains the run command configuration for the cluster.

Members
KmsKeyId
Type: string

The identifier of the KMS key that is used to encrypt the data between the local client and the container.

LogConfiguration

The log configuration for the results of the run command actions. Required if Logging is NONE.

Logging
Type: string

The log setting to use for redirecting logs for run command results.

AwsEcsClusterConfigurationExecuteCommandConfigurationLogConfigurationDetails

Description

The log configuration for the results of the run command actions.

Members
CloudWatchEncryptionEnabled
Type: boolean

Whether to enable encryption on the CloudWatch logs.

CloudWatchLogGroupName
Type: string

The name of the CloudWatch log group to send the logs to.

S3BucketName
Type: string

The name of the S3 bucket to send logs to.

S3EncryptionEnabled
Type: boolean

Whether to encrypt the logs that are sent to the S3 bucket.

S3KeyPrefix
Type: string

Identifies the folder in the S3 bucket to send the logs to.

AwsEcsClusterDefaultCapacityProviderStrategyDetails

Description

The default capacity provider strategy for the cluster. The default capacity provider strategy is used when services or tasks are run without a specified launch type or capacity provider strategy.

Members
Base
Type: int

The minimum number of tasks to run on the specified capacity provider.

CapacityProvider
Type: string

The name of the capacity provider.

Weight
Type: int

The relative percentage of the total number of tasks launched that should use the capacity provider.

AwsEcsClusterDetails

Description

Provides details about an Amazon ECS cluster.

Members
ActiveServicesCount
Type: int

The number of services that are running on the cluster in an ACTIVE state. You can view these services with the Amazon ECS ListServices API operation.

CapacityProviders
Type: Array of strings

The short name of one or more capacity providers to associate with the cluster.

ClusterArn
Type: string

The Amazon Resource Name (ARN) that identifies the cluster.

ClusterName
Type: string

A name that you use to identify your cluster.

ClusterSettings
Type: Array of AwsEcsClusterClusterSettingsDetails structures

The setting to use to create the cluster. Specifically used to configure whether to enable CloudWatch Container Insights for the cluster.

Configuration

The run command configuration for the cluster.

DefaultCapacityProviderStrategy

The default capacity provider strategy for the cluster. The default capacity provider strategy is used when services or tasks are run without a specified launch type or capacity provider strategy.

RegisteredContainerInstancesCount
Type: int

The number of container instances registered into the cluster. This includes container instances in both ACTIVE and DRAINING status.

RunningTasksCount
Type: int

The number of tasks in the cluster that are in the RUNNING state.

Status
Type: string

The status of the cluster.

AwsEcsContainerDetails

Description

Provides information about an Amazon ECS container.

Members
Image
Type: string

The image used for the container.

MountPoints
Type: Array of AwsMountPoint structures

The mount points for data volumes in your container.

Name
Type: string

The name of the container.

Privileged
Type: boolean

When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).

AwsEcsServiceCapacityProviderStrategyDetails

Description

Strategy item for the capacity provider strategy that the service uses.

Members
Base
Type: int

The minimum number of tasks to run on the capacity provider. Only one strategy item can specify a value for Base.

The value must be between 0 and 100000.

CapacityProvider
Type: string

The short name of the capacity provider.

Weight
Type: int

The relative percentage of the total number of tasks that should use the capacity provider.

If no weight is specified, the default value is 0. At least one capacity provider must have a weight greater than 0.

The value can be between 0 and 1000.

AwsEcsServiceDeploymentConfigurationDeploymentCircuitBreakerDetails

Description

Determines whether a service deployment fails if a service cannot reach a steady state.

Members
Enable
Type: boolean

Whether to enable the deployment circuit breaker logic for the service.

Rollback
Type: boolean

Whether to roll back the service if a service deployment fails. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.

AwsEcsServiceDeploymentConfigurationDetails

Description

Optional deployment parameters for the service.

Members
DeploymentCircuitBreaker

Determines whether a service deployment fails if a service cannot reach a steady state.

MaximumPercent
Type: int

For a service that uses the rolling update (ECS) deployment type, the maximum number of tasks in a service that are allowed in the RUNNING or PENDING state during a deployment, and for tasks that use the EC2 launch type, when any container instances are in the DRAINING state. Provided as a percentage of the desired number of tasks. The default value is 200%.

For a service that uses the blue/green (CODE_DEPLOY) or EXTERNAL deployment types, and tasks that use the EC2 launch type, the maximum number of tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state.

For the Fargate launch type, the maximum percent value is not used.

MinimumHealthyPercent
Type: int

For a service that uses the rolling update (ECS) deployment type, the minimum number of tasks in a service that must remain in the RUNNING state during a deployment, and while any container instances are in the DRAINING state if the service contains tasks using the EC2 launch type. Expressed as a percentage of the desired number of tasks. The default value is 100%.

For a service that uses the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and tasks that use the EC2 launch type, the minimum number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state.

For the Fargate launch type, the minimum healthy percent value is not used.

AwsEcsServiceDeploymentControllerDetails

Description

Information about the deployment controller type that the service uses.

Members
Type
Type: string

The rolling update (ECS) deployment type replaces the current running version of the container with the latest version.

The blue/green (CODE_DEPLOY) deployment type uses the blue/green deployment model that is powered by CodeDeploy. This deployment model a new deployment of a service can be verified before production traffic is sent to it.

The external (EXTERNAL) deployment type allows the use of any third-party deployment controller for full control over the deployment process for an Amazon ECS service.

Valid values: ECS | CODE_DEPLOY | EXTERNAL

AwsEcsServiceDetails

Description

Provides details about a service within an ECS cluster.

Members
CapacityProviderStrategy

The capacity provider strategy that the service uses.

Cluster
Type: string

The ARN of the cluster that hosts the service.

DeploymentConfiguration

Deployment parameters for the service. Includes the number of tasks that run and the order in which to start and stop tasks.

DeploymentController

Contains the deployment controller type that the service uses.

DesiredCount
Type: int

The number of instantiations of the task definition to run on the service.

EnableEcsManagedTags
Type: boolean

Whether to enable Amazon ECS managed tags for the tasks in the service.

EnableExecuteCommand
Type: boolean

Whether the execute command functionality is enabled for the service.

HealthCheckGracePeriodSeconds
Type: int

After a task starts, the amount of time in seconds that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing target health checks.

LaunchType
Type: string

The launch type that the service uses.

Valid values: EC2 | FARGATE | EXTERNAL

LoadBalancers
Type: Array of AwsEcsServiceLoadBalancersDetails structures

Information about the load balancers that the service uses.

Name
Type: string

The name of the service.

NetworkConfiguration

For tasks that use the awsvpc networking mode, the VPC subnet and security group configuration.

PlacementConstraints
Type: Array of AwsEcsServicePlacementConstraintsDetails structures

The placement constraints for the tasks in the service.

PlacementStrategies
Type: Array of AwsEcsServicePlacementStrategiesDetails structures

Information about how tasks for the service are placed.

PlatformVersion
Type: string

The platform version on which to run the service. Only specified for tasks that are hosted on Fargate. If a platform version is not specified, the LATEST platform version is used by default.

PropagateTags
Type: string

Indicates whether to propagate the tags from the task definition to the task or from the service to the task. If no value is provided, then tags are not propagated.

Valid values: TASK_DEFINITION | SERVICE

Role
Type: string

The ARN of the IAM role that is associated with the service. The role allows the Amazon ECS container agent to register container instances with an Elastic Load Balancing load balancer.

SchedulingStrategy
Type: string

The scheduling strategy to use for the service.

The REPLICA scheduling strategy places and maintains the desired number of tasks across the cluster. By default, the service scheduler spreads tasks across Availability Zones. Task placement strategies and constraints are used to customize task placement decisions.

The DAEMON scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that are specified in the cluster. The service scheduler also evaluates the task placement constraints for running tasks and stops tasks that don't meet the placement constraints.

Valid values: REPLICA | DAEMON

ServiceArn
Type: string

The ARN of the service.

ServiceName
Type: string

The name of the service.

The name can contain up to 255 characters. It can use letters, numbers, underscores, and hyphens.

ServiceRegistries
Type: Array of AwsEcsServiceServiceRegistriesDetails structures

Information about the service discovery registries to assign to the service.

TaskDefinition
Type: string

The task definition to use for tasks in the service.

AwsEcsServiceLoadBalancersDetails

Description

Information about a load balancer that the service uses.

Members
ContainerName
Type: string

The name of the container to associate with the load balancer.

ContainerPort
Type: int

The port on the container to associate with the load balancer. This port must correspond to a containerPort in the task definition the tasks in the service are using. For tasks that use the EC2 launch type, the container instance they are launched on must allow ingress traffic on the hostPort of the port mapping.

LoadBalancerName
Type: string

The name of the load balancer to associate with the Amazon ECS service or task set.

Only specified when using a Classic Load Balancer. For an Application Load Balancer or a Network Load Balancer, the load balancer name is omitted.

TargetGroupArn
Type: string

The ARN of the Elastic Load Balancing target group or groups associated with a service or task set.

Only specified when using an Application Load Balancer or a Network Load Balancer. For a Classic Load Balancer, the target group ARN is omitted.

AwsEcsServiceNetworkConfigurationAwsVpcConfigurationDetails

Description

For tasks that use the awsvpc networking mode, the VPC subnet and security group configuration.

Members
AssignPublicIp
Type: string

Whether the task's elastic network interface receives a public IP address. The default value is DISABLED.

Valid values: ENABLED | DISABLED

SecurityGroups
Type: Array of strings

The IDs of the security groups associated with the task or service.

You can provide up to five security groups.

Subnets
Type: Array of strings

The IDs of the subnets associated with the task or service.

You can provide up to 16 subnets.

AwsEcsServiceNetworkConfigurationDetails

Description

For tasks that use the awsvpc networking mode, the VPC subnet and security group configuration.

Members
AwsVpcConfiguration

The VPC subnet and security group configuration.

AwsEcsServicePlacementConstraintsDetails

Description

A placement constraint for the tasks in the service.

Members
Expression
Type: string

A cluster query language expression to apply to the constraint. You cannot specify an expression if the constraint type is distinctInstance.

Type
Type: string

The type of constraint. Use distinctInstance to run each task in a particular group on a different container instance. Use memberOf to restrict the selection to a group of valid candidates.

Valid values: distinctInstance | memberOf

AwsEcsServicePlacementStrategiesDetails

Description

A placement strategy that determines how to place the tasks for the service.

Members
Field
Type: string

The field to apply the placement strategy against.

For the spread placement strategy, valid values are instanceId (or host, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as attribute:ecs.availability-zone.

For the binpack placement strategy, valid values are cpu and memory.

For the random placement strategy, this attribute is not used.

Type
Type: string

The type of placement strategy.

The random placement strategy randomly places tasks on available candidates.

The spread placement strategy spreads placement across available candidates evenly based on the value of Field.

The binpack strategy places tasks on available candidates that have the least available amount of the resource that is specified in Field.

Valid values: random | spread | binpack

AwsEcsServiceServiceRegistriesDetails

Description

Information about a service discovery registry to assign to the service.

Members
ContainerName
Type: string

The container name value to use for the service discovery service.

If the task definition uses the bridge or host network mode, you must specify ContainerName and ContainerPort.

If the task definition uses the awsvpc network mode and a type SRV DNS record, you must specify either ContainerName and ContainerPort, or Port , but not both.

ContainerPort
Type: int

The port value to use for the service discovery service.

If the task definition uses the bridge or host network mode, you must specify ContainerName and ContainerPort.

If the task definition uses the awsvpc network mode and a type SRV DNS record, you must specify either ContainerName and ContainerPort, or Port , but not both.

Port
Type: int

The port value to use for a service discovery service that specifies an SRV record. This field can be used if both the awsvpcawsvpc network mode and SRV records are used.

RegistryArn
Type: string

The ARN of the service registry.

AwsEcsTaskDefinitionContainerDefinitionsDependsOnDetails

Description

A dependency that is defined for container startup and shutdown.

Members
Condition
Type: string

The dependency condition of the dependent container. Indicates the required status of the dependent container before the current container can start. Valid values are as follows:

  • COMPLETE

  • HEALTHY

  • SUCCESS

  • START

ContainerName
Type: string

The name of the dependent container.

AwsEcsTaskDefinitionContainerDefinitionsDetails

Description

A container definition that describes a container in the task.

Members
Command
Type: Array of strings

The command that is passed to the container.

Cpu
Type: int

The number of CPU units reserved for the container.

DependsOn

The dependencies that are defined for container startup and shutdown.

DisableNetworking
Type: boolean

Whether to disable networking within the container.

DnsSearchDomains
Type: Array of strings

A list of DNS search domains that are presented to the container.

DnsServers
Type: Array of strings

A list of DNS servers that are presented to the container.

DockerLabels
Type: Associative array of custom strings keys (NonEmptyString) to strings

A key-value map of labels to add to the container.

DockerSecurityOptions
Type: Array of strings

A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems.

EntryPoint
Type: Array of strings

The entry point that is passed to the container.

Environment

The environment variables to pass to a container.

EnvironmentFiles

A list of files containing the environment variables to pass to a container.

Essential
Type: boolean

Whether the container is essential. All tasks must have at least one essential container.

ExtraHosts

A list of hostnames and IP address mappings to append to the /etc/hosts file on the container.

FirelensConfiguration

The FireLens configuration for the container. Specifies and configures a log router for container logs.

HealthCheck

The container health check command and associated configuration parameters for the container.

Hostname
Type: string

The hostname to use for the container.

Image
Type: string

The image used to start the container.

Interactive
Type: boolean

If set to true, then containerized applications can be deployed that require stdin or a tty to be allocated.

Links
Type: Array of strings

A list of links for the container in the form container_name:alias . Allows containers to communicate with each other without the need for port mappings.

LinuxParameters

Linux-specific modifications that are applied to the container, such as Linux kernel capabilities.

LogConfiguration

The log configuration specification for the container.

Memory
Type: int

The amount (in MiB) of memory to present to the container. If the container attempts to exceed the memory specified here, the container is shut down. The total amount of memory reserved for all containers within a task must be lower than the task memory value, if one is specified.

MemoryReservation
Type: int

The soft limit (in MiB) of memory to reserve for the container.

MountPoints

The mount points for the data volumes in the container.

Name
Type: string

The name of the container.

PortMappings

The list of port mappings for the container.

Privileged
Type: boolean

Whether the container is given elevated privileges on the host container instance. The elevated privileges are similar to the root user.

PseudoTerminal
Type: boolean

Whether to allocate a TTY to the container.

ReadonlyRootFilesystem
Type: boolean

Whether the container is given read-only access to its root file system.

RepositoryCredentials

The private repository authentication credentials to use.

ResourceRequirements

The type and amount of a resource to assign to a container. The only supported resource is a GPU.

Secrets

The secrets to pass to the container.

StartTimeout
Type: int

The number of seconds to wait before giving up on resolving dependencies for a container.

StopTimeout
Type: int

The number of seconds to wait before the container is stopped if it doesn't shut down normally on its own.

SystemControls

A list of namespaced kernel parameters to set in the container.

Ulimits

A list of ulimits to set in the container.

User
Type: string

The user to use inside the container.

The value can use one of the following formats.

  • user

  • user : group

  • uid

  • uid : gid

  • user : gid

  • uid : group

VolumesFrom

Data volumes to mount from another container.

WorkingDirectory
Type: string

The working directory in which to run commands inside the container.

AwsEcsTaskDefinitionContainerDefinitionsEnvironmentDetails

Description

An environment variable to pass to the container.

Members
Name
Type: string

The name of the environment variable.

Value
Type: string

The value of the environment variable.

AwsEcsTaskDefinitionContainerDefinitionsEnvironmentFilesDetails

Description

A file that contain environment variables to pass to a container.

Members
Type
Type: string

The type of environment file. The valid value is s3.

Value
Type: string

The ARN of the S3 object that contains the environment variable file.

AwsEcsTaskDefinitionContainerDefinitionsExtraHostsDetails

Description

A hostname and IP address mapping to append to the /etc/hosts file on the container.

Members
Hostname
Type: string

The hostname to use in the /etc/hosts entry.

IpAddress
Type: string

The IP address to use in the /etc/hosts entry.

AwsEcsTaskDefinitionContainerDefinitionsFirelensConfigurationDetails

Description

The FireLens configuration for the container. The configuration specifies and configures a log router for container logs.

Members
Options
Type: Associative array of custom strings keys (NonEmptyString) to strings

The options to use to configure the log router.

The valid option keys are as follows:

  • enable-ecs-log-metadata. The value can be true or false.

  • config-file-type. The value can be s3 or file.

  • config-file-value. The value is either an S3 ARN or a file path.

Type
Type: string

The log router to use. Valid values are fluentbit or fluentd.

AwsEcsTaskDefinitionContainerDefinitionsHealthCheckDetails

Description

The container health check command and associated configuration parameters for the container.

Members
Command
Type: Array of strings

The command that the container runs to determine whether it is healthy.

Interval
Type: int

The time period in seconds between each health check execution. The default value is 30 seconds.

Retries
Type: int

The number of times to retry a failed health check before the container is considered unhealthy. The default value is 3.

StartPeriod
Type: int

The optional grace period in seconds that allows containers time to bootstrap before failed health checks count towards the maximum number of retries.

Timeout
Type: int

The time period in seconds to wait for a health check to succeed before it is considered a failure. The default value is 5.

AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersCapabilitiesDetails

Description

The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker.

Members
Add
Type: Array of strings

The Linux capabilities for the container that are added to the default configuration provided by Docker. Valid values are as follows:

Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"

Drop
Type: Array of strings

The Linux capabilities for the container that are dropped from the default configuration provided by Docker.

Valid values: "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | "LEASE" | "LINUX_IMMUTABLE" | "MAC_ADMIN" | "MAC_OVERRIDE" | "MKNOD" | "NET_ADMIN" | "NET_BIND_SERVICE" | "NET_BROADCAST" | "NET_RAW" | "SETFCAP" | "SETGID" | "SETPCAP" | "SETUID" | "SYS_ADMIN" | "SYS_BOOT" | "SYS_CHROOT" | "SYS_MODULE" | "SYS_NICE" | "SYS_PACCT" | "SYS_PTRACE" | "SYS_RAWIO" | "SYS_RESOURCE" | "SYS_TIME" | "SYS_TTY_CONFIG" | "SYSLOG" | "WAKE_ALARM"

AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDetails

Description

>Linux-specific modifications that are applied to the container, such as Linux kernel capabilities.

Members
Capabilities

The Linux capabilities for the container that are added to or dropped from the default configuration provided by Docker.

Devices

The host devices to expose to the container.

InitProcessEnabled
Type: boolean

Whether to run an init process inside the container that forwards signals and reaps processes.

MaxSwap
Type: int

The total amount of swap memory (in MiB) that a container can use.

SharedMemorySize
Type: int

The value for the size (in MiB) of the /dev/shm volume.

Swappiness
Type: int

Configures the container's memory swappiness behavior. Determines how aggressively pages are swapped. The higher the value, the more aggressive the swappiness. The default is 60.

Tmpfs

The container path, mount options, and size (in MiB) of the tmpfs mount.

AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersDevicesDetails

Description

A host device to expose to the container.

Members
ContainerPath
Type: string

The path inside the container at which to expose the host device.

HostPath
Type: string

The path for the device on the host container instance.

Permissions
Type: Array of strings

The explicit permissions to provide to the container for the device. By default, the container has permissions for read, write, and mknod for the device.

AwsEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfsDetails

Description

The container path, mount options, and size (in MiB) of a tmpfs mount.

Members
ContainerPath
Type: string

The absolute file path where the tmpfs volume is to be mounted.

MountOptions
Type: Array of strings

The list of tmpfs volume mount options.

Valid values: "defaults" | "ro" | "rw" | "suid" | "nosuid" | "dev" | "nodev" | "exec" | "noexec" | "sync" | "async" | "dirsync" | "remount" | "mand" | "nomand" | "atime" | "noatime" | "diratime" | "nodiratime" | "bind" | "rbind" | "unbindable" | "runbindable" | "private" | "rprivate" | "shared" | "rshared" | "slave" | "rslave" | "relatime" | "norelatime" | "strictatime" | "nostrictatime" | "mode" | "uid" | "gid" | "nr_inodes" | "nr_blocks" | "mpol"

Size
Type: int

The maximum size (in MiB) of the tmpfs volume.

AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationDetails

Description

The log configuration specification for the container.

Members
LogDriver
Type: string

The log driver to use for the container.

Valid values on Fargate are as follows:

  • awsfirelens

  • awslogs

  • splunk

Valid values on Amazon EC2 are as follows:

  • awsfirelens

  • awslogs

  • fluentd

  • gelf

  • journald

  • json-file

  • logentries

  • splunk

  • syslog

Options
Type: Associative array of custom strings keys (NonEmptyString) to strings

The configuration options to send to the log driver. Requires version 1.19 of the Docker Remote API or greater on your container instance.

SecretOptions

The secrets to pass to the log configuration.

AwsEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptionsDetails

Description

A secret to pass to the log configuration.

Members
Name
Type: string

The name of the secret.

ValueFrom
Type: string

The secret to expose to the container.

The value is either the full ARN of the Secrets Manager secret or the full ARN of the parameter in the Systems Manager Parameter Store.

AwsEcsTaskDefinitionContainerDefinitionsMountPointsDetails

Description

A mount point for the data volumes in the container.

Members
ContainerPath
Type: string

The path on the container to mount the host volume at.

ReadOnly
Type: boolean

Whether the container has read-only access to the volume.

SourceVolume
Type: string

The name of the volume to mount. Must match the name of a volume listed in VolumeDetails for the task definition.

AwsEcsTaskDefinitionContainerDefinitionsPortMappingsDetails

Description

A port mapping for the container.

Members
ContainerPort
Type: int

The port number on the container that is bound to the user-specified or automatically assigned host port.

HostPort
Type: int

The port number on the container instance to reserve for the container.

Protocol
Type: string

The protocol used for the port mapping. The default is tcp.

AwsEcsTaskDefinitionContainerDefinitionsRepositoryCredentialsDetails

Description

The private repository authentication credentials to use.

Members
CredentialsParameter
Type: string

The ARN of the secret that contains the private repository credentials.

AwsEcsTaskDefinitionContainerDefinitionsResourceRequirementsDetails

Description

A resource to assign to a container.

Members
Type
Type: string

The type of resource to assign to a container. Valid values are GPU or InferenceAccelerator.

Value
Type: string

The value for the specified resource type.

For GPU, the value is the number of physical GPUs the Amazon ECS container agent reserves for the container.

For InferenceAccelerator, the value should match the DeviceName attribute of an entry in InferenceAccelerators.

AwsEcsTaskDefinitionContainerDefinitionsSecretsDetails

Description

A secret to pass to the container.

Members
Name
Type: string

The name of the secret.

ValueFrom
Type: string

The secret to expose to the container. The value is either the full ARN of the Secrets Manager secret or the full ARN of the parameter in the Systems Manager Parameter Store.

AwsEcsTaskDefinitionContainerDefinitionsSystemControlsDetails

Description

A namespaced kernel parameter to set in the container.

Members
Namespace
Type: string

The namespaced kernel parameter for which to set a value.

Value
Type: string

The value of the parameter.

AwsEcsTaskDefinitionContainerDefinitionsUlimitsDetails

Description

A ulimit to set in the container.

Members
HardLimit
Type: int

The hard limit for the ulimit type.

Name
Type: string

The type of the ulimit. Valid values are as follows:

  • core

  • cpu

  • data

  • fsize

  • locks

  • memlock

  • msgqueue

  • nice

  • nofile

  • nproc

  • rss

  • rtprio

  • rttime

  • sigpending

  • stack

SoftLimit
Type: int

The soft limit for the ulimit type.

AwsEcsTaskDefinitionContainerDefinitionsVolumesFromDetails

Description

A data volume to mount from another container.

Members
ReadOnly
Type: boolean

Whether the container has read-only access to the volume.

SourceContainer
Type: string

The name of another container within the same task definition from which to mount volumes.

AwsEcsTaskDefinitionDetails

Description

Details about a task definition. A task definition describes the container and volume definitions of an Amazon Elastic Container Service task.

Members
ContainerDefinitions

The container definitions that describe the containers that make up the task.

Cpu
Type: string

The number of CPU units used by the task.Valid values are as follows:

  • 256 (.25 vCPU)

  • 512 (.5 vCPU)

  • 1024 (1 vCPU)

  • 2048 (2 vCPU)

  • 4096 (4 vCPU)

ExecutionRoleArn
Type: string

The ARN of the task execution role that grants the container agent permission to make API calls on behalf of the container user.

Family
Type: string

The name of a family that this task definition is registered to.

InferenceAccelerators

The Elastic Inference accelerators to use for the containers in the task.

IpcMode
Type: string

The inter-process communication (IPC) resource namespace to use for the containers in the task. Valid values are as follows:

  • host

  • none

  • task

Memory
Type: string

The amount (in MiB) of memory used by the task.

For tasks that are hosted on Amazon EC2, you can provide a task-level memory value or a container-level memory value. For tasks that are hosted on Fargate, you must use one of the specified values in the Amazon Elastic Container Service Developer Guide , which determines your range of supported values for the Cpu and Memory parameters.

NetworkMode
Type: string

The Docker networking mode to use for the containers in the task. Valid values are as follows:

  • awsvpc

  • bridge

  • host

  • none

PidMode
Type: string

The process namespace to use for the containers in the task. Valid values are host or task.

PlacementConstraints

The placement constraint objects to use for tasks.

ProxyConfiguration

The configuration details for the App Mesh proxy.

RequiresCompatibilities
Type: Array of strings

The task launch types that the task definition was validated against.

Status
Type: string

The status of the task definition.

TaskRoleArn
Type: string

The short name or ARN of the IAM role that grants containers in the task permission to call Amazon Web Services API operations on your behalf.

Volumes
Type: Array of AwsEcsTaskDefinitionVolumesDetails structures

The data volume definitions for the task.

AwsEcsTaskDefinitionInferenceAcceleratorsDetails

Description

An Elastic Inference accelerator to use for the containers in the task.

Members
DeviceName
Type: string

The Elastic Inference accelerator device name.

DeviceType
Type: string

The Elastic Inference accelerator type to use.

AwsEcsTaskDefinitionPlacementConstraintsDetails

Description

A placement constraint object to use for tasks.

Members
Expression
Type: string

A cluster query language expression to apply to the constraint.

Type
Type: string

The type of constraint.

AwsEcsTaskDefinitionProxyConfigurationDetails

Description

The configuration details for the App Mesh proxy.

Members
ContainerName
Type: string

The name of the container that will serve as the App Mesh proxy.

ProxyConfigurationProperties

The set of network configuration parameters to provide to the Container Network Interface (CNI) plugin, specified as key-value pairs.

Type
Type: string

The proxy type.

AwsEcsTaskDefinitionProxyConfigurationProxyConfigurationPropertiesDetails

Description

A network configuration parameter to provide to the Container Network Interface (CNI) plugin.

Members
Name
Type: string

The name of the property.

Value
Type: string

The value of the property.

AwsEcsTaskDefinitionVolumesDetails

Description

A data volume to mount from another container.

Members
DockerVolumeConfiguration

Information about a Docker volume.

EfsVolumeConfiguration

Information about the Amazon Elastic File System file system that is used for task storage.

Host

Information about a bind mount host volume.

Name
Type: string

The name of the data volume.

AwsEcsTaskDefinitionVolumesDockerVolumeConfigurationDetails

Description

Information about a Docker volume.

Members
Autoprovision
Type: boolean

Whether to create the Docker volume automatically if it does not already exist.

Driver
Type: string

The Docker volume driver to use.

DriverOpts
Type: Associative array of custom strings keys (NonEmptyString) to strings

A map of Docker driver-specific options that are passed through.

Labels
Type: Associative array of custom strings keys (NonEmptyString) to strings

Custom metadata to add to the Docker volume.

Scope
Type: string

The scope for the Docker volume that determines its lifecycle. Docker volumes that are scoped to a task are provisioned automatically when the task starts and destroyed when the task stops. Docker volumes that are shared persist after the task stops. Valid values are shared or task.

AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationAuthorizationConfigDetails

Description

Members
AccessPointId
Type: string

The Amazon EFS access point identifier to use.

Iam
Type: string

Whether to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system.

AwsEcsTaskDefinitionVolumesEfsVolumeConfigurationDetails

Description

Information about the Amazon Elastic File System file system that is used for task storage.

Members
AuthorizationConfig

The authorization configuration details for the Amazon EFS file system.

FilesystemId
Type: string

The Amazon EFS file system identifier to use.

RootDirectory
Type: string

The directory within the Amazon EFS file system to mount as the root directory inside the host.

TransitEncryption
Type: string

Whether to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server.

TransitEncryptionPort
Type: int

The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server.

AwsEcsTaskDefinitionVolumesHostDetails

Description

Information about a bind mount host volume.

Members
SourcePath
Type: string

The path on the host container instance that is presented to the container.

AwsEcsTaskDetails

Description

Provides details about a task in a cluster.

Members
ClusterArn
Type: string

The Amazon Resource Name (ARN) of the cluster that hosts the task.

Containers
Type: Array of AwsEcsContainerDetails structures

The containers that are associated with the task.

CreatedAt
Type: string

The Unix timestamp for the time when the task was created. More specifically, it's for the time when the task entered the PENDING state.

Group
Type: string

The name of the task group that's associated with the task.

StartedAt
Type: string

The Unix timestamp for the time when the task started. More specifically, it's for the time when the task transitioned from the PENDING state to the RUNNING state.

StartedBy
Type: string

The tag specified when a task is started. If an Amazon ECS service started the task, the startedBy parameter contains the deployment ID of that service.

TaskDefinitionArn
Type: string

The ARN of the task definition that creates the task.

Version
Type: string

The version counter for the task.

Volumes
Type: Array of AwsEcsTaskVolumeDetails structures

Details about the data volume that is used in a task definition.

AwsEcsTaskVolumeDetails

Description

Provides information about a data volume that's used in a task definition.

Members
Host
Type: AwsEcsTaskVolumeHostDetails structure

This parameter is specified when you use bind mount host volumes. The contents of the host parameter determine whether your bind mount host volume persists on the host container instance and where it's stored.

Name
Type: string

The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This name is referenced in the sourceVolume parameter of container definition mountPoints.

AwsEcsTaskVolumeHostDetails

Description

Provides details on a container instance bind mount host volume.

Members
SourcePath
Type: string

When the host parameter is used, specify a sourcePath to declare the path on the host container instance that's presented to the container.

AwsEfsAccessPointDetails

Description

Provides information about an Amazon EFS access point.

Members
AccessPointId
Type: string

The ID of the Amazon EFS access point.

Arn
Type: string

The Amazon Resource Name (ARN) of the Amazon EFS access point.

ClientToken
Type: string

The opaque string specified in the request to ensure idempotent creation.

FileSystemId
Type: string

The ID of the Amazon EFS file system that the access point applies to.

PosixUser

The full POSIX identity, including the user ID, group ID, and secondary group IDs on the access point, that is used for all file operations by NFS clients using the access point.

RootDirectory

The directory on the Amazon EFS file system that the access point exposes as the root directory to NFS clients using the access point.

AwsEfsAccessPointPosixUserDetails

Description

Provides details for all file system operations using this Amazon EFS access point.

Members
Gid
Type: string

The POSIX group ID used for all file system operations using this access point.

SecondaryGids
Type: Array of strings

Secondary POSIX group IDs used for all file system operations using this access point.

Uid
Type: string

The POSIX user ID used for all file system operations using this access point.

AwsEfsAccessPointRootDirectoryCreationInfoDetails

Description

Provides information about the settings that Amazon EFS uses to create the root directory when a client connects to an access point.

Members
OwnerGid
Type: string

Specifies the POSIX group ID to apply to the root directory.

OwnerUid
Type: string

Specifies the POSIX user ID to apply to the root directory.

Permissions
Type: string

Specifies the POSIX permissions to apply to the root directory, in the format of an octal number representing the file's mode bits.

AwsEfsAccessPointRootDirectoryDetails

Description

Provides information about the directory on the Amazon EFS file system that the access point exposes as the root directory to NFS clients using the access point.

Members
CreationInfo

Specifies the POSIX IDs and permissions to apply to the access point's root directory.

Path
Type: string

Specifies the path on the Amazon EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system. A path can have up to four subdirectories. If the specified path does not exist, you are required to provide CreationInfo.

AwsEksClusterDetails

Description

Provides details about an Amazon EKS cluster.

Members
Arn
Type: string

The ARN of the cluster.

CertificateAuthorityData
Type: string

The certificate authority data for the cluster.

ClusterStatus
Type: string

The status of the cluster. Valid values are as follows:

  • ACTIVE

  • CREATING

  • DELETING

  • FAILED

  • PENDING

  • UPDATING

Endpoint
Type: string

The endpoint for the Amazon EKS API server.

Logging
Type: AwsEksClusterLoggingDetails structure

The logging configuration for the cluster.

Name
Type: string

The name of the cluster.

ResourcesVpcConfig

The VPC configuration used by the cluster control plane.

RoleArn
Type: string

The ARN of the IAM role that provides permissions for the Amazon EKS control plane to make calls to Amazon Web Services API operations on your behalf.

Version
Type: string

The Amazon EKS server version for the cluster.

AwsEksClusterLoggingClusterLoggingDetails

Description

Details for a cluster logging configuration.

Members
Enabled
Type: boolean

Whether the logging types that are listed in Types are enabled.

Types
Type: Array of strings

A list of logging types. Valid values are as follows:

  • api

  • audit

  • authenticator

  • controllerManager

  • scheduler

AwsEksClusterLoggingDetails

Description

The logging configuration for an Amazon EKS cluster.

Members
ClusterLogging
Type: Array of AwsEksClusterLoggingClusterLoggingDetails structures

Cluster logging configurations.

AwsEksClusterResourcesVpcConfigDetails

Description

Information about the VPC configuration used by the cluster control plane.

Members
EndpointPublicAccess
Type: boolean

Indicates whether the Amazon EKS public API server endpoint is turned on. If the Amazon EKS public API server endpoint is turned off, your cluster's Kubernetes API server can only receive requests that originate from within the cluster VPC.

SecurityGroupIds
Type: Array of strings

The security groups that are associated with the cross-account elastic network interfaces that are used to allow communication between your nodes and the Amazon EKS control plane.

SubnetIds
Type: Array of strings

The subnets that are associated with the cluster.

AwsElasticBeanstalkEnvironmentDetails

Description

Contains details about an Elastic Beanstalk environment.

Members
ApplicationName
Type: string

The name of the application that is associated with the environment.

Cname
Type: string

The URL to the CNAME for this environment.

DateCreated
Type: string

The creation date for this environment.

DateUpdated
Type: string

The date when this environment was last modified.

Description
Type: string

A description of the environment.

EndpointUrl
Type: string

For load-balanced, autoscaling environments, the URL to the load balancer. For single-instance environments, the IP address of the instance.

EnvironmentArn
Type: string

The ARN of the environment.

EnvironmentId
Type: string

The identifier of the environment.

EnvironmentLinks

Links to other environments in the same group.

EnvironmentName
Type: string

The name of the environment.

OptionSettings

The configuration setting for the environment.

PlatformArn
Type: string

The ARN of the platform version for the environment.

SolutionStackName
Type: string

The name of the solution stack that is deployed with the environment.

Status
Type: string

The current operational status of the environment. Valid values are as follows:

  • Aborting

  • Launching

  • LinkingFrom

  • LinkingTo

  • Ready

  • Terminated

  • Terminating

  • Updating

Tier

The tier of the environment.

VersionLabel
Type: string

The application version of the environment.

Description

Contains information about a link to another environment that is in the same group.

Members
EnvironmentName
Type: string

The name of the linked environment.

LinkName
Type: string

The name of the environment link.

AwsElasticBeanstalkEnvironmentOptionSetting

Description

A configuration option setting for the environment.

Members
Namespace
Type: string

The type of resource that the configuration option is associated with.

OptionName
Type: string

The name of the option.

ResourceName
Type: string

The name of the resource.

Value
Type: string

The value of the configuration setting.

AwsElasticBeanstalkEnvironmentTier

Description

Contains information about the tier of the environment.

Members
Name
Type: string

The name of the environment tier. Valid values are WebServer or Worker.

Type
Type: string

The type of environment tier. Valid values are Standard or SQS/HTTP.

Version
Type: string

The version of the environment tier.

AwsElasticsearchDomainDetails

Description

Information about an Elasticsearch domain.

Members
AccessPolicies
Type: string

IAM policy document specifying the access policies for the new Elasticsearch domain.

DomainEndpointOptions

Additional options for the domain endpoint.

DomainId
Type: string

Unique identifier for an Elasticsearch domain.

DomainName
Type: string

Name of an Elasticsearch domain.

Domain names are unique across all domains owned by the same account within an Amazon Web Services Region.

Domain names must start with a lowercase letter and must be between 3 and 28 characters.

Valid characters are a-z (lowercase only), 0-9, and – (hyphen).

ElasticsearchClusterConfig

Information about an OpenSearch cluster configuration.

ElasticsearchVersion
Type: string

OpenSearch version.

EncryptionAtRestOptions

Details about the configuration for encryption at rest.

Endpoint
Type: string

Domain-specific endpoint used to submit index, search, and data upload requests to an Elasticsearch domain.

The endpoint is a service URL.

Endpoints
Type: Associative array of custom strings keys (NonEmptyString) to strings

The key-value pair that exists if the Elasticsearch domain uses VPC endpoints.

LogPublishingOptions

Configures the CloudWatch Logs to publish for the Elasticsearch domain.

NodeToNodeEncryptionOptions

Details about the configuration for node-to-node encryption.

ServiceSoftwareOptions

Information about the status of a domain relative to the latest service software.

VPCOptions

Information that OpenSearch derives based on VPCOptions for the domain.

AwsElasticsearchDomainDomainEndpointOptions

Description

Additional options for the domain endpoint, such as whether to require HTTPS for all traffic.

Members
EnforceHTTPS
Type: boolean

Whether to require that all traffic to the domain arrive over HTTPS.

TLSSecurityPolicy
Type: string

The TLS security policy to apply to the HTTPS endpoint of the OpenSearch domain.

Valid values:

  • Policy-Min-TLS-1-0-2019-07, which supports TLSv1.0 and higher

  • Policy-Min-TLS-1-2-2019-07, which only supports TLSv1.2

AwsElasticsearchDomainElasticsearchClusterConfigDetails

Description

details about the configuration of an OpenSearch cluster.

Members
DedicatedMasterCount
Type: int

The number of instances to use for the master node. If this attribute is specified, then DedicatedMasterEnabled must be true.

DedicatedMasterEnabled
Type: boolean

Whether to use a dedicated master node for the Elasticsearch domain. A dedicated master node performs cluster management tasks, but doesn't hold data or respond to data upload requests.

DedicatedMasterType
Type: string

The hardware configuration of the computer that hosts the dedicated master node. A sample value is m3.medium.elasticsearch. If this attribute is specified, then DedicatedMasterEnabled must be true.

For a list of valid values, see Supported instance types in Amazon OpenSearch Service in the Amazon OpenSearch Service Developer Guide.

InstanceCount
Type: int

The number of data nodes to use in the Elasticsearch domain.

InstanceType
Type: string

The instance type for your data nodes. For example, m3.medium.elasticsearch.

For a list of valid values, see Supported instance types in Amazon OpenSearch Service in the Amazon OpenSearch Service Developer Guide.

ZoneAwarenessConfig

Configuration options for zone awareness. Provided if ZoneAwarenessEnabled is true.

ZoneAwarenessEnabled
Type: boolean

Whether to enable zone awareness for the Elasticsearch domain. When zone awareness is enabled, OpenSearch allocates the cluster's nodes and replica index shards across Availability Zones in the same Region. This prevents data loss and minimizes downtime if a node or data center fails.

AwsElasticsearchDomainElasticsearchClusterConfigZoneAwarenessConfigDetails

Description

Configuration options for zone awareness.

Members
AvailabilityZoneCount
Type: int

he number of Availability Zones that the domain uses. Valid values are 2 and 3. The default is 2.

AwsElasticsearchDomainEncryptionAtRestOptions

Description

Details about the configuration for encryption at rest.

Members
Enabled
Type: boolean

Whether encryption at rest is enabled.

KmsKeyId
Type: string

The KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a.

AwsElasticsearchDomainLogPublishingOptions

Description

configures the CloudWatch Logs to publish for the Elasticsearch domain.

Members
AuditLogs

The log configuration.

IndexSlowLogs

Configures the OpenSearch index logs publishing.

SearchSlowLogs

Configures the OpenSearch search slow log publishing.

AwsElasticsearchDomainLogPublishingOptionsLogConfig

Description

The log configuration.

Members
CloudWatchLogsLogGroupArn
Type: string

The ARN of the CloudWatch Logs group to publish the logs to.

Enabled
Type: boolean

Whether the log publishing is enabled.

AwsElasticsearchDomainNodeToNodeEncryptionOptions

Description

Details about the configuration for node-to-node encryption.

Members
Enabled
Type: boolean

Whether node-to-node encryption is enabled.

AwsElasticsearchDomainServiceSoftwareOptions

Description

Information about the state of the domain relative to the latest service software.

Members
AutomatedUpdateDate
Type: string

The epoch time when the deployment window closes for required updates. After this time, Amazon OpenSearch Service schedules the software upgrade automatically.

Cancellable
Type: boolean

Whether a request to update the domain can be canceled.

CurrentVersion
Type: string

The version of the service software that is currently installed on the domain.

Description
Type: string

A more detailed description of the service software status.

NewVersion
Type: string

The most recent version of the service software.

UpdateAvailable
Type: boolean

Whether a service software update is available for the domain.

UpdateStatus
Type: string

The status of the service software update. Valid values are as follows:

  • COMPLETED

  • ELIGIBLE

  • IN_PROGRESS

  • NOT_ELIGIBLE

  • PENDING_UPDATE

AwsElasticsearchDomainVPCOptions

Description

Information that OpenSearch derives based on VPCOptions for the domain.

Members
AvailabilityZones
Type: Array of strings

The list of Availability Zones associated with the VPC subnets.

SecurityGroupIds
Type: Array of strings

The list of security group IDs associated with the VPC endpoints for the domain.

SubnetIds
Type: Array of strings

A list of subnet IDs associated with the VPC endpoints for the domain.

VPCId
Type: string

ID for the VPC.

AwsElbAppCookieStickinessPolicy

Description

Contains information about a stickiness policy that was created using CreateAppCookieStickinessPolicy.

Members
CookieName
Type: string

The name of the application cookie used for stickiness.

PolicyName
Type: string

The mnemonic name for the policy being created. The name must be unique within the set of policies for the load balancer.

AwsElbLbCookieStickinessPolicy

Description

Contains information about a stickiness policy that was created using CreateLBCookieStickinessPolicy.

Members
CookieExpirationPeriod
Type: long (int|float)

The amount of time, in seconds, after which the cookie is considered stale. If an expiration period is not specified, the stickiness session lasts for the duration of the browser session.

PolicyName
Type: string

The name of the policy. The name must be unique within the set of policies for the load balancer.

AwsElbLoadBalancerAccessLog

Description

Contains information about the access log configuration for the load balancer.

Members
EmitInterval
Type: int

The interval in minutes for publishing the access logs.

You can publish access logs either every 5 minutes or every 60 minutes.

Enabled
Type: boolean

Indicates whether access logs are enabled for the load balancer.

S3BucketName
Type: string

The name of the S3 bucket where the access logs are stored.

S3BucketPrefix
Type: string

The logical hierarchy that was created for the S3 bucket.

If a prefix is not provided, the log is placed at the root level of the bucket.

AwsElbLoadBalancerAdditionalAttribute

Description

Provides information about additional attributes for the load balancer.

Members
Key
Type: string

The name of the attribute.

Value
Type: string

The value of the attribute.

AwsElbLoadBalancerAttributes

Description

Contains attributes for the load balancer.

Members
AccessLog
Type: AwsElbLoadBalancerAccessLog structure

Information about the access log configuration for the load balancer.

If the access log is enabled, the load balancer captures detailed information about all requests. It delivers the information to a specified S3 bucket.

AdditionalAttributes
Type: Array of AwsElbLoadBalancerAdditionalAttribute structures

Any additional attributes for a load balancer.

ConnectionDraining

Information about the connection draining configuration for the load balancer.

If connection draining is enabled, the load balancer allows existing requests to complete before it shifts traffic away from a deregistered or unhealthy instance.

ConnectionSettings

Connection settings for the load balancer.

If an idle timeout is configured, the load balancer allows connections to remain idle for the specified duration. When a connection is idle, no data is sent over the connection.

CrossZoneLoadBalancing

Cross-zone load balancing settings for the load balancer.

If cross-zone load balancing is enabled, the load balancer routes the request traffic evenly across all instances regardless of the Availability Zones.

AwsElbLoadBalancerBackendServerDescription

Description

Provides information about the configuration of an EC2 instance for the load balancer.

Members
InstancePort
Type: int

The port on which the EC2 instance is listening.

PolicyNames
Type: Array of strings

The names of the policies that are enabled for the EC2 instance.

AwsElbLoadBalancerConnectionDraining

Description

Contains information about the connection draining configuration for the load balancer.

Members
Enabled
Type: boolean

Indicates whether connection draining is enabled for the load balancer.

Timeout
Type: int

The maximum time, in seconds, to keep the existing connections open before deregistering the instances.

AwsElbLoadBalancerConnectionSettings

Description

Contains connection settings for the load balancer.

Members
IdleTimeout
Type: int

The time, in seconds, that the connection can be idle (no data is sent over the connection) before it is closed by the load balancer.

AwsElbLoadBalancerCrossZoneLoadBalancing

Description

Contains cross-zone load balancing settings for the load balancer.

Members
Enabled
Type: boolean

Indicates whether cross-zone load balancing is enabled for the load balancer.

AwsElbLoadBalancerDetails

Description

Contains details about a Classic Load Balancer.

Members
AvailabilityZones
Type: Array of strings

The list of Availability Zones for the load balancer.

BackendServerDescriptions
Type: Array of AwsElbLoadBalancerBackendServerDescription structures

Information about the configuration of the EC2 instances.

CanonicalHostedZoneName
Type: string

The name of the Amazon Route 53 hosted zone for the load balancer.

CanonicalHostedZoneNameID
Type: string

The ID of the Amazon Route 53 hosted zone for the load balancer.

CreatedTime
Type: string

Indicates when the load balancer was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

DnsName
Type: string

The DNS name of the load balancer.

HealthCheck

Information about the health checks that are conducted on the load balancer.

Instances
Type: Array of AwsElbLoadBalancerInstance structures

List of EC2 instances for the load balancer.

ListenerDescriptions
Type: Array of AwsElbLoadBalancerListenerDescription structures

The policies that are enabled for the load balancer listeners.

LoadBalancerAttributes

The attributes for a load balancer.

LoadBalancerName
Type: string

The name of the load balancer.

Policies
Type: AwsElbLoadBalancerPolicies structure

The policies for a load balancer.

Scheme
Type: string

The type of load balancer. Only provided if the load balancer is in a VPC.

If Scheme is internet-facing, the load balancer has a public DNS name that resolves to a public IP address.

If Scheme is internal, the load balancer has a public DNS name that resolves to a private IP address.

SecurityGroups
Type: Array of strings

The security groups for the load balancer. Only provided if the load balancer is in a VPC.

SourceSecurityGroup

Information about the security group for the load balancer. This is the security group that is used for inbound rules.

Subnets
Type: Array of strings

The list of subnet identifiers for the load balancer.

VpcId
Type: string

The identifier of the VPC for the load balancer.

AwsElbLoadBalancerHealthCheck

Description

Contains information about the health checks that are conducted on the load balancer.

Members
HealthyThreshold
Type: int

The number of consecutive health check successes required before the instance is moved to the Healthy state.

Interval
Type: int

The approximate interval, in seconds, between health checks of an individual instance.

Target
Type: string

The instance that is being checked. The target specifies the protocol and port. The available protocols are TCP, SSL, HTTP, and HTTPS. The range of valid ports is 1 through 65535.

For the HTTP and HTTPS protocols, the target also specifies the ping path.

For the TCP protocol, the target is specified as TCP: <port> .

For the SSL protocol, the target is specified as SSL.<port> .

For the HTTP and HTTPS protocols, the target is specified as <protocol>:<port>/<path to ping> .

Timeout
Type: int

The amount of time, in seconds, during which no response means a failed health check.

UnhealthyThreshold
Type: int

The number of consecutive health check failures that must occur before the instance is moved to the Unhealthy state.

AwsElbLoadBalancerInstance

Description

Provides information about an EC2 instance for a load balancer.

Members
InstanceId
Type: string

The instance identifier.

AwsElbLoadBalancerListener

Description

Information about a load balancer listener.

Members
InstancePort
Type: int

The port on which the instance is listening.

InstanceProtocol
Type: string

The protocol to use to route traffic to instances.

Valid values: HTTP | HTTPS | TCP | SSL

LoadBalancerPort
Type: int

The port on which the load balancer is listening.

On EC2-VPC, you can specify any port from the range 1-65535.

On EC2-Classic, you can specify any port from the following list: 25, 80, 443, 465, 587, 1024-65535.

Protocol
Type: string

The load balancer transport protocol to use for routing.

Valid values: HTTP | HTTPS | TCP | SSL

SslCertificateId
Type: string

The ARN of the server certificate.

AwsElbLoadBalancerListenerDescription

Description

Lists the policies that are enabled for a load balancer listener.

Members
Listener
Type: AwsElbLoadBalancerListener structure

Information about the listener.

PolicyNames
Type: Array of strings

The policies enabled for the listener.

AwsElbLoadBalancerPolicies

Description

Contains information about the policies for a load balancer.

Members
AppCookieStickinessPolicies
Type: Array of AwsElbAppCookieStickinessPolicy structures

The stickiness policies that are created using CreateAppCookieStickinessPolicy.

LbCookieStickinessPolicies
Type: Array of AwsElbLbCookieStickinessPolicy structures

The stickiness policies that are created using CreateLBCookieStickinessPolicy.

OtherPolicies
Type: Array of strings

The policies other than the stickiness policies.

AwsElbLoadBalancerSourceSecurityGroup

Description

Contains information about the security group for the load balancer.

Members
GroupName
Type: string

The name of the security group.

OwnerAlias
Type: string

The owner of the security group.

AwsElbv2LoadBalancerAttribute

Description

A load balancer attribute.

Members
Key
Type: string

The name of the load balancer attribute.

Value
Type: string

The value of the load balancer attribute.

AwsElbv2LoadBalancerDetails

Description

Information about a load balancer.

Members
AvailabilityZones
Type: Array of AvailabilityZone structures

The Availability Zones for the load balancer.

CanonicalHostedZoneId
Type: string

The ID of the Amazon Route 53 hosted zone associated with the load balancer.

CreatedTime
Type: string

Indicates when the load balancer was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

DNSName
Type: string

The public DNS name of the load balancer.

IpAddressType
Type: string

The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).

LoadBalancerAttributes
Type: Array of AwsElbv2LoadBalancerAttribute structures

Attributes of the load balancer.

Scheme
Type: string

The nodes of an Internet-facing load balancer have public IP addresses.

SecurityGroups
Type: Array of strings

The IDs of the security groups for the load balancer.

State
Type: LoadBalancerState structure

The state of the load balancer.

Type
Type: string

The type of load balancer.

VpcId
Type: string

The ID of the VPC for the load balancer.

AwsEventSchemasRegistryDetails

Description

A schema defines the structure of events that are sent to Amazon EventBridge. Schema registries are containers for schemas. They collect and organize schemas so that your schemas are in logical groups.

Members
Description
Type: string

A description of the registry to be created.

RegistryArn
Type: string

The Amazon Resource Name (ARN) of the registry.

RegistryName
Type: string

The name of the schema registry.

AwsEventsEndpointDetails

Description

Provides details about an Amazon EventBridge global endpoint. The endpoint can improve your application’s availability by making it Regional-fault tolerant.

Members
Arn
Type: string

The Amazon Resource Name (ARN) of the endpoint.

Description
Type: string

A description of the endpoint.

EndpointId
Type: string

The URL subdomain of the endpoint. For example, if EndpointUrl is https://abcde.veo.endpoints.event.amazonaws.com, then the EndpointId is abcde.veo.

EndpointUrl
Type: string

The URL of the endpoint.

EventBuses
Type: Array of AwsEventsEndpointEventBusesDetails structures

The event buses being used by the endpoint.

Name
Type: string

The name of the endpoint.

ReplicationConfig

Whether event replication was enabled or disabled for this endpoint. The default state is ENABLED, which means you must supply a RoleArn. If you don't have a RoleArn or you don't want event replication enabled, set the state to DISABLED.

RoleArn
Type: string

The ARN of the role used by event replication for the endpoint.

RoutingConfig

The routing configuration of the endpoint.

State
Type: string

The current state of the endpoint.

StateReason
Type: string

The reason the endpoint is in its current state.

AwsEventsEndpointEventBusesDetails

Description

Provides details about the Amazon EventBridge event buses that the endpoint is associated with.

Members
EventBusArn
Type: string

The Amazon Resource Name (ARN) of the event bus that the endpoint is associated with.

AwsEventsEndpointReplicationConfigDetails

Description

Indicates whether replication is enabled or disabled for the endpoint. If enabled, the endpoint can replicate all events to a secondary Amazon Web Services Region.

Members
State
Type: string

The state of event replication.

AwsEventsEndpointRoutingConfigDetails

Description

Provides details about the routing configuration of the endpoint.

Members
FailoverConfig

The failover configuration for an endpoint. This includes what triggers failover and what happens when it's triggered.

AwsEventsEndpointRoutingConfigFailoverConfigPrimaryDetails

Description

Provides details about the primary Amazon Web Services Region of the endpoint.

Members
HealthCheck
Type: string

The Amazon Resource Name (ARN) of the health check used by the endpoint to determine whether failover is triggered.

AwsEventsEndpointRoutingConfigFailoverConfigSecondaryDetails

Description

The Amazon Web Services Region that events are routed to when failover is triggered or event replication is enabled.

Members
Route
Type: string

Defines the secondary Region.

AwsEventsEventbusDetails

Description

Provides details about Amazon EventBridge event bus. An event bus is a router that receives events and delivers them to zero or more destinations, or targets. This can be a custom event bus which you can use to receive events from your custom applications and services, or it can be a partner event bus which can be matched to a partner event source.

Members
Arn
Type: string

The Amazon Resource Name (ARN) of the account permitted to write events to the current account.

Name
Type: string

The name of the event bus.

Policy
Type: string

The policy that enables the external account to send events to your account.

AwsGuardDutyDetectorDataSourcesCloudTrailDetails

Description

An object that contains information on the status of CloudTrail as a data source for the detector.

Members
Status
Type: string

Specifies whether CloudTrail is activated as a data source for the detector.

AwsGuardDutyDetectorDataSourcesDetails

Description

Describes which data sources are activated for the detector.

Members
CloudTrail

An object that contains information on the status of CloudTrail as a data source for the detector.

DnsLogs

An object that contains information on the status of DNS logs as a data source for the detector.

FlowLogs

An object that contains information on the status of VPC Flow Logs as a data source for the detector.

Kubernetes

An object that contains information on the status of Kubernetes data sources for the detector.

MalwareProtection

An object that contains information on the status of Malware Protection as a data source for the detector.

S3Logs

An object that contains information on the status of S3 Data event logs as a data source for the detector.

AwsGuardDutyDetectorDataSourcesDnsLogsDetails

Description

An object that contains information on the status of DNS logs as a data source for the detector.

Members
Status
Type: string

Describes whether DNS logs is enabled as a data source for the detector.

AwsGuardDutyDetectorDataSourcesFlowLogsDetails

Description

An object that contains information on the status of VPC Flow Logs as a data source for the detector.

Members
Status
Type: string

Describes whether VPC Flow Logs are activated as a data source for the detector.

AwsGuardDutyDetectorDataSourcesKubernetesAuditLogsDetails

Description

An object that contains information on the status of Kubernetes audit logs as a data source for the detector.

Members
Status
Type: string

Describes whether Kubernetes audit logs are activated as a data source for the detector.

AwsGuardDutyDetectorDataSourcesKubernetesDetails

Description

An object that contains information on the status of Kubernetes data sources for the detector.

Members
AuditLogs

Describes whether Kubernetes audit logs are activated as a data source for the detector.

AwsGuardDutyDetectorDataSourcesMalwareProtectionDetails

Description

An object that contains information on the status of Malware Protection as a data source for the detector.

Members
ScanEc2InstanceWithFindings

Describes the configuration of Malware Protection for EC2 instances with findings.

ServiceRole
Type: string

The GuardDuty Malware Protection service role.

AwsGuardDutyDetectorDataSourcesMalwareProtectionScanEc2InstanceWithFindingsEbsVolumesDetails

Description

Describes the configuration of scanning EBS volumes (Malware Protection) as a data source.

Members
Reason
Type: string

Specifies the reason why scanning EBS volumes (Malware Protection) isn’t activated as a data source.

Status
Type: string

Describes whether scanning EBS volumes is activated as a data source for the detector.

AwsGuardDutyDetectorDataSourcesS3LogsDetails

Description

An object that contains information on the status of S3 data event logs as a data source for the detector.

Members
Status
Type: string

A value that describes whether S3 data event logs are automatically enabled for new members of an organization.

AwsGuardDutyDetectorDetails

Description

Provides details about an Amazon GuardDuty detector. A detector is an object that represents the GuardDuty service. A detector is required for GuardDuty to become operational.

Members
DataSources

Describes which data sources are activated for the detector.

Features
Type: Array of AwsGuardDutyDetectorFeaturesDetails structures

Describes which features are activated for the detector.

FindingPublishingFrequency
Type: string

The publishing frequency of the finding.

ServiceRole
Type: string

The GuardDuty service role.

Status
Type: string

The activation status of the detector.

AwsGuardDutyDetectorFeaturesDetails

Description

Describes which features are activated for the detector.

Members
Name
Type: string

Indicates the name of the feature that is activated for the detector.

Status
Type: string

Indicates the status of the feature that is activated for the detector.

AwsIamAccessKeyDetails

Description

IAM access key details related to a finding.

Members
AccessKeyId
Type: string

The identifier of the access key.

AccountId
Type: string

The Amazon Web Services account ID of the account for the key.

CreatedAt
Type: string

Indicates when the IAM access key was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

PrincipalId
Type: string

The ID of the principal associated with an access key.

PrincipalName
Type: string

The name of the principal.

PrincipalType
Type: string

The type of principal associated with an access key.

SessionContext

Information about the session that the key was used for.

Status
Type: string

The status of the IAM access key related to a finding.

UserName
Type: string

The user associated with the IAM access key related to a finding.

The UserName parameter has been replaced with the PrincipalName parameter because access keys can also be assigned to principals that are not IAM users.

AwsIamAccessKeySessionContextAttributes

Description

Attributes of the session that the key was used for.

Members
CreationDate
Type: string

Indicates when the session was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

MfaAuthenticated
Type: boolean

Indicates whether the session used multi-factor authentication (MFA).

AwsIamAccessKeySessionContextSessionIssuer

Description

Information about the entity that created the session.

Members
AccountId
Type: string

The identifier of the Amazon Web Services account that created the session.

Arn
Type: string

The ARN of the session.

PrincipalId
Type: string

The principal ID of the principal (user, role, or group) that created the session.

Type
Type: string

The type of principal (user, role, or group) that created the session.

UserName
Type: string

The name of the principal that created the session.

AwsIamAttachedManagedPolicy

Description

A managed policy that is attached to an IAM principal.

Members
PolicyArn
Type: string

The ARN of the policy.

PolicyName
Type: string

The name of the policy.

AwsIamGroupDetails

Description

Contains details about an IAM group.

Members
AttachedManagedPolicies
Type: Array of AwsIamAttachedManagedPolicy structures

A list of the managed policies that are attached to the IAM group.

CreateDate
Type: string

Indicates when the IAM group was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

GroupId
Type: string

The identifier of the IAM group.

GroupName
Type: string

The name of the IAM group.

GroupPolicyList
Type: Array of AwsIamGroupPolicy structures

The list of inline policies that are embedded in the group.

Path
Type: string

The path to the group.

AwsIamGroupPolicy

Description

A managed policy that is attached to the IAM group.

Members
PolicyName
Type: string

The name of the policy.

AwsIamInstanceProfile

Description

Information about an instance profile.

Members
Arn
Type: string

The ARN of the instance profile.

CreateDate
Type: string

Indicates when the instance profile was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

InstanceProfileId
Type: string

The identifier of the instance profile.

InstanceProfileName
Type: string

The name of the instance profile.

Path
Type: string

The path to the instance profile.

Roles
Type: Array of AwsIamInstanceProfileRole structures

The roles associated with the instance profile.

AwsIamInstanceProfileRole

Description

Information about a role associated with an instance profile.

Members
Arn
Type: string

The ARN of the role.

AssumeRolePolicyDocument
Type: string

The policy that grants an entity permission to assume the role.

CreateDate
Type: string

Indicates when the role was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Path
Type: string

The path to the role.

RoleId
Type: string

The identifier of the role.

RoleName
Type: string

The name of the role.

AwsIamPermissionsBoundary

Description

Information about the policy used to set the permissions boundary for an IAM principal.

Members
PermissionsBoundaryArn
Type: string

The ARN of the policy used to set the permissions boundary.

PermissionsBoundaryType
Type: string

The usage type for the permissions boundary.

AwsIamPolicyDetails

Description

Represents an IAM permissions policy.

Members
AttachmentCount
Type: int

The number of users, groups, and roles that the policy is attached to.

CreateDate
Type: string

When the policy was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

DefaultVersionId
Type: string

The identifier of the default version of the policy.

Description
Type: string

A description of the policy.

IsAttachable
Type: boolean

Whether the policy can be attached to a user, group, or role.

Path
Type: string

The path to the policy.

PermissionsBoundaryUsageCount
Type: int

The number of users and roles that use the policy to set the permissions boundary.

PolicyId
Type: string

The unique identifier of the policy.

PolicyName
Type: string

The name of the policy.

PolicyVersionList
Type: Array of AwsIamPolicyVersion structures

List of versions of the policy.

UpdateDate
Type: string

When the policy was most recently updated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

AwsIamPolicyVersion

Description

A version of an IAM policy.

Members
CreateDate
Type: string

Indicates when the version was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

IsDefaultVersion
Type: boolean

Whether the version is the default version.

VersionId
Type: string

The identifier of the policy version.

AwsIamRoleDetails

Description

Contains information about an IAM role, including all of the role's policies.

Members
AssumeRolePolicyDocument
Type: string

The trust policy that grants permission to assume the role.

AttachedManagedPolicies
Type: Array of AwsIamAttachedManagedPolicy structures

The list of the managed policies that are attached to the role.

CreateDate
Type: string

Indicates when the role was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

InstanceProfileList
Type: Array of AwsIamInstanceProfile structures

The list of instance profiles that contain this role.

MaxSessionDuration
Type: int

The maximum session duration (in seconds) that you want to set for the specified role.

Path
Type: string

The path to the role.

PermissionsBoundary
Type: AwsIamPermissionsBoundary structure

Information about the policy used to set the permissions boundary for an IAM principal.

RoleId
Type: string

The stable and unique string identifying the role.

RoleName
Type: string

The friendly name that identifies the role.

RolePolicyList
Type: Array of AwsIamRolePolicy structures

The list of inline policies that are embedded in the role.

AwsIamRolePolicy

Description

An inline policy that is embedded in the role.

Members
PolicyName
Type: string

The name of the policy.

AwsIamUserDetails

Description

Information about an IAM user.

Members
AttachedManagedPolicies
Type: Array of AwsIamAttachedManagedPolicy structures

A list of the managed policies that are attached to the user.

CreateDate
Type: string

Indicates when the user was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

GroupList
Type: Array of strings

A list of IAM groups that the user belongs to.

Path
Type: string

The path to the user.

PermissionsBoundary
Type: AwsIamPermissionsBoundary structure

The permissions boundary for the user.

UserId
Type: string

The unique identifier for the user.

UserName
Type: string

The name of the user.

UserPolicyList
Type: Array of AwsIamUserPolicy structures

The list of inline policies that are embedded in the user.

AwsIamUserPolicy

Description

Information about an inline policy that is embedded in the user.

Members
PolicyName
Type: string

The name of the policy.

AwsKinesisStreamDetails

Description

Provides information about an Amazon Kinesis data stream.

Members
Arn
Type: string

The Amazon Resource Name (ARN) of the Kinesis data stream.

Name
Type: string

The name of the Kinesis stream. If you don't specify a name, CloudFront generates a unique physical ID and uses that ID for the stream name.

RetentionPeriodHours
Type: int

The number of hours for the data records that are stored in shards to remain accessible.

ShardCount
Type: int

The number of shards that the stream uses.

StreamEncryption

When specified, enables or updates server-side encryption using an KMS key for a specified stream. Removing this property from your stack template and updating your stack disables encryption.

AwsKinesisStreamStreamEncryptionDetails

Description

Provides information about stream encryption.

Members
EncryptionType
Type: string

The encryption type to use.

KeyId
Type: string

The globally unique identifier for the customer-managed KMS key to use for encryption.

AwsKmsKeyDetails

Description

Contains metadata about an KMS key.

Members
AWSAccountId
Type: string

The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.

CreationDate
Type: double

Indicates when the KMS key was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Description
Type: string

A description of the KMS key.

KeyId
Type: string

The globally unique identifier for the KMS key.

KeyManager
Type: string

The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon Web Services managed.

KeyRotationStatus
Type: boolean

Whether the key has key rotation enabled.

KeyState
Type: string

The state of the KMS key. Valid values are as follows:

  • Disabled

  • Enabled

  • PendingDeletion

  • PendingImport

  • Unavailable

Origin
Type: string

The source of the KMS key material.

When this value is AWS_KMS, KMS created the key material.

When this value is EXTERNAL, the key material was imported from your existing key management infrastructure or the KMS key lacks key material.

When this value is AWS_CLOUDHSM, the key material was created in the CloudHSM cluster associated with a custom key store.

AwsLambdaFunctionCode

Description

The code for the Lambda function. You can specify either an object in Amazon S3, or upload a deployment package directly.

Members
S3Bucket
Type: string

An Amazon S3 bucket in the same Amazon Web Services Region as your function. The bucket can be in a different Amazon Web Services account.

S3Key
Type: string

The Amazon S3 key of the deployment package.

S3ObjectVersion
Type: string

For versioned objects, the version of the deployment package object to use.

ZipFile
Type: string

The base64-encoded contents of the deployment package. Amazon Web Services SDK and Amazon Web Services CLI clients handle the encoding for you.

AwsLambdaFunctionDeadLetterConfig

Description

The dead-letter queue for failed asynchronous invocations.

Members
TargetArn
Type: string

The ARN of an SQS queue or SNS topic.

AwsLambdaFunctionDetails

Description

Details about an Lambda function's configuration.

Members
Architectures
Type: Array of strings

The instruction set architecture that the function uses. Valid values are x86_64 or arm64.

Code
Type: AwsLambdaFunctionCode structure

An AwsLambdaFunctionCode object.

CodeSha256
Type: string

The SHA256 hash of the function's deployment package.

DeadLetterConfig

The function's dead letter queue.

Environment

The function's environment variables.

FunctionName
Type: string

The name of the function.

Handler
Type: string

The function that Lambda calls to begin executing your function.

KmsKeyArn
Type: string

The KMS key that is used to encrypt the function's environment variables. This key is only returned if you've configured a customer managed customer managed key.

LastModified
Type: string

Indicates when the function was last updated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Layers
Type: Array of AwsLambdaFunctionLayer structures

The function's layers.

MasterArn
Type: string

For Lambda@Edge functions, the ARN of the master function.

MemorySize
Type: int

The memory that is allocated to the function.

PackageType
Type: string

The type of deployment package that's used to deploy the function code to Lambda. Set to Image for a container image and Zip for a .zip file archive.

RevisionId
Type: string

The latest updated revision of the function or alias.

Role
Type: string

The function's execution role.

Runtime
Type: string

The runtime environment for the Lambda function.

Timeout
Type: int

The amount of time that Lambda allows a function to run before stopping it.

TracingConfig

The function's X-Ray tracing configuration.

Version
Type: string

The version of the Lambda function.

VpcConfig
Type: AwsLambdaFunctionVpcConfig structure

The function's networking configuration.

AwsLambdaFunctionEnvironment

Description

A function's environment variable settings.

Members
Error

An AwsLambdaFunctionEnvironmentError object.

Variables
Type: Associative array of custom strings keys (NonEmptyString) to strings

Environment variable key-value pairs.

AwsLambdaFunctionEnvironmentError

Description

Error messages for environment variables that could not be applied.

Members
ErrorCode
Type: string

The error code.

Message
Type: string

The error message.

AwsLambdaFunctionLayer

Description

An Lambda layer.

Members
Arn
Type: string

The ARN of the function layer.

CodeSize
Type: int

The size of the layer archive in bytes.

AwsLambdaFunctionTracingConfig

Description

The function's X-Ray tracing configuration.

Members
Mode
Type: string

The tracing mode.

AwsLambdaFunctionVpcConfig

Description

The VPC security groups and subnets that are attached to a Lambda function.

Members
SecurityGroupIds
Type: Array of strings

A list of VPC security groups IDs.

SubnetIds
Type: Array of strings

A list of VPC subnet IDs.

VpcId
Type: string

The ID of the VPC.

AwsLambdaLayerVersionDetails

Description

Details about a Lambda layer version.

Members
CompatibleRuntimes
Type: Array of strings

The layer's compatible function runtimes.

The following list includes deprecated runtimes. For more information, see Runtime deprecation policy in the Lambda Developer Guide.

Array Members: Maximum number of 5 items.

Valid Values: nodejs | nodejs4.3 | nodejs6.10 | nodejs8.10 | nodejs10.x | nodejs12.x | nodejs14.x | nodejs16.x | java8 | java8.al2 | java11 | python2.7 | python3.6 | python3.7 | python3.8 | python3.9 | dotnetcore1.0 | dotnetcore2.0 | dotnetcore2.1 | dotnetcore3.1 | dotnet6 | nodejs4.3-edge | go1.x | ruby2.5 | ruby2.7 | provided | provided.al2 | nodejs18.x | python3.10 | java17 | ruby3.2 | python3.11 | nodejs20.x | provided.al2023 | python3.12 | java21

CreatedDate
Type: string

Indicates when the version was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Version
Type: long (int|float)

The version number.

AwsMountPoint

Description

Details for a volume mount point that's used in a container definition.

Members
ContainerPath
Type: string

The path on the container to mount the host volume at.

SourceVolume
Type: string

The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume.

AwsMskClusterClusterInfoClientAuthenticationDetails

Description

Provides details about different modes of client authentication.

Members
Sasl

Provides details for client authentication using SASL.

Tls

Provides details for client authentication using TLS.

Unauthenticated

Provides details for allowing no client authentication.

AwsMskClusterClusterInfoClientAuthenticationSaslIamDetails

Description

Details for SASL/IAM client authentication.

Members
Enabled
Type: boolean

Indicates whether SASL/IAM authentication is enabled or not.

AwsMskClusterClusterInfoClientAuthenticationSaslScramDetails

Description

Details for SASL/SCRAM client authentication.

Members
Enabled
Type: boolean

Indicates whether SASL/SCRAM authentication is enabled or not.

AwsMskClusterClusterInfoClientAuthenticationTlsDetails

Description

Provides details for client authentication using TLS.

Members
CertificateAuthorityArnList
Type: Array of strings

List of Amazon Web Services Private CA Amazon Resource Names (ARNs). Amazon Web Services Private CA enables creation of private certificate authority (CA) hierarchies, including root and subordinate CAs, without the investment and maintenance costs of operating an on-premises CA.

Enabled
Type: boolean

Indicates whether TLS authentication is enabled or not.

AwsMskClusterClusterInfoClientAuthenticationUnauthenticatedDetails

Description

Provides details for allowing no client authentication.

Members
Enabled
Type: boolean

Indicates whether unauthenticated is allowed or not.

AwsMskClusterClusterInfoDetails

Description

Provide details about an Amazon Managed Streaming for Apache Kafka (Amazon MSK) cluster.

Members
ClientAuthentication

Provides information for different modes of client authentication.

ClusterName
Type: string

The name of the cluster.

CurrentVersion
Type: string

The current version of the cluster.

EncryptionInfo

Includes encryption-related information, such as the KMS key used for encrypting data at rest and whether you want Amazon MSK to encrypt your data in transit.

EnhancedMonitoring
Type: string

Specifies the level of monitoring for the cluster.

NumberOfBrokerNodes
Type: int

The number of broker nodes in the cluster.

AwsMskClusterClusterInfoEncryptionInfoDetails

Description

Includes encryption-related information, such as the KMS key used for encrypting data at rest and whether you want MSK to encrypt your data in transit.

Members
EncryptionAtRest

The data-volume encryption details. You can't update encryption at rest settings for existing clusters.

EncryptionInTransit

The settings for encrypting data in transit.

AwsMskClusterClusterInfoEncryptionInfoEncryptionAtRestDetails

Description

The data-volume encryption details. You can't update encryption at rest settings for existing clusters.

Members
DataVolumeKMSKeyId
Type: string

The Amazon Resource Name (ARN) of the KMS key for encrypting data at rest. If you don't specify a KMS key, MSK creates one for you and uses it.

AwsMskClusterClusterInfoEncryptionInfoEncryptionInTransitDetails

Description

The settings for encrypting data in transit.

Members
ClientBroker
Type: string

Indicates the encryption setting for data in transit between clients and brokers.

InCluster
Type: boolean

When set to true, it indicates that data communication among the broker nodes of the cluster is encrypted. When set to false, the communication happens in plain text. The default value is true.

AwsMskClusterDetails

Description

Provides details about an Amazon Managed Streaming for Apache Kafka (Amazon MSK) cluster.

Members
ClusterInfo

Provides information about a cluster.

AwsNetworkFirewallFirewallDetails

Description

Details about an Network Firewall firewall.

Members
DeleteProtection
Type: boolean

Whether the firewall is protected from deletion. If set to true, then the firewall cannot be deleted.

Description
Type: string

A description of the firewall.

FirewallArn
Type: string

The ARN of the firewall.

FirewallId
Type: string

The identifier of the firewall.

FirewallName
Type: string

A descriptive name of the firewall.

FirewallPolicyArn
Type: string

The ARN of the firewall policy.

FirewallPolicyChangeProtection
Type: boolean

Whether the firewall is protected from a change to the firewall policy. If set to true, you cannot associate a different policy with the firewall.

SubnetChangeProtection
Type: boolean

Whether the firewall is protected from a change to the subnet associations. If set to true, you cannot map different subnets to the firewall.

SubnetMappings

The public subnets that Network Firewall uses for the firewall. Each subnet must belong to a different Availability Zone.

VpcId
Type: string

The identifier of the VPC where the firewall is used.

AwsNetworkFirewallFirewallPolicyDetails

Description

Details about a firewall policy. A firewall policy defines the behavior of a network firewall.

Members
Description
Type: string

A description of the firewall policy.

FirewallPolicy
Type: FirewallPolicyDetails structure

The firewall policy configuration.

FirewallPolicyArn
Type: string

The ARN of the firewall policy.

FirewallPolicyId
Type: string

The identifier of the firewall policy.

FirewallPolicyName
Type: string

The name of the firewall policy.

AwsNetworkFirewallFirewallSubnetMappingsDetails

Description

A public subnet that Network Firewall uses for the firewall.

Members
SubnetId
Type: string

The identifier of the subnet

AwsNetworkFirewallRuleGroupDetails

Description

Details about an Network Firewall rule group. Rule groups are used to inspect and control network traffic. Stateless rule groups apply to individual packets. Stateful rule groups apply to packets in the context of their traffic flow.

Rule groups are referenced in firewall policies.

Members
Capacity
Type: int

The maximum number of operating resources that this rule group can use.

Description
Type: string

A description of the rule group.

RuleGroup
Type: RuleGroupDetails structure

Details about the rule group.

RuleGroupArn
Type: string

The ARN of the rule group.

RuleGroupId
Type: string

The identifier of the rule group.

RuleGroupName
Type: string

The descriptive name of the rule group.

Type
Type: string

The type of rule group. A rule group can be stateful or stateless.

AwsOpenSearchServiceDomainAdvancedSecurityOptionsDetails

Description

Provides information about domain access control options.

Members
Enabled
Type: boolean

Enables fine-grained access control.

InternalUserDatabaseEnabled
Type: boolean

Enables the internal user database.

MasterUserOptions

Specifies information about the master user of the domain.

AwsOpenSearchServiceDomainClusterConfigDetails

Description

Details about the configuration of an OpenSearch cluster.

Members
DedicatedMasterCount
Type: int

The number of instances to use for the master node. If this attribute is specified, then DedicatedMasterEnabled must be true.

DedicatedMasterEnabled
Type: boolean

Whether to use a dedicated master node for the OpenSearch domain. A dedicated master node performs cluster management tasks, but does not hold data or respond to data upload requests.

DedicatedMasterType
Type: string

The hardware configuration of the computer that hosts the dedicated master node.

If this attribute is specified, then DedicatedMasterEnabled must be true.

InstanceCount
Type: int

The number of data nodes to use in the OpenSearch domain.

InstanceType
Type: string

The instance type for your data nodes.

For a list of valid values, see Supported instance types in Amazon OpenSearch Service in the Amazon OpenSearch Service Developer Guide.

WarmCount
Type: int

The number of UltraWarm instances.

WarmEnabled
Type: boolean

Whether UltraWarm is enabled.

WarmType
Type: string

The type of UltraWarm instance.

ZoneAwarenessConfig

Configuration options for zone awareness. Provided if ZoneAwarenessEnabled is true.

ZoneAwarenessEnabled
Type: boolean

Whether to enable zone awareness for the OpenSearch domain. When zone awareness is enabled, OpenSearch Service allocates the cluster's nodes and replica index shards across Availability Zones (AZs) in the same Region. This prevents data loss and minimizes downtime if a node or data center fails.

AwsOpenSearchServiceDomainClusterConfigZoneAwarenessConfigDetails

Description

Configuration options for zone awareness.

Members
AvailabilityZoneCount
Type: int

The number of Availability Zones that the domain uses. Valid values are 2 or 3. The default is 2.

AwsOpenSearchServiceDomainDetails

Description

Information about an Amazon OpenSearch Service domain.

Members
AccessPolicies
Type: string

IAM policy document that specifies the access policies for the OpenSearch Service domain.

AdvancedSecurityOptions

Specifies options for fine-grained access control.

Arn
Type: string

The ARN of the OpenSearch Service domain.

ClusterConfig

Details about the configuration of an OpenSearch cluster.

DomainEndpoint
Type: string

The domain endpoint.

DomainEndpointOptions

Additional options for the domain endpoint.

DomainEndpoints
Type: Associative array of custom strings keys (NonEmptyString) to strings

The domain endpoints. Used if the OpenSearch domain resides in a VPC.

This is a map of key-value pairs. The key is always vpc. The value is the endpoint.

DomainName
Type: string

The name of the endpoint.

EncryptionAtRestOptions

Details about the configuration for encryption at rest.

EngineVersion
Type: string

The version of the domain engine.

Id
Type: string

The identifier of the domain.

LogPublishingOptions

Configures the CloudWatch Logs to publish for the OpenSearch domain.

NodeToNodeEncryptionOptions

Details about the configuration for node-to-node encryption.

ServiceSoftwareOptions

Information about the status of a domain relative to the latest service software.

VpcOptions

Information that OpenSearch Service derives based on VPCOptions for the domain.

AwsOpenSearchServiceDomainDomainEndpointOptionsDetails

Description

Information about additional options for the domain endpoint.

Members
CustomEndpoint
Type: string

The fully qualified URL for the custom endpoint.

CustomEndpointCertificateArn
Type: string

The ARN for the security certificate. The certificate is managed in ACM.

CustomEndpointEnabled
Type: boolean

Whether to enable a custom endpoint for the domain.

EnforceHTTPS
Type: boolean

Whether to require that all traffic to the domain arrive over HTTPS.

TLSSecurityPolicy
Type: string

The TLS security policy to apply to the HTTPS endpoint of the OpenSearch domain.

AwsOpenSearchServiceDomainEncryptionAtRestOptionsDetails

Description

Details about the configuration for encryption at rest for the OpenSearch domain.

Members
Enabled
Type: boolean

Whether encryption at rest is enabled.

KmsKeyId
Type: string

The KMS key ID.

AwsOpenSearchServiceDomainLogPublishingOption

Description

Configuration details for a log publishing option.

Members
CloudWatchLogsLogGroupArn
Type: string

The ARN of the CloudWatch Logs group to publish the logs to.

Enabled
Type: boolean

Whether the log publishing is enabled.

AwsOpenSearchServiceDomainLogPublishingOptionsDetails

Description

Configures the CloudWatch Logs to publish for the OpenSearch domain.

Members
AuditLogs

Configures the OpenSearch audit logs publishing.

IndexSlowLogs

Configures the OpenSearch index logs publishing.

SearchSlowLogs

Configures the OpenSearch search slow log publishing.

AwsOpenSearchServiceDomainMasterUserOptionsDetails

Description

Specifies information about the master user of the domain.

Members
MasterUserArn
Type: string

The Amazon Resource Name (ARN) for the master user.

MasterUserName
Type: string

The username for the master user.

MasterUserPassword
Type: string

The password for the master user.

AwsOpenSearchServiceDomainNodeToNodeEncryptionOptionsDetails

Description

Provides details about the configuration for node-to-node encryption.

Members
Enabled
Type: boolean

Whether node-to-node encryption is enabled.

AwsOpenSearchServiceDomainServiceSoftwareOptionsDetails

Description

Provides information about the state of the domain relative to the latest service software.

Members
AutomatedUpdateDate
Type: string

The epoch time when the deployment window closes for required updates. After this time, OpenSearch Service schedules the software upgrade automatically.

Cancellable
Type: boolean

Whether a request to update the domain can be canceled.

CurrentVersion
Type: string

The version of the service software that is currently installed on the domain.

Description
Type: string

A more detailed description of the service software status.

NewVersion
Type: string

The most recent version of the service software.

OptionalDeployment
Type: boolean

Whether the service software update is optional.

UpdateAvailable
Type: boolean

Whether a service software update is available for the domain.

UpdateStatus
Type: string

The status of the service software update. Valid values are as follows:

  • COMPLETED

  • ELIGIBLE

  • IN_PROGRESS

  • NOT_ELIGIBLE

  • PENDING_UPDATE

AwsOpenSearchServiceDomainVpcOptionsDetails

Description

Contains information that OpenSearch Service derives based on the VPCOptions for the domain.

Members
SecurityGroupIds
Type: Array of strings

The list of security group IDs that are associated with the VPC endpoints for the domain.

SubnetIds
Type: Array of strings

A list of subnet IDs that are associated with the VPC endpoints for the domain.

AwsRdsDbClusterAssociatedRole

Description

An IAM role that is associated with the Amazon RDS DB cluster.

Members
RoleArn
Type: string

The ARN of the IAM role.

Status
Type: string

The status of the association between the IAM role and the DB cluster. Valid values are as follows:

  • ACTIVE

  • INVALID

  • PENDING

AwsRdsDbClusterDetails

Description

Information about an Amazon RDS DB cluster.

Members
ActivityStreamStatus
Type: string

The status of the database activity stream. Valid values are as follows:

  • started

  • starting

  • stopped

  • stopping

AllocatedStorage
Type: int

For all database engines except Aurora, specifies the allocated storage size in gibibytes (GiB).

AssociatedRoles
Type: Array of AwsRdsDbClusterAssociatedRole structures

A list of the IAM roles that are associated with the DB cluster.

AutoMinorVersionUpgrade
Type: boolean

Indicates if minor version upgrades are automatically applied to the cluster.

AvailabilityZones
Type: Array of strings

A list of Availability Zones (AZs) where instances in the DB cluster can be created.

BackupRetentionPeriod
Type: int

The number of days for which automated backups are retained.

ClusterCreateTime
Type: string

Indicates when the DB cluster was created, in Universal Coordinated Time (UTC).

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

CopyTagsToSnapshot
Type: boolean

Whether tags are copied from the DB cluster to snapshots of the DB cluster.

CrossAccountClone
Type: boolean

Whether the DB cluster is a clone of a DB cluster owned by a different Amazon Web Services account.

CustomEndpoints
Type: Array of strings

A list of custom endpoints for the DB cluster.

DatabaseName
Type: string

The name of the database.

DbClusterIdentifier
Type: string

The DB cluster identifier that the user assigned to the cluster. This identifier is the unique key that identifies a DB cluster.

DbClusterMembers
Type: Array of AwsRdsDbClusterMember structures

The list of instances that make up the DB cluster.

DbClusterOptionGroupMemberships
Type: Array of AwsRdsDbClusterOptionGroupMembership structures

The list of option group memberships for this DB cluster.

DbClusterParameterGroup
Type: string

The name of the DB cluster parameter group for the DB cluster.

DbClusterResourceId
Type: string

The identifier of the DB cluster. The identifier must be unique within each Amazon Web Services Region and is immutable.

DbSubnetGroup
Type: string

The subnet group that is associated with the DB cluster, including the name, description, and subnets in the subnet group.

DeletionProtection
Type: boolean

Whether the DB cluster has deletion protection enabled.

DomainMemberships
Type: Array of AwsRdsDbDomainMembership structures

The Active Directory domain membership records that are associated with the DB cluster.

EnabledCloudWatchLogsExports
Type: Array of strings

A list of log types that this DB cluster is configured to export to CloudWatch Logs.

Endpoint
Type: string

The connection endpoint for the primary instance of the DB cluster.

Engine
Type: string

The name of the database engine to use for this DB cluster. Valid values are as follows:

  • aurora

  • aurora-mysql

  • aurora-postgresql

EngineMode
Type: string

The database engine mode of the DB cluster.Valid values are as follows:

  • global

  • multimaster

  • parallelquery

  • provisioned

  • serverless

EngineVersion
Type: string

The version number of the database engine to use.

HostedZoneId
Type: string

Specifies the identifier that Amazon Route 53 assigns when you create a hosted zone.

HttpEndpointEnabled
Type: boolean

Whether the HTTP endpoint for an Aurora Serverless DB cluster is enabled.

IamDatabaseAuthenticationEnabled
Type: boolean

Whether the mapping of IAM accounts to database accounts is enabled.

KmsKeyId
Type: string

The ARN of the KMS master key that is used to encrypt the database instances in the DB cluster.

MasterUsername
Type: string

The name of the master user for the DB cluster.

MultiAz
Type: boolean

Whether the DB cluster has instances in multiple Availability Zones.

Port
Type: int

The port number on which the DB instances in the DB cluster accept connections.

PreferredBackupWindow
Type: string

The range of time each day when automated backups are created, if automated backups are enabled.

Uses the format HH:MM-HH:MM. For example, 04:52-05:22.

PreferredMaintenanceWindow
Type: string

The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).

Uses the format <day>:HH:MM-<day>:HH:MM.

For the day values, use mon|tue|wed|thu|fri|sat|sun.

For example, sun:09:32-sun:10:02.

ReadReplicaIdentifiers
Type: Array of strings

The identifiers of the read replicas that are associated with this DB cluster.

ReaderEndpoint
Type: string

The reader endpoint for the DB cluster.

Status
Type: string

The current status of this DB cluster.

StorageEncrypted
Type: boolean

Whether the DB cluster is encrypted.

VpcSecurityGroups
Type: Array of AwsRdsDbInstanceVpcSecurityGroup structures

A list of VPC security groups that the DB cluster belongs to.

AwsRdsDbClusterMember

Description

Information about an instance in the DB cluster.

Members
DbClusterParameterGroupStatus
Type: string

The status of the DB cluster parameter group for this member of the DB cluster.

DbInstanceIdentifier
Type: string

The instance identifier for this member of the DB cluster.

IsClusterWriter
Type: boolean

Whether the cluster member is the primary instance for the DB cluster.

PromotionTier
Type: int

Specifies the order in which an Aurora replica is promoted to the primary instance when the existing primary instance fails.

AwsRdsDbClusterOptionGroupMembership

Description

Information about an option group membership for a DB cluster.

Members
DbClusterOptionGroupName
Type: string

The name of the DB cluster option group.

Status
Type: string

The status of the DB cluster option group.

AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute

Description

Contains the name and values of a manual Amazon Relational Database Service (RDS) DB cluster snapshot attribute.

Members
AttributeName
Type: string

The name of the manual DB cluster snapshot attribute. The attribute named restore refers to the list of Amazon Web Services accounts that have permission to copy or restore the manual DB cluster snapshot.

AttributeValues
Type: Array of strings

The value(s) for the manual DB cluster snapshot attribute. If the AttributeName field is set to restore, then this element returns a list of IDs of the Amazon Web Services accounts that are authorized to copy or restore the manual DB cluster snapshot. If a value of all is in the list, then the manual DB cluster snapshot is public and available for any Amazon Web Services account to copy or restore.

AwsRdsDbClusterSnapshotDetails

Description

Information about an Amazon RDS DB cluster snapshot.

Members
AllocatedStorage
Type: int

Specifies the allocated storage size in gibibytes (GiB).

AvailabilityZones
Type: Array of strings

A list of Availability Zones where instances in the DB cluster can be created.

ClusterCreateTime
Type: string

Indicates when the DB cluster was created, in Universal Coordinated Time (UTC).

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

DbClusterIdentifier
Type: string

The DB cluster identifier.

DbClusterSnapshotAttributes

Contains the name and values of a manual DB cluster snapshot attribute.

DbClusterSnapshotIdentifier
Type: string

The identifier of the DB cluster snapshot.

Engine
Type: string

The name of the database engine that you want to use for this DB instance.

EngineVersion
Type: string

The version of the database engine to use.

IamDatabaseAuthenticationEnabled
Type: boolean

Whether mapping of IAM accounts to database accounts is enabled.

KmsKeyId
Type: string

The ARN of the KMS master key that is used to encrypt the database instances in the DB cluster.

LicenseModel
Type: string

The license model information for this DB cluster snapshot.

MasterUsername
Type: string

The name of the master user for the DB cluster.

PercentProgress
Type: int

Specifies the percentage of the estimated data that has been transferred.

Port
Type: int

The port number on which the DB instances in the DB cluster accept connections.

SnapshotCreateTime
Type: string

Indicates when the snapshot was taken.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

SnapshotType
Type: string

The type of DB cluster snapshot.

Status
Type: string

The status of this DB cluster snapshot.

StorageEncrypted
Type: boolean

Whether the DB cluster is encrypted.

VpcId
Type: string

The VPC ID that is associated with the DB cluster snapshot.

AwsRdsDbDomainMembership

Description

Information about an Active Directory domain membership record associated with the DB instance.

Members
Domain
Type: string

The identifier of the Active Directory domain.

Fqdn
Type: string

The fully qualified domain name of the Active Directory domain.

IamRoleName
Type: string

The name of the IAM role to use when making API calls to the Directory Service.

Status
Type: string

The status of the Active Directory Domain membership for the DB instance.

AwsRdsDbInstanceAssociatedRole

Description

An IAM role associated with the DB instance.

Members
FeatureName
Type: string

The name of the feature associated with the IAM role.

RoleArn
Type: string

The ARN of the IAM role that is associated with the DB instance.

Status
Type: string

Describes the state of the association between the IAM role and the DB instance. The Status property returns one of the following values:

  • ACTIVE - The IAM role ARN is associated with the DB instance and can be used to access other Amazon Web Services services on your behalf.

  • PENDING - The IAM role ARN is being associated with the DB instance.

  • INVALID - The IAM role ARN is associated with the DB instance. But the DB instance is unable to assume the IAM role in order to access other Amazon Web Services services on your behalf.

AwsRdsDbInstanceDetails

Description

Contains the details of an Amazon RDS DB instance.

Members
AllocatedStorage
Type: int

The amount of storage (in gigabytes) to initially allocate for the DB instance.

AssociatedRoles
Type: Array of AwsRdsDbInstanceAssociatedRole structures

The IAM roles associated with the DB instance.

AutoMinorVersionUpgrade
Type: boolean

Indicates whether minor version patches are applied automatically.

AvailabilityZone
Type: string

The Availability Zone where the DB instance will be created.

BackupRetentionPeriod
Type: int

The number of days for which to retain automated backups.

CACertificateIdentifier
Type: string

The identifier of the CA certificate for this DB instance.

CharacterSetName
Type: string

The name of the character set that this DB instance is associated with.

CopyTagsToSnapshot
Type: boolean

Whether to copy resource tags to snapshots of the DB instance.

DBClusterIdentifier
Type: string

If the DB instance is a member of a DB cluster, contains the name of the DB cluster that the DB instance is a member of.

DBInstanceClass
Type: string

Contains the name of the compute and memory capacity class of the DB instance.

DBInstanceIdentifier
Type: string

Contains a user-supplied database identifier. This identifier is the unique key that identifies a DB instance.

DBName
Type: string

The meaning of this parameter differs according to the database engine you use.

MySQL, MariaDB, SQL Server, PostgreSQL

Contains the name of the initial database of this instance that was provided at create time, if one was specified when the DB instance was created. This same name is returned for the life of the DB instance.

Oracle

Contains the Oracle System ID (SID) of the created DB instance. Not shown when the returned parameters don't apply to an Oracle DB instance.

DbInstancePort
Type: int

Specifies the port that the DB instance listens on. If the DB instance is part of a DB cluster, this can be a different port than the DB cluster port.

DbInstanceStatus
Type: string

The current status of the DB instance.

DbParameterGroups
Type: Array of AwsRdsDbParameterGroup structures

A list of the DB parameter groups to assign to the DB instance.

DbSecurityGroups
Type: Array of strings

A list of the DB security groups to assign to the DB instance.

DbSubnetGroup
Type: AwsRdsDbSubnetGroup structure

Information about the subnet group that is associated with the DB instance.

DbiResourceId
Type: string

The Amazon Web Services Region-unique, immutable identifier for the DB instance. This identifier is found in CloudTrail log entries whenever the KMS key for the DB instance is accessed.

DeletionProtection
Type: boolean

Indicates whether the DB instance has deletion protection enabled.

When deletion protection is enabled, the database cannot be deleted.

DomainMemberships
Type: Array of AwsRdsDbDomainMembership structures

The Active Directory domain membership records associated with the DB instance.

EnabledCloudWatchLogsExports
Type: Array of strings

A list of log types that this DB instance is configured to export to CloudWatch Logs.

Endpoint
Type: AwsRdsDbInstanceEndpoint structure

Specifies the connection endpoint.

Engine
Type: string

Provides the name of the database engine to use for this DB instance.

EngineVersion
Type: string

Indicates the database engine version.

EnhancedMonitoringResourceArn
Type: string

The ARN of the CloudWatch Logs log stream that receives the enhanced monitoring metrics data for the DB instance.

IAMDatabaseAuthenticationEnabled
Type: boolean

True if mapping of IAM accounts to database accounts is enabled, and otherwise false.

IAM database authentication can be enabled for the following database engines.

  • For MySQL 5.6, minor version 5.6.34 or higher

  • For MySQL 5.7, minor version 5.7.16 or higher

  • Aurora 5.6 or higher

InstanceCreateTime
Type: string

Indicates when the DB instance was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Iops
Type: int

Specifies the provisioned IOPS (I/O operations per second) for this DB instance.

KmsKeyId
Type: string

If StorageEncrypted is true, the KMS key identifier for the encrypted DB instance.

LatestRestorableTime
Type: string

Specifies the latest time to which a database can be restored with point-in-time restore.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

LicenseModel
Type: string

License model information for this DB instance.

ListenerEndpoint
Type: AwsRdsDbInstanceEndpoint structure

Specifies the connection endpoint.

MasterUsername
Type: string

The master user name of the DB instance.

MaxAllocatedStorage
Type: int

The upper limit to which Amazon RDS can automatically scale the storage of the DB instance.

MonitoringInterval
Type: int

The interval, in seconds, between points when enhanced monitoring metrics are collected for the DB instance.

MonitoringRoleArn
Type: string

The ARN for the IAM role that permits Amazon RDS to send enhanced monitoring metrics to CloudWatch Logs.

MultiAz
Type: boolean

Whether the DB instance is a multiple Availability Zone deployment.

OptionGroupMemberships
Type: Array of AwsRdsDbOptionGroupMembership structures

The list of option group memberships for this DB instance.

PendingModifiedValues

Changes to the DB instance that are currently pending.

PerformanceInsightsEnabled
Type: boolean

Indicates whether Performance Insights is enabled for the DB instance.

PerformanceInsightsKmsKeyId
Type: string

The identifier of the KMS key used to encrypt the Performance Insights data.

PerformanceInsightsRetentionPeriod
Type: int

The number of days to retain Performance Insights data.

PreferredBackupWindow
Type: string

The range of time each day when automated backups are created, if automated backups are enabled.

Uses the format HH:MM-HH:MM. For example, 04:52-05:22.

PreferredMaintenanceWindow
Type: string

The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).

Uses the format <day>:HH:MM-<day>:HH:MM.

For the day values, use mon|tue|wed|thu|fri|sat|sun.

For example, sun:09:32-sun:10:02.

ProcessorFeatures
Type: Array of AwsRdsDbProcessorFeature structures

The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.

PromotionTier
Type: int

The order in which to promote an Aurora replica to the primary instance after a failure of the existing primary instance.

PubliclyAccessible
Type: boolean

Specifies the accessibility options for the DB instance.

A value of true specifies an Internet-facing instance with a publicly resolvable DNS name, which resolves to a public IP address.

A value of false specifies an internal instance with a DNS name that resolves to a private IP address.

ReadReplicaDBClusterIdentifiers
Type: Array of strings

List of identifiers of Aurora DB clusters to which the RDS DB instance is replicated as a read replica.

ReadReplicaDBInstanceIdentifiers
Type: Array of strings

List of identifiers of the read replicas associated with this DB instance.

ReadReplicaSourceDBInstanceIdentifier
Type: string

If this DB instance is a read replica, contains the identifier of the source DB instance.

SecondaryAvailabilityZone
Type: string

For a DB instance with multi-Availability Zone support, the name of the secondary Availability Zone.

StatusInfos
Type: Array of AwsRdsDbStatusInfo structures

The status of a read replica. If the instance isn't a read replica, this is empty.

StorageEncrypted
Type: boolean

Specifies whether the DB instance is encrypted.

StorageType
Type: string

The storage type for the DB instance.

TdeCredentialArn
Type: string

The ARN from the key store with which the instance is associated for TDE encryption.

Timezone
Type: string

The time zone of the DB instance.

VpcSecurityGroups
Type: Array of AwsRdsDbInstanceVpcSecurityGroup structures

A list of VPC security groups that the DB instance belongs to.

AwsRdsDbInstanceEndpoint

Description

Specifies the connection endpoint.

Members
Address
Type: string

Specifies the DNS address of the DB instance.

HostedZoneId
Type: string

Specifies the ID that Amazon Route 53 assigns when you create a hosted zone.

Port
Type: int

Specifies the port that the database engine is listening on.

AwsRdsDbInstanceVpcSecurityGroup

Description

A VPC security groups that the DB instance belongs to.

Members
Status
Type: string

The status of the VPC security group.

VpcSecurityGroupId
Type: string

The name of the VPC security group.

AwsRdsDbOptionGroupMembership

Description

An option group membership.

Members
OptionGroupName
Type: string

The name of the option group.

Status
Type: string

The status of the option group membership.

AwsRdsDbParameterGroup

Description

Provides information about a parameter group for a DB instance.

Members
DbParameterGroupName
Type: string

The name of the parameter group.

ParameterApplyStatus
Type: string

The status of parameter updates.

AwsRdsDbPendingModifiedValues

Description

Changes to a DB instance that are currently pending.

Members
AllocatedStorage
Type: int

The new value of the allocated storage for the DB instance.

BackupRetentionPeriod
Type: int

The new backup retention period for the DB instance.

CaCertificateIdentifier
Type: string

The new CA certificate identifier for the DB instance.

DbInstanceClass
Type: string

The new DB instance class for the DB instance.

DbInstanceIdentifier
Type: string

The new DB instance identifier for the DB instance.

DbSubnetGroupName
Type: string

The name of the new subnet group for the DB instance.

EngineVersion
Type: string

The new engine version for the DB instance.

Iops
Type: int

The new provisioned IOPS value for the DB instance.

LicenseModel
Type: string

The new license model value for the DB instance.

MasterUserPassword
Type: string

The new master user password for the DB instance.

MultiAZ
Type: boolean

Indicates that a single Availability Zone DB instance is changing to a multiple Availability Zone deployment.

PendingCloudWatchLogsExports

A list of log types that are being enabled or disabled.

Port
Type: int

The new port for the DB instance.

ProcessorFeatures
Type: Array of AwsRdsDbProcessorFeature structures

Processor features that are being updated.

StorageType
Type: string

The new storage type for the DB instance.

AwsRdsDbProcessorFeature

Description

A processor feature.

Members
Name
Type: string

The name of the processor feature. Valid values are coreCount or threadsPerCore.

Value
Type: string

The value of the processor feature.

AwsRdsDbSecurityGroupDetails

Description

Provides information about an Amazon RDS DB security group.

Members
DbSecurityGroupArn
Type: string

The ARN for the DB security group.

DbSecurityGroupDescription
Type: string

Provides the description of the DB security group.

DbSecurityGroupName
Type: string

Specifies the name of the DB security group.

Ec2SecurityGroups
Type: Array of AwsRdsDbSecurityGroupEc2SecurityGroup structures

Contains a list of EC2 security groups.

IpRanges
Type: Array of AwsRdsDbSecurityGroupIpRange structures

Contains a list of IP ranges.

OwnerId
Type: string

Provides the Amazon Web Services ID of the owner of a specific DB security group.

VpcId
Type: string

Provides VPC ID associated with the DB security group.

AwsRdsDbSecurityGroupEc2SecurityGroup

Description

EC2 security group information for an RDS DB security group.

Members
Ec2SecurityGroupId
Type: string

Specifies the ID for the EC2 security group.

Ec2SecurityGroupName
Type: string

Specifies the name of the EC2 security group.

Ec2SecurityGroupOwnerId
Type: string

Provides the Amazon Web Services ID of the owner of the EC2 security group.

Status
Type: string

Provides the status of the EC2 security group.

AwsRdsDbSecurityGroupIpRange

Description

IP range information for an RDS DB security group.

Members
CidrIp
Type: string

Specifies the IP range.

Status
Type: string

Specifies the status of the IP range.

AwsRdsDbSnapshotDetails

Description

Provides details about an Amazon RDS DB cluster snapshot.

Members
AllocatedStorage
Type: int

The amount of storage (in gigabytes) to be initially allocated for the database instance.

AvailabilityZone
Type: string

Specifies the name of the Availability Zone in which the DB instance was located at the time of the DB snapshot.

DbInstanceIdentifier
Type: string

A name for the DB instance.

DbSnapshotIdentifier
Type: string

The name or ARN of the DB snapshot that is used to restore the DB instance.

DbiResourceId
Type: string

The identifier for the source DB instance.

Encrypted
Type: boolean

Whether the DB snapshot is encrypted.

Engine
Type: string

The name of the database engine to use for this DB instance. Valid values are as follows:

  • aurora

  • aurora-mysql

  • aurora-postgresql

  • c

  • mariadb

  • mysql

  • oracle-ee

  • oracle-se

  • oracle-se1

  • oracle-se2

  • sqlserver-ee

  • sqlserver-ex

  • sqlserver-se

  • sqlserver-web

EngineVersion
Type: string

The version of the database engine.

IamDatabaseAuthenticationEnabled
Type: boolean

Whether mapping of IAM accounts to database accounts is enabled.

InstanceCreateTime
Type: string

Specifies the time in Coordinated Universal Time (UTC) when the DB instance, from which the snapshot was taken, was created.

Iops
Type: int

The provisioned IOPS (I/O operations per second) value of the DB instance at the time of the snapshot.

KmsKeyId
Type: string

If Encrypted is true, the KMS key identifier for the encrypted DB snapshot.

LicenseModel
Type: string

License model information for the restored DB instance.

MasterUsername
Type: string

The master user name for the DB snapshot.

OptionGroupName
Type: string

The option group name for the DB snapshot.

PercentProgress
Type: int

The percentage of the estimated data that has been transferred.

Port
Type: int

The port that the database engine was listening on at the time of the snapshot.

ProcessorFeatures
Type: Array of AwsRdsDbProcessorFeature structures

The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.

SnapshotCreateTime
Type: string

When the snapshot was taken in Coordinated Universal Time (UTC).

SnapshotType
Type: string

The type of the DB snapshot.

SourceDbSnapshotIdentifier
Type: string

The DB snapshot ARN that the DB snapshot was copied from.

SourceRegion
Type: string

The Amazon Web Services Region that the DB snapshot was created in or copied from.

Status
Type: string

The status of this DB snapshot.

StorageType
Type: string

The storage type associated with the DB snapshot. Valid values are as follows:

  • gp2

  • io1

  • standard

TdeCredentialArn
Type: string

The ARN from the key store with which to associate the instance for TDE encryption.

Timezone
Type: string

The time zone of the DB snapshot.

VpcId
Type: string

The VPC ID associated with the DB snapshot.

AwsRdsDbStatusInfo

Description

Information about the status of a read replica.

Members
Message
Type: string

If the read replica is currently in an error state, provides the error details.

Normal
Type: boolean

Whether the read replica instance is operating normally.

Status
Type: string

The status of the read replica instance.

StatusType
Type: string

The type of status. For a read replica, the status type is read replication.

AwsRdsDbSubnetGroup

Description

Information about the subnet group for the database instance.

Members
DbSubnetGroupArn
Type: string

The ARN of the subnet group.

DbSubnetGroupDescription
Type: string

The description of the subnet group.

DbSubnetGroupName
Type: string

The name of the subnet group.

SubnetGroupStatus
Type: string

The status of the subnet group.

Subnets
Type: Array of AwsRdsDbSubnetGroupSubnet structures

A list of subnets in the subnet group.

VpcId
Type: string

The VPC ID of the subnet group.

AwsRdsDbSubnetGroupSubnet

Description

Information about a subnet in a subnet group.

Members
SubnetAvailabilityZone

Information about the Availability Zone for a subnet in the subnet group.

SubnetIdentifier
Type: string

The identifier of a subnet in the subnet group.

SubnetStatus
Type: string

The status of a subnet in the subnet group.

AwsRdsDbSubnetGroupSubnetAvailabilityZone

Description

An Availability Zone for a subnet in a subnet group.

Members
Name
Type: string

The name of the Availability Zone for a subnet in the subnet group.

AwsRdsEventSubscriptionDetails

Description

Details about an Amazon RDS event notification subscription. The subscription allows Amazon RDS to post events to an SNS topic.

Members
CustSubscriptionId
Type: string

The identifier of the account that is associated with the event notification subscription.

CustomerAwsId
Type: string

The identifier of the event notification subscription.

Enabled
Type: boolean

Whether the event notification subscription is enabled.

EventCategoriesList
Type: Array of strings

The list of event categories for the event notification subscription.

EventSubscriptionArn
Type: string

The ARN of the event notification subscription.

SnsTopicArn
Type: string

The ARN of the SNS topic to post the event notifications to.

SourceIdsList
Type: Array of strings

A list of source identifiers for the event notification subscription.

SourceType
Type: string

The source type for the event notification subscription.

Status
Type: string

The status of the event notification subscription.

Valid values: creating | modifying | deleting | active | no-permission | topic-not-exist

SubscriptionCreationTime
Type: string

The datetime when the event notification subscription was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

AwsRdsPendingCloudWatchLogsExports

Description

Identifies the log types to enable and disable.

Members
LogTypesToDisable
Type: Array of strings

A list of log types that are being disabled.

LogTypesToEnable
Type: Array of strings

A list of log types that are being enabled.

AwsRedshiftClusterClusterNode

Description

A node in an Amazon Redshift cluster.

Members
NodeRole
Type: string

The role of the node. A node might be a leader node or a compute node.

PrivateIpAddress
Type: string

The private IP address of the node.

PublicIpAddress
Type: string

The public IP address of the node.

AwsRedshiftClusterClusterParameterGroup

Description

A cluster parameter group that is associated with an Amazon Redshift cluster.

Members
ClusterParameterStatusList
Type: Array of AwsRedshiftClusterClusterParameterStatus structures

The list of parameter statuses.

ParameterApplyStatus
Type: string

The status of updates to the parameters.

ParameterGroupName
Type: string

The name of the parameter group.

AwsRedshiftClusterClusterParameterStatus

Description

The status of a parameter in a cluster parameter group for an Amazon Redshift cluster.

Members
ParameterApplyErrorDescription
Type: string

The error that prevented the parameter from being applied to the database.

ParameterApplyStatus
Type: string

The status of the parameter. Indicates whether the parameter is in sync with the database, waiting for a cluster reboot, or encountered an error when it was applied.

Valid values: in-sync | pending-reboot | applying | invalid-parameter | apply-deferred | apply-error | unknown-error

ParameterName
Type: string

The name of the parameter.

AwsRedshiftClusterClusterSecurityGroup

Description

A security group that is associated with the cluster.

Members
ClusterSecurityGroupName
Type: string

The name of the cluster security group.

Status
Type: string

The status of the cluster security group.

AwsRedshiftClusterClusterSnapshotCopyStatus

Description

You can configure Amazon Redshift to copy snapshots for a cluster to another Amazon Web Services Region. This parameter provides information about a cross-Region snapshot copy.

Members
DestinationRegion
Type: string

The destination Region that snapshots are automatically copied to when cross-Region snapshot copy is enabled.

ManualSnapshotRetentionPeriod
Type: int

The number of days that manual snapshots are retained in the destination Region after they are copied from a source Region.

If the value is -1, then the manual snapshot is retained indefinitely.

Valid values: Either -1 or an integer between 1 and 3,653

RetentionPeriod
Type: int

The number of days to retain automated snapshots in the destination Region after they are copied from a source Region.

SnapshotCopyGrantName
Type: string

The name of the snapshot copy grant.

AwsRedshiftClusterDeferredMaintenanceWindow

Description

A time windows during which maintenance was deferred for an Amazon Redshift cluster.

Members
DeferMaintenanceEndTime
Type: string

The end of the time window for which maintenance was deferred.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

DeferMaintenanceIdentifier
Type: string

The identifier of the maintenance window.

DeferMaintenanceStartTime
Type: string

The start of the time window for which maintenance was deferred.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

AwsRedshiftClusterDetails

Description

Details about an Amazon Redshift cluster.

Members
AllowVersionUpgrade
Type: boolean

Indicates whether major version upgrades are applied automatically to the cluster during the maintenance window.

AutomatedSnapshotRetentionPeriod
Type: int

The number of days that automatic cluster snapshots are retained.

AvailabilityZone
Type: string

The name of the Availability Zone in which the cluster is located.

ClusterAvailabilityStatus
Type: string

The availability status of the cluster for queries. Possible values are the following:

  • Available - The cluster is available for queries.

  • Unavailable - The cluster is not available for queries.

  • Maintenance - The cluster is intermittently available for queries due to maintenance activities.

  • Modifying -The cluster is intermittently available for queries due to changes that modify the cluster.

  • Failed - The cluster failed and is not available for queries.

ClusterCreateTime
Type: string

Indicates when the cluster was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

ClusterIdentifier
Type: string

The unique identifier of the cluster.

ClusterNodes
Type: Array of AwsRedshiftClusterClusterNode structures

The nodes in the cluster.

ClusterParameterGroups
Type: Array of AwsRedshiftClusterClusterParameterGroup structures

The list of cluster parameter groups that are associated with this cluster.

ClusterPublicKey
Type: string

The public key for the cluster.

ClusterRevisionNumber
Type: string

The specific revision number of the database in the cluster.

ClusterSecurityGroups
Type: Array of AwsRedshiftClusterClusterSecurityGroup structures

A list of cluster security groups that are associated with the cluster.

ClusterSnapshotCopyStatus

Information about the destination Region and retention period for the cross-Region snapshot copy.

ClusterStatus
Type: string

The current status of the cluster.

Valid values: available | available, prep-for-resize | available, resize-cleanup | cancelling-resize | creating | deleting | final-snapshot | hardware-failure | incompatible-hsm | incompatible-network | incompatible-parameters | incompatible-restore | modifying | paused | rebooting | renaming | resizing | rotating-keys | storage-full | updating-hsm

ClusterSubnetGroupName
Type: string

The name of the subnet group that is associated with the cluster. This parameter is valid only when the cluster is in a VPC.

ClusterVersion
Type: string

The version ID of the Amazon Redshift engine that runs on the cluster.

DBName
Type: string

The name of the initial database that was created when the cluster was created.

The same name is returned for the life of the cluster.

If an initial database is not specified, a database named devdev is created by default.

DeferredMaintenanceWindows

List of time windows during which maintenance was deferred.

ElasticIpStatus

Information about the status of the Elastic IP (EIP) address.

ElasticResizeNumberOfNodeOptions
Type: string

The number of nodes that you can use the elastic resize method to resize the cluster to.

Encrypted
Type: boolean

Indicates whether the data in the cluster is encrypted at rest.

Endpoint
Type: AwsRedshiftClusterEndpoint structure

The connection endpoint.

EnhancedVpcRouting
Type: boolean

Indicates whether to create the cluster with enhanced VPC routing enabled.

ExpectedNextSnapshotScheduleTime
Type: string

Indicates when the next snapshot is expected to be taken. The cluster must have a valid snapshot schedule and have backups enabled.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

ExpectedNextSnapshotScheduleTimeStatus
Type: string

The status of the next expected snapshot.

Valid values: OnTrack | Pending

HsmStatus
Type: AwsRedshiftClusterHsmStatus structure

Information about whether the Amazon Redshift cluster finished applying any changes to hardware security module (HSM) settings that were specified in a modify cluster command.

IamRoles
Type: Array of AwsRedshiftClusterIamRole structures

A list of IAM roles that the cluster can use to access other Amazon Web Services services.

KmsKeyId
Type: string

The identifier of the KMS encryption key that is used to encrypt data in the cluster.

LoggingStatus

Information about the logging status of the cluster.

MaintenanceTrackName
Type: string

The name of the maintenance track for the cluster.

ManualSnapshotRetentionPeriod
Type: int

The default number of days to retain a manual snapshot.

If the value is -1, the snapshot is retained indefinitely.

This setting doesn't change the retention period of existing snapshots.

Valid values: Either -1 or an integer between 1 and 3,653

MasterUsername
Type: string

The master user name for the cluster. This name is used to connect to the database that is specified in as the value of DBName.

NextMaintenanceWindowStartTime
Type: string

Indicates the start of the next maintenance window.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

NodeType
Type: string

The node type for the nodes in the cluster.

NumberOfNodes
Type: int

The number of compute nodes in the cluster.

PendingActions
Type: Array of strings

A list of cluster operations that are waiting to start.

PendingModifiedValues

A list of changes to the cluster that are currently pending.

PreferredMaintenanceWindow
Type: string

The weekly time range, in Universal Coordinated Time (UTC), during which system maintenance can occur.

Format: <day>:HH:MM-<day>:HH:MM

For the day values, use mon | tue | wed | thu | fri | sat | sun

For example, sun:09:32-sun:10:02

PubliclyAccessible
Type: boolean

Whether the cluster can be accessed from a public network.

ResizeInfo

Information about the resize operation for the cluster.

RestoreStatus

Information about the status of a cluster restore action. Only applies to a cluster that was created by restoring a snapshot.

SnapshotScheduleIdentifier
Type: string

A unique identifier for the cluster snapshot schedule.

SnapshotScheduleState
Type: string

The current state of the cluster snapshot schedule.

Valid values: MODIFYING | ACTIVE | FAILED

VpcId
Type: string

The identifier of the VPC that the cluster is in, if the cluster is in a VPC.

VpcSecurityGroups
Type: Array of AwsRedshiftClusterVpcSecurityGroup structures

The list of VPC security groups that the cluster belongs to, if the cluster is in a VPC.

AwsRedshiftClusterElasticIpStatus

Description

The status of the elastic IP (EIP) address for an Amazon Redshift cluster.

Members
ElasticIp
Type: string

The elastic IP address for the cluster.

Status
Type: string

The status of the elastic IP address.

AwsRedshiftClusterEndpoint

Description

The connection endpoint for an Amazon Redshift cluster.

Members
Address
Type: string

The DNS address of the cluster.

Port
Type: int

The port that the database engine listens on.

AwsRedshiftClusterHsmStatus

Description

Information about whether an Amazon Redshift cluster finished applying any hardware changes to security module (HSM) settings that were specified in a modify cluster command.

Members
HsmClientCertificateIdentifier
Type: string

The name of the HSM client certificate that the Amazon Redshift cluster uses to retrieve the data encryption keys that are stored in an HSM.

HsmConfigurationIdentifier
Type: string

The name of the HSM configuration that contains the information that the Amazon Redshift cluster can use to retrieve and store keys in an HSM.

Status
Type: string

Indicates whether the Amazon Redshift cluster has finished applying any HSM settings changes specified in a modify cluster command.

Type: String

Valid values: active | applying

AwsRedshiftClusterIamRole

Description

An IAM role that the cluster can use to access other Amazon Web Services services.

Members
ApplyStatus
Type: string

The status of the IAM role's association with the cluster.

Valid values: in-sync | adding | removing

IamRoleArn
Type: string

The ARN of the IAM role.

AwsRedshiftClusterLoggingStatus

Description

Provides information about the logging status of the cluster.

Members
BucketName
Type: string

The name of the S3 bucket where the log files are stored.

LastFailureMessage
Type: string

The message indicating that the logs failed to be delivered.

LastFailureTime
Type: string

The last time when logs failed to be delivered.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

LastSuccessfulDeliveryTime
Type: string

The last time that logs were delivered successfully.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

LoggingEnabled
Type: boolean

Indicates whether logging is enabled.

S3KeyPrefix
Type: string

Provides the prefix applied to the log file names.

AwsRedshiftClusterPendingModifiedValues

Description

Changes to the Amazon Redshift cluster that are currently pending.

Members
AutomatedSnapshotRetentionPeriod
Type: int

The pending or in-progress change to the automated snapshot retention period.

ClusterIdentifier
Type: string

The pending or in-progress change to the identifier for the cluster.

ClusterType
Type: string

The pending or in-progress change to the cluster type.

ClusterVersion
Type: string

The pending or in-progress change to the service version.

EncryptionType
Type: string

The encryption type for a cluster.

EnhancedVpcRouting
Type: boolean

Indicates whether to create the cluster with enhanced VPC routing enabled.

MaintenanceTrackName
Type: string

The name of the maintenance track that the cluster changes to during the next maintenance window.

MasterUserPassword
Type: string

The pending or in-progress change to the master user password for the cluster.

NodeType
Type: string

The pending or in-progress change to the cluster's node type.

NumberOfNodes
Type: int

The pending or in-progress change to the number of nodes in the cluster.

PubliclyAccessible
Type: boolean

The pending or in-progress change to whether the cluster can be connected to from the public network.

AwsRedshiftClusterResizeInfo

Description

Information about the resize operation for the cluster.

Members
AllowCancelResize
Type: boolean

Indicates whether the resize operation can be canceled.

ResizeType
Type: string

The type of resize operation.

Valid values: ClassicResize

AwsRedshiftClusterRestoreStatus

Description

Information about the status of a cluster restore action. It only applies if the cluster was created by restoring a snapshot.

Members
CurrentRestoreRateInMegaBytesPerSecond
Type: double

The number of megabytes per second being transferred from the backup storage. Returns the average rate for a completed backup.

This field is only updated when you restore to DC2 and DS2 node types.

ElapsedTimeInSeconds
Type: long (int|float)

The amount of time an in-progress restore has been running, or the amount of time it took a completed restore to finish.

This field is only updated when you restore to DC2 and DS2 node types.

EstimatedTimeToCompletionInSeconds
Type: long (int|float)

The estimate of the time remaining before the restore is complete. Returns 0 for a completed restore.

This field is only updated when you restore to DC2 and DS2 node types.

ProgressInMegaBytes
Type: long (int|float)

The number of megabytes that were transferred from snapshot storage.

This field is only updated when you restore to DC2 and DS2 node types.

SnapshotSizeInMegaBytes
Type: long (int|float)

The size of the set of snapshot data that was used to restore the cluster.

This field is only updated when you restore to DC2 and DS2 node types.

Status
Type: string

The status of the restore action.

Valid values: starting | restoring | completed | failed

AwsRedshiftClusterVpcSecurityGroup

Description

A VPC security group that the cluster belongs to, if the cluster is in a VPC.

Members
Status
Type: string

The status of the VPC security group.

VpcSecurityGroupId
Type: string

The identifier of the VPC security group.

AwsRoute53HostedZoneConfigDetails

Description

An object that contains an optional comment about your Amazon Route 53 hosted zone.

Members
Comment
Type: string

Any comments that you include about the hosted zone.

AwsRoute53HostedZoneDetails

Description

Provides details about a specified Amazon Route 53 hosted zone, including the four name servers assigned to the hosted zone. A hosted zone represents a collection of records that can be managed together, belonging to a single parent domain name.

Members
HostedZone

An object that contains information about the specified hosted zone.

NameServers
Type: Array of strings

An object that contains a list of the authoritative name servers for a hosted zone or for a reusable delegation set.

QueryLoggingConfig

An array that contains one QueryLoggingConfig element for each DNS query logging configuration that is associated with the current Amazon Web Services account.

Vpcs
Type: Array of AwsRoute53HostedZoneVpcDetails structures

An object that contains information about the Amazon Virtual Private Clouds (Amazon VPCs) that are associated with the specified hosted zone.

AwsRoute53HostedZoneObjectDetails

Description

An object that contains information about an Amazon Route 53 hosted zone.

Members
Config

An object that includes the Comment element.

Id
Type: string

The ID that Route 53 assigns to the hosted zone when you create it.

Name
Type: string

The name of the domain. For public hosted zones, this is the name that you have registered with your DNS registrar.

AwsRoute53HostedZoneVpcDetails

Description

For private hosted zones, this is a complex type that contains information about an Amazon VPC.

Members
Id
Type: string

The identifier of an Amazon VPC.

Region
Type: string

The Amazon Web Services Region that an Amazon VPC was created in.

AwsRoute53QueryLoggingConfigDetails

Description

Provides details about a specified Amazon Route 53 configuration for DNS query logging.

Members
CloudWatchLogsLogGroupArn

The Amazon Resource Name (ARN) of the Amazon CloudWatch Logs log group that Route 53 is publishing logs to.

AwsS3AccessPointDetails

Description

Returns configuration information about the specified Amazon S3 access point. S3 access points are named network endpoints that are attached to buckets that you can use to perform S3 object operations.

Members
AccessPointArn
Type: string

The Amazon Resource Name (ARN) of the access point.

Alias
Type: string

The name or alias of the access point.

Bucket
Type: string

The name of the S3 bucket associated with the specified access point.

BucketAccountId
Type: string

The Amazon Web Services account ID associated with the S3 bucket associated with this access point.

Name
Type: string

The name of the specified access point.

NetworkOrigin
Type: string

Indicates whether this access point allows access from the public internet.

PublicAccessBlockConfiguration

provides information about the Amazon S3 Public Access Block configuration for accounts.

VpcConfiguration

Contains the virtual private cloud (VPC) configuration for the specified access point.

AwsS3AccessPointVpcConfigurationDetails

Description

The virtual private cloud (VPC) configuration for an Amazon S3 access point.

Members
VpcId
Type: string

If this field is specified, this access point will only allow connections from the specified VPC ID.

AwsS3AccountPublicAccessBlockDetails

Description

provides information about the Amazon S3 Public Access Block configuration for accounts.

Members
BlockPublicAcls
Type: boolean

Indicates whether to reject calls to update an S3 bucket if the calls include a public access control list (ACL).

BlockPublicPolicy
Type: boolean

Indicates whether to reject calls to update the access policy for an S3 bucket or access point if the policy allows public access.

IgnorePublicAcls
Type: boolean

Indicates whether Amazon S3 ignores public ACLs that are associated with an S3 bucket.

RestrictPublicBuckets
Type: boolean

Indicates whether to restrict access to an access point or S3 bucket that has a public policy to only Amazon Web Services service principals and authorized users within the S3 bucket owner's account.

AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails

Description

Information about what Amazon S3 does when a multipart upload is incomplete.

Members
DaysAfterInitiation
Type: int

The number of days after which Amazon S3 cancels an incomplete multipart upload.

AwsS3BucketBucketLifecycleConfigurationRulesDetails

Description

Configuration for a lifecycle rule.

Members
AbortIncompleteMultipartUpload

How Amazon S3 responds when a multipart upload is incomplete. Specifically, provides a number of days before Amazon S3 cancels the entire upload.

ExpirationDate
Type: string

The date when objects are moved or deleted.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

ExpirationInDays
Type: int

The length in days of the lifetime for objects that are subject to the rule.

ExpiredObjectDeleteMarker
Type: boolean

Whether Amazon S3 removes a delete marker that has no noncurrent versions. If set to true, the delete marker is expired. If set to false, the policy takes no action.

If you provide ExpiredObjectDeleteMarker, you cannot provide ExpirationInDays or ExpirationDate.

Filter

Identifies the objects that a rule applies to.

ID
Type: string

The unique identifier of the rule.

NoncurrentVersionExpirationInDays
Type: int

The number of days that an object is noncurrent before Amazon S3 can perform the associated action.

NoncurrentVersionTransitions

Transition rules that describe when noncurrent objects transition to a specified storage class.

Prefix
Type: string

A prefix that identifies one or more objects that the rule applies to.

Status
Type: string

The current status of the rule. Indicates whether the rule is currently being applied.

Transitions

Transition rules that indicate when objects transition to a specified storage class.

AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateDetails

Description

The configuration for the filter.

Members
Operands

The values to use for the filter.

Prefix
Type: string

A prefix filter.

Tag

A tag filter.

Type
Type: string

Whether to use AND or OR to join the operands. Valid values are LifecycleAndOperator or LifecycleOrOperator.

AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsDetails

Description

A value to use for the filter.

Members
Prefix
Type: string

Prefix text for matching objects.

Tag

A tag that is assigned to matching objects.

Type
Type: string

The type of filter value. Valid values are LifecyclePrefixPredicate or LifecycleTagPredicate.

AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateOperandsTagDetails

Description

A tag that is assigned to matching objects.

Members
Key
Type: string

The tag key.

Value
Type: string

The tag value.

AwsS3BucketBucketLifecycleConfigurationRulesFilterPredicateTagDetails

Description

A tag filter.

Members
Key
Type: string

The tag key.

Value
Type: string

The tag value

AwsS3BucketBucketLifecycleConfigurationRulesNoncurrentVersionTransitionsDetails

Description

A transition rule that describes when noncurrent objects transition to a specified storage class.

Members
Days
Type: int

The number of days that an object is noncurrent before Amazon S3 can perform the associated action.

StorageClass
Type: string

The class of storage to change the object to after the object is noncurrent for the specified number of days.

AwsS3BucketBucketLifecycleConfigurationRulesTransitionsDetails

Description

A rule for when objects transition to specific storage classes.

Members
Date
Type: string

A date on which to transition objects to the specified storage class. If you provide Date, you cannot provide Days.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Days
Type: int

The number of days after which to transition the object to the specified storage class. If you provide Days, you cannot provide Date.

StorageClass
Type: string

The storage class to transition the object to. Valid values are as follows:

  • DEEP_ARCHIVE

  • GLACIER

  • INTELLIGENT_TIERING

  • ONEZONE_IA

  • STANDARD_IA

AwsS3BucketBucketVersioningConfiguration

Description

Describes the versioning state of an S3 bucket.

Members
IsMfaDeleteEnabled
Type: boolean

Specifies whether MFA delete is currently enabled in the S3 bucket versioning configuration. If the S3 bucket was never configured with MFA delete, then this attribute is not included.

Status
Type: string

The versioning status of the S3 bucket. Valid values are Enabled or Suspended.

AwsS3BucketDetails

Description

The details of an Amazon Simple Storage Service (Amazon S3) bucket.

Members
AccessControlList
Type: string

The access control list for the S3 bucket.

BucketLifecycleConfiguration

The lifecycle configuration for objects in the specified bucket.

BucketLoggingConfiguration

The logging configuration for the S3 bucket.

BucketNotificationConfiguration

The notification configuration for the S3 bucket.

BucketVersioningConfiguration

The versioning state of an S3 bucket.

BucketWebsiteConfiguration

The website configuration parameters for the S3 bucket.

CreatedAt
Type: string

Indicates when the S3 bucket was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Name
Type: string

The name of the bucket.

ObjectLockConfiguration

Specifies which rule Amazon S3 applies by default to every new object placed in the bucket.

OwnerAccountId
Type: string

The Amazon Web Services account identifier of the account that owns the S3 bucket.

OwnerId
Type: string

The canonical user ID of the owner of the S3 bucket.

OwnerName
Type: string

The display name of the owner of the S3 bucket.

PublicAccessBlockConfiguration

Provides information about the Amazon S3 Public Access Block configuration for the S3 bucket.

ServerSideEncryptionConfiguration

The encryption rules that are applied to the S3 bucket.

AwsS3BucketLoggingConfiguration

Description

Information about logging for the S3 bucket

Members
DestinationBucketName
Type: string

The name of the S3 bucket where log files for the S3 bucket are stored.

LogFilePrefix
Type: string

The prefix added to log files for the S3 bucket.

AwsS3BucketNotificationConfiguration

Description

The notification configuration for the S3 bucket.

Members
Configurations
Type: Array of AwsS3BucketNotificationConfigurationDetail structures

Configurations for S3 bucket notifications.

AwsS3BucketNotificationConfigurationDetail

Description

Details for an S3 bucket notification configuration.

Members
Destination
Type: string

The ARN of the Lambda function, Amazon SQS queue, or Amazon SNS topic that generates the notification.

Events
Type: Array of strings

The list of events that trigger a notification.

Filter

The filters that determine which S3 buckets generate notifications.

Type
Type: string

Indicates the type of notification. Notifications can be generated using Lambda functions, Amazon SQS queues, or Amazon SNS topics, with corresponding valid values as follows:

  • LambdaConfiguration

  • QueueConfiguration

  • TopicConfiguration

AwsS3BucketNotificationConfigurationFilter

Description

Filtering information for the notifications. The filtering is based on Amazon S3 key names.

Members
S3KeyFilter

Details for an Amazon S3 filter.

AwsS3BucketNotificationConfigurationS3KeyFilterRule

Description

Details for a filter rule.

Members
Name
Type: string

Indicates whether the filter is based on the prefix or suffix of the Amazon S3 key.

Value
Type: string

The filter value.

AwsS3BucketObjectLockConfiguration

Description

The container element for S3 Object Lock configuration parameters. In Amazon S3, Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.

Members
ObjectLockEnabled
Type: string

Indicates whether the bucket has an Object Lock configuration enabled.

Rule

Specifies the Object Lock rule for the specified object.

AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails

Description

The default S3 Object Lock retention mode and period that you want to apply to new objects placed in the specified Amazon S3 bucket.

Members
Days
Type: int

The number of days that you want to specify for the default retention period.

Mode
Type: string

The default Object Lock retention mode you want to apply to new objects placed in the specified bucket.

Years
Type: int

The number of years that you want to specify for the default retention period.

AwsS3BucketObjectLockConfigurationRuleDetails

Description

Specifies the S3 Object Lock rule for the specified object. In Amazon S3, Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.

Members
DefaultRetention

The default Object Lock retention mode and period that you want to apply to new objects placed in the specified bucket.

AwsS3BucketServerSideEncryptionByDefault

Description

Specifies the default server-side encryption to apply to new objects in the bucket.

Members
KMSMasterKeyID
Type: string

KMS key ID to use for the default encryption.

SSEAlgorithm
Type: string

Server-side encryption algorithm to use for the default encryption. Valid values are aws: kms or AES256.

AwsS3BucketServerSideEncryptionConfiguration

Description

The encryption configuration for the S3 bucket.

Members
Rules
Type: Array of AwsS3BucketServerSideEncryptionRule structures

The encryption rules that are applied to the S3 bucket.

AwsS3BucketServerSideEncryptionRule

Description

An encryption rule to apply to the S3 bucket.

Members
ApplyServerSideEncryptionByDefault

Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT object request doesn't specify any server-side encryption, this default encryption is applied.

AwsS3BucketWebsiteConfiguration

Description

Website parameters for the S3 bucket.

Members
ErrorDocument
Type: string

The name of the error document for the website.

IndexDocumentSuffix
Type: string

The name of the index document for the website.

RedirectAllRequestsTo

The redirect behavior for requests to the website.

RoutingRules
Type: Array of AwsS3BucketWebsiteConfigurationRoutingRule structures

The rules for applying redirects for requests to the website.

AwsS3BucketWebsiteConfigurationRedirectTo

Description

The redirect behavior for requests to the website.

Members
Hostname
Type: string

The name of the host to redirect requests to.

Protocol
Type: string

The protocol to use when redirecting requests. By default, this field uses the same protocol as the original request. Valid values are http or https.

AwsS3BucketWebsiteConfigurationRoutingRuleCondition

Description

The condition that must be met in order to apply the routing rule.

Members
HttpErrorCodeReturnedEquals
Type: string

Indicates to redirect the request if the HTTP error code matches this value.

KeyPrefixEquals
Type: string

Indicates to redirect the request if the key prefix matches this value.

AwsS3BucketWebsiteConfigurationRoutingRuleRedirect

Description

The rules to redirect the request if the condition in Condition is met.

Members
Hostname
Type: string

The host name to use in the redirect request.

HttpRedirectCode
Type: string

The HTTP redirect code to use in the response.

Protocol
Type: string

The protocol to use to redirect the request. By default, uses the protocol from the original request.

ReplaceKeyPrefixWith
Type: string

The object key prefix to use in the redirect request.

Cannot be provided if ReplaceKeyWith is present.

ReplaceKeyWith
Type: string

The specific object key to use in the redirect request.

Cannot be provided if ReplaceKeyPrefixWith is present.

AwsS3ObjectDetails

Description

Details about an Amazon S3 object.

Members
ContentType
Type: string

A standard MIME type describing the format of the object data.

ETag
Type: string

The opaque identifier assigned by a web server to a specific version of a resource found at a URL.

LastModified
Type: string

Indicates when the object was last modified.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

SSEKMSKeyId
Type: string

The identifier of the KMS symmetric customer managed key that was used for the object.

ServerSideEncryption
Type: string

If the object is stored using server-side encryption, the value of the server-side encryption algorithm used when storing this object in Amazon S3.

VersionId
Type: string

The version of the object.

AwsSageMakerNotebookInstanceDetails

Description

Provides details about an Amazon SageMaker AI notebook instance.

Members
AcceleratorTypes
Type: Array of strings

A list of Amazon Elastic Inference instance types to associate with the notebook instance. Currently, only one instance type can be associated with a notebook instance.

AdditionalCodeRepositories
Type: Array of strings

An array of up to three Git repositories associated with the notebook instance. These can be either the names of Git repositories stored as resources in your account, or the URL of Git repositories in CodeCommit or in any other Git repository. These repositories are cloned at the same level as the default repository of your notebook instance. For more information, see Associating Git repositories with SageMaker AI notebook instances in the Amazon SageMaker AI Developer Guide.

DefaultCodeRepository
Type: string

The Git repository associated with the notebook instance as its default code repository. This can be either the name of a Git repository stored as a resource in your account, or the URL of a Git repository in CodeCommit or in any other Git repository. When you open a notebook instance, it opens in the directory that contains this repository. For more information, see Associating Git repositories with SageMaker AI notebook instances in the Amazon SageMaker AI Developer Guide.

DirectInternetAccess
Type: string

Sets whether SageMaker AI provides internet access to the notebook instance. If you set this to Disabled, this notebook instance is able to access resources only in your VPC, and is not be able to connect to SageMaker AI training and endpoint services unless you configure a Network Address Translation (NAT) Gateway in your VPC.

FailureReason
Type: string

If status of the instance is Failed, the reason it failed.

InstanceMetadataServiceConfiguration

Information on the IMDS configuration of the notebook instance.

InstanceType
Type: string

The type of machine learning (ML) compute instance to launch for the notebook instance.

KmsKeyId
Type: string

The Amazon Resource Name (ARN) of an Key Management Service (KMS) key that SageMaker AI uses to encrypt data on the storage volume attached to your notebook instance. The KMS key you provide must be enabled. For information, see Enabling and disabling keys in the Key Management Service Developer Guide.

NetworkInterfaceId
Type: string

The network interface ID that SageMaker AI created when the instance was created.

NotebookInstanceArn
Type: string

The Amazon Resource Name (ARN) of the notebook instance.

NotebookInstanceLifecycleConfigName
Type: string

The name of a notebook instance lifecycle configuration.

NotebookInstanceName
Type: string

The name of the new notebook instance.

NotebookInstanceStatus
Type: string

The status of the notebook instance.

PlatformIdentifier
Type: string

The platform identifier of the notebook instance runtime environment.

RoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM role associated with the instance.

RootAccess
Type: string

Whether root access is enabled or disabled for users of the notebook instance.

SecurityGroups
Type: Array of strings

The VPC security group IDs.

SubnetId
Type: string

The ID of the VPC subnet to which you have a connectivity from your ML compute instance.

Url
Type: string

The URL that you use to connect to the Jupyter notebook that is running in your notebook instance.

VolumeSizeInGB
Type: int

The size, in GB, of the ML storage volume to attach to the notebook instance.

AwsSageMakerNotebookInstanceMetadataServiceConfigurationDetails

Description

Information on the instance metadata service (IMDS) configuration of the notebook instance.

Members
MinimumInstanceMetadataServiceVersion
Type: string

Indicates the minimum IMDS version that the notebook instance supports.

AwsSecretsManagerSecretDetails

Description

Details about an Secrets Manager secret.

Members
Deleted
Type: boolean

Whether the secret is deleted.

Description
Type: string

The user-provided description of the secret.

KmsKeyId
Type: string

The ARN, Key ID, or alias of the KMS key used to encrypt the SecretString or SecretBinary values for versions of this secret.

Name
Type: string

The name of the secret.

RotationEnabled
Type: boolean

Whether rotation is enabled.

RotationLambdaArn
Type: string

The ARN of the Lambda function that rotates the secret.

RotationOccurredWithinFrequency
Type: boolean

Whether the rotation occurred within the specified rotation frequency.

RotationRules

Defines the rotation schedule for the secret.

AwsSecretsManagerSecretRotationRules

Description

Defines the rotation schedule for the secret.

Members
AutomaticallyAfterDays
Type: int

The number of days after the previous rotation to rotate the secret.

AwsSecurityFinding

Description

Provides a consistent format for Security Hub findings. AwsSecurityFinding format allows you to share findings between Amazon Web Services security services and third-party solutions.

A finding is a potential security issue generated either by Amazon Web Services services or by the integrated third-party solutions and standards checks.

Members
Action
Type: Action structure

Provides details about an action that affects or that was taken on a resource.

AwsAccountId
Required: Yes
Type: string

The Amazon Web Services account ID that a finding is generated in.

Length Constraints: 12.

AwsAccountName
Type: string

The name of the Amazon Web Services account from which a finding was generated.

Length Constraints: Minimum length of 1. Maximum length of 50.

CompanyName
Type: string

The name of the company for the product that generated the finding.

Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

When you use the Security Hub console or API to filter findings by company name, you use this attribute.

Length Constraints: Minimum length of 1. Maximum length of 128.

Compliance
Type: Compliance structure

This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.

Confidence
Type: int

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

CreatedAt
Required: Yes
Type: string

Indicates when the security findings provider created the potential security issue that a finding captured.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Criticality
Type: int

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Description
Required: Yes
Type: string

A finding's description. Description is a required property.

Length Constraints: Minimum length of 1. Maximum length of 1024.

Detection
Type: Detection structure

Provides details about an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

FindingProviderFields
Type: FindingProviderFields structure

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update their own values for confidence, criticality, related findings, severity, and types.

FirstObservedAt
Type: string

Indicates when the security findings provider first observed the potential security issue that a finding captured.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

GeneratorDetails
Type: GeneratorDetails structure

Provides metadata for the Amazon CodeGuru detector associated with a finding. This field pertains to findings that relate to Lambda functions. Amazon Inspector identifies policy violations and vulnerabilities in Lambda function code based on internal detectors developed in collaboration with Amazon CodeGuru. Security Hub receives those findings.

GeneratorId
Required: Yes
Type: string

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, or something else.

Length Constraints: Minimum length of 1. Maximum length of 512.

Id
Required: Yes
Type: string

The security findings provider-specific identifier for a finding.

Length Constraints: Minimum length of 1. Maximum length of 512.

LastObservedAt
Type: string

Indicates when the security findings provider most recently observed a change in the resource that is involved in the finding.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Malware
Type: Array of Malware structures

A list of malware related to a finding.

Array Members: Maximum number of 5 items.

Network
Type: Network structure

The details of network-related information about a finding.

NetworkPath
Type: Array of NetworkPathComponent structures

Provides information about a network path that is relevant to a finding. Each entry under NetworkPath represents a component of that path.

Note
Type: Note structure

A user-defined note added to a finding.

PatchSummary
Type: PatchSummary structure

Provides an overview of the patch compliance status for an instance against a selected compliance standard.

Process
Type: ProcessDetails structure

The details of process-related information about a finding.

ProcessedAt
Type: string

A timestamp that indicates when Security Hub received a finding and begins to process it.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

ProductArn
Required: Yes
Type: string

The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.

Length Constraints: Minimum length of 12. Maximum length of 2048.

ProductFields
Type: Associative array of custom strings keys (NonEmptyString) to strings

A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 2048 characters.

ProductName
Type: string

The name of the product that generated the finding.

Security Hub populates this attribute automatically for each finding. You cannot update this attribute with BatchImportFindings or BatchUpdateFindings. The exception to this is a custom integration.

When you use the Security Hub console or API to filter findings by product name, you use this attribute.

Length Constraints: Minimum length of 1. Maximum length of 128.

RecordState
Type: string

The record state of a finding.

Region
Type: string

The Region from which the finding was generated.

Security Hub populates this attribute automatically for each finding. You cannot update it using BatchImportFindings or BatchUpdateFindings.

Length Constraints: Minimum length of 1. Maximum length of 16.

RelatedFindings
Type: Array of RelatedFinding structures

A list of related findings.

Array Members: Minimum number of 1 item. Maximum number of 10 items.

Remediation
Type: Remediation structure

A data type that describes the remediation options for a finding.

Resources
Required: Yes
Type: Array of Resource structures

A set of resource data types that describe the resources that the finding refers to.

Array Members: Minimum number of 1 item. Maximum number of 32 items.

Sample
Type: boolean

Indicates whether the finding is a sample finding.

SchemaVersion
Required: Yes
Type: string

The schema version that a finding is formatted for. The value is 2018-10-08.

Severity
Type: Severity structure

A finding's severity.

SourceUrl
Type: string

A URL that links to a page about the current finding in the security findings provider's solution.

ThreatIntelIndicators
Type: Array of ThreatIntelIndicator structures

Threat intelligence details related to a finding.

Array Members: Minimum number of 1 item. Maximum number of 5 items.

Threats
Type: Array of Threat structures

Details about the threat detected in a security finding and the file paths that were affected by the threat.

Array Members: Minimum number of 1 item. Maximum number of 32 items.

Title
Required: Yes
Type: string

A finding's title. Title is a required property.

Length Constraints: Minimum length of 1. Maximum length of 256.

Types
Type: Array of strings

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

Array Members: Maximum number of 50 items.

UpdatedAt
Required: Yes
Type: string

Indicates when the security findings provider last updated the finding record.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

UserDefinedFields
Type: Associative array of custom strings keys (NonEmptyString) to strings

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

Can contain up to 50 key-value pairs. For each key-value pair, the key can contain up to 128 characters, and the value can contain up to 1024 characters.

VerificationState
Type: string

Indicates the veracity of a finding.

Vulnerabilities
Type: Array of Vulnerability structures

Provides a list of vulnerabilities associated with the findings.

Workflow
Type: Workflow structure

Provides information about the status of the investigation into a finding.

WorkflowState
Type: string

The workflow state of a finding.

AwsSecurityFindingFilters

Description

A collection of filters that are applied to all active findings aggregated by Security Hub.

You can filter by up to ten finding attributes. For each attribute, you can provide up to 20 filter values.

Members
AwsAccountId
Type: Array of StringFilter structures

The Amazon Web Services account ID in which a finding is generated.

AwsAccountName
Type: Array of StringFilter structures

The name of the Amazon Web Services account in which a finding is generated.

CompanyName
Type: Array of StringFilter structures

The name of the findings provider (company) that owns the solution (product) that generates findings.

ComplianceAssociatedStandardsId
Type: Array of StringFilter structures

The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the DescribeStandards API response.

ComplianceSecurityControlId
Type: Array of StringFilter structures

The unique identifier of a control across standards. Values for this field typically consist of an Amazon Web Services service and a number, such as APIGateway.5.

ComplianceSecurityControlParametersName
Type: Array of StringFilter structures

The name of a security control parameter.

ComplianceSecurityControlParametersValue
Type: Array of StringFilter structures

The current value of a security control parameter.

ComplianceStatus
Type: Array of StringFilter structures

Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS Amazon Web Services Foundations. Contains security standard-related finding details.

Confidence
Type: Array of NumberFilter structures

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

CreatedAt
Type: Array of DateFilter structures

A timestamp that indicates when the security findings provider created the potential security issue that a finding reflects.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Criticality
Type: Array of NumberFilter structures

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Description
Type: Array of StringFilter structures

A finding's description.

FindingProviderFieldsConfidence
Type: Array of NumberFilter structures

The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

FindingProviderFieldsCriticality
Type: Array of NumberFilter structures

The finding provider value for the level of importance assigned to the resources associated with the findings.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

FindingProviderFieldsRelatedFindingsId
Type: Array of StringFilter structures

The finding identifier of a related finding that is identified by the finding provider.

FindingProviderFieldsRelatedFindingsProductArn
Type: Array of StringFilter structures

The ARN of the solution that generated a related finding that is identified by the finding provider.

FindingProviderFieldsSeverityLabel
Type: Array of StringFilter structures

The finding provider value for the severity label.

FindingProviderFieldsSeverityOriginal
Type: Array of StringFilter structures

The finding provider's original value for the severity.

FindingProviderFieldsTypes
Type: Array of StringFilter structures

One or more finding types that the finding provider assigned to the finding. Uses the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

FirstObservedAt
Type: Array of DateFilter structures

A timestamp that indicates when the security findings provider first observed the potential security issue that a finding captured.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

GeneratorId
Type: Array of StringFilter structures

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security findings providers' solutions, this generator can be called a rule, a check, a detector, a plugin, etc.

Id
Type: Array of StringFilter structures

The security findings provider-specific identifier for a finding.

Keyword
Type: Array of KeywordFilter structures

A keyword for a finding.

LastObservedAt
Type: Array of DateFilter structures

A timestamp that indicates when the security findings provider most recently observed a change in the resource that is involved in the finding.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

MalwareName
Type: Array of StringFilter structures

The name of the malware that was observed.

MalwarePath
Type: Array of StringFilter structures

The filesystem path of the malware that was observed.

MalwareState
Type: Array of StringFilter structures

The state of the malware that was observed.

MalwareType
Type: Array of StringFilter structures

The type of the malware that was observed.

NetworkDestinationDomain
Type: Array of StringFilter structures

The destination domain of network-related information about a finding.

NetworkDestinationIpV4
Type: Array of IpFilter structures

The destination IPv4 address of network-related information about a finding.

NetworkDestinationIpV6
Type: Array of IpFilter structures

The destination IPv6 address of network-related information about a finding.

NetworkDestinationPort
Type: Array of NumberFilter structures

The destination port of network-related information about a finding.

NetworkDirection
Type: Array of StringFilter structures

Indicates the direction of network traffic associated with a finding.

NetworkProtocol
Type: Array of StringFilter structures

The protocol of network-related information about a finding.

NetworkSourceDomain
Type: Array of StringFilter structures

The source domain of network-related information about a finding.

NetworkSourceIpV4
Type: Array of IpFilter structures

The source IPv4 address of network-related information about a finding.

NetworkSourceIpV6
Type: Array of IpFilter structures

The source IPv6 address of network-related information about a finding.

NetworkSourceMac
Type: Array of StringFilter structures

The source media access control (MAC) address of network-related information about a finding.

NetworkSourcePort
Type: Array of NumberFilter structures

The source port of network-related information about a finding.

NoteText
Type: Array of StringFilter structures

The text of a note.

NoteUpdatedAt
Type: Array of DateFilter structures

The timestamp of when the note was updated.

NoteUpdatedBy
Type: Array of StringFilter structures

The principal that created a note.

ProcessLaunchedAt
Type: Array of DateFilter structures

A timestamp that identifies when the process was launched.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

ProcessName
Type: Array of StringFilter structures

The name of the process.

ProcessParentPid
Type: Array of NumberFilter structures

The parent process ID. This field accepts positive integers between O and 2147483647.

ProcessPath
Type: Array of StringFilter structures

The path to the process executable.

ProcessPid
Type: Array of NumberFilter structures

The process ID.

ProcessTerminatedAt
Type: Array of DateFilter structures

A timestamp that identifies when the process was terminated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

ProductArn
Type: Array of StringFilter structures

The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.

ProductFields
Type: Array of MapFilter structures

A data type where security findings providers can include additional solution-specific details that aren't part of the defined AwsSecurityFinding format.

ProductName
Type: Array of StringFilter structures

The name of the solution (product) that generates findings.

RecommendationText
Type: Array of StringFilter structures

The recommendation of what to do about the issue described in a finding.

RecordState
Type: Array of StringFilter structures

The updated record state for the finding.

Region
Type: Array of StringFilter structures

The Region from which the finding was generated.

RelatedFindingsId
Type: Array of StringFilter structures

The solution-generated identifier for a related finding.

RelatedFindingsProductArn
Type: Array of StringFilter structures

The ARN of the solution that generated a related finding.

ResourceApplicationArn
Type: Array of StringFilter structures

The ARN of the application that is related to a finding.

ResourceApplicationName
Type: Array of StringFilter structures

The name of the application that is related to a finding.

ResourceAwsEc2InstanceIamInstanceProfileArn
Type: Array of StringFilter structures

The IAM profile ARN of the instance.

ResourceAwsEc2InstanceImageId
Type: Array of StringFilter structures

The Amazon Machine Image (AMI) ID of the instance.

ResourceAwsEc2InstanceIpV4Addresses
Type: Array of IpFilter structures

The IPv4 addresses associated with the instance.

ResourceAwsEc2InstanceIpV6Addresses
Type: Array of IpFilter structures

The IPv6 addresses associated with the instance.

ResourceAwsEc2InstanceKeyName
Type: Array of StringFilter structures

The key name associated with the instance.

ResourceAwsEc2InstanceLaunchedAt
Type: Array of DateFilter structures

The date and time the instance was launched.

ResourceAwsEc2InstanceSubnetId
Type: Array of StringFilter structures

The identifier of the subnet that the instance was launched in.

ResourceAwsEc2InstanceType
Type: Array of StringFilter structures

The instance type of the instance.

ResourceAwsEc2InstanceVpcId
Type: Array of StringFilter structures

The identifier of the VPC that the instance was launched in.

ResourceAwsIamAccessKeyCreatedAt
Type: Array of DateFilter structures

The creation date/time of the IAM access key related to a finding.

ResourceAwsIamAccessKeyPrincipalName
Type: Array of StringFilter structures

The name of the principal that is associated with an IAM access key.

ResourceAwsIamAccessKeyStatus
Type: Array of StringFilter structures

The status of the IAM access key related to a finding.

ResourceAwsIamAccessKeyUserName
Type: Array of StringFilter structures

The user associated with the IAM access key related to a finding.

ResourceAwsIamUserUserName
Type: Array of StringFilter structures

The name of an IAM user.

ResourceAwsS3BucketOwnerId
Type: Array of StringFilter structures

The canonical user ID of the owner of the S3 bucket.

ResourceAwsS3BucketOwnerName
Type: Array of StringFilter structures

The display name of the owner of the S3 bucket.

ResourceContainerImageId
Type: Array of StringFilter structures

The identifier of the image related to a finding.

ResourceContainerImageName
Type: Array of StringFilter structures

The name of the image related to a finding.

ResourceContainerLaunchedAt
Type: Array of DateFilter structures

A timestamp that identifies when the container was started.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

ResourceContainerName
Type: Array of StringFilter structures

The name of the container related to a finding.

ResourceDetailsOther
Type: Array of MapFilter structures

The details of a resource that doesn't have a specific subfield for the resource type defined.

ResourceId
Type: Array of StringFilter structures

The canonical identifier for the given resource type.

ResourcePartition
Type: Array of StringFilter structures

The canonical Amazon Web Services partition name that the Region is assigned to.

ResourceRegion
Type: Array of StringFilter structures

The canonical Amazon Web Services external Region name where this resource is located.

ResourceTags
Type: Array of MapFilter structures

A list of Amazon Web Services tags associated with a resource at the time the finding was processed.

ResourceType
Type: Array of StringFilter structures

Specifies the type of the resource that details are provided for.

Sample
Type: Array of BooleanFilter structures

Indicates whether or not sample findings are included in the filter results.

SeverityLabel
Type: Array of StringFilter structures

The label of a finding's severity.

SeverityNormalized
Type: Array of NumberFilter structures

The normalized severity of a finding.

SeverityProduct
Type: Array of NumberFilter structures

The native severity as defined by the security findings provider's solution that generated the finding.

SourceUrl
Type: Array of StringFilter structures

A URL that links to a page about the current finding in the security findings provider's solution.

ThreatIntelIndicatorCategory
Type: Array of StringFilter structures

The category of a threat intelligence indicator.

ThreatIntelIndicatorLastObservedAt
Type: Array of DateFilter structures

A timestamp that identifies the last observation of a threat intelligence indicator.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

ThreatIntelIndicatorSource
Type: Array of StringFilter structures

The source of the threat intelligence.

ThreatIntelIndicatorSourceUrl
Type: Array of StringFilter structures

The URL for more details from the source of the threat intelligence.

ThreatIntelIndicatorType
Type: Array of StringFilter structures

The type of a threat intelligence indicator.

ThreatIntelIndicatorValue
Type: Array of StringFilter structures

The value of a threat intelligence indicator.

Title
Type: Array of StringFilter structures

A finding's title.

Type
Type: Array of StringFilter structures

A finding type in the format of namespace/category/classifier that classifies a finding.

UpdatedAt
Type: Array of DateFilter structures

A timestamp that indicates when the security findings provider last updated the finding record.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

UserDefinedFields
Type: Array of MapFilter structures

A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

VerificationState
Type: Array of StringFilter structures

The veracity of a finding.

VulnerabilitiesExploitAvailable
Type: Array of StringFilter structures

Indicates whether a software vulnerability in your environment has a known exploit. You can filter findings by this field only if you use Security Hub and Amazon Inspector.

VulnerabilitiesFixAvailable
Type: Array of StringFilter structures

Indicates whether a vulnerability is fixed in a newer version of the affected software packages. You can filter findings by this field only if you use Security Hub and Amazon Inspector.

WorkflowState
Type: Array of StringFilter structures

The workflow state of a finding.

Note that this field is deprecated. To search for a finding based on its workflow status, use WorkflowStatus.

WorkflowStatus
Type: Array of StringFilter structures

The status of the investigation into a finding. Allowed values are the following.

  • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases:

    • RecordState changes from ARCHIVED to ACTIVE.

    • Compliance.Status changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.

  • NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.

    If one of the following occurs, the workflow status is changed automatically from NOTIFIED to NEW:

    • RecordState changes from ARCHIVED to ACTIVE.

    • Compliance.Status changes from PASSED to FAILED, WARNING, or NOT_AVAILABLE.

  • SUPPRESSED - Indicates that you reviewed the finding and don't believe that any action is needed.

    The workflow status of a SUPPRESSED finding does not change if RecordState changes from ARCHIVED to ACTIVE.

  • RESOLVED - The finding was reviewed and remediated and is now considered resolved.

    The finding remains RESOLVED unless one of the following occurs:

    • RecordState changes from ARCHIVED to ACTIVE.

    • Compliance.Status changes from PASSED to FAILED, WARNING, or NOT_AVAILABLE.

    In those cases, the workflow status is automatically reset to NEW.

    For findings from controls, if Compliance.Status is PASSED, then Security Hub automatically sets the workflow status to RESOLVED.

AwsSecurityFindingIdentifier

Description

Identifies which finding to get the finding history for.

Members
Id
Required: Yes
Type: string

The identifier of the finding that was specified by the finding provider.

ProductArn
Required: Yes
Type: string

The ARN generated by Security Hub that uniquely identifies a product that generates findings. This can be the ARN for a third-party product that is integrated with Security Hub, or the ARN for a custom integration.

AwsSnsTopicDetails

Description

Provides information about an Amazon SNS topic to which notifications can be published.

Members
ApplicationSuccessFeedbackRoleArn
Type: string

Indicates failed message delivery status for an Amazon SNS topic that is subscribed to a platform application endpoint.

FirehoseFailureFeedbackRoleArn
Type: string

Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Amazon Kinesis Data Firehose endpoint.

FirehoseSuccessFeedbackRoleArn
Type: string

Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Amazon Kinesis Data Firehose endpoint.

HttpFailureFeedbackRoleArn
Type: string

Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an HTTP endpoint.

HttpSuccessFeedbackRoleArn
Type: string

Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an HTTP endpoint.

KmsMasterKeyId
Type: string

The ID of an Amazon Web Services managed key for Amazon SNS or a customer managed key.

Owner
Type: string

The subscription's owner.

SqsFailureFeedbackRoleArn
Type: string

Indicates failed message delivery status for an Amazon SNS topic that is subscribed to an Amazon SQS endpoint.

SqsSuccessFeedbackRoleArn
Type: string

Indicates successful message delivery status for an Amazon SNS topic that is subscribed to an Amazon SQS endpoint.

Subscription
Type: Array of AwsSnsTopicSubscription structures

Subscription is an embedded property that describes the subscription endpoints of an Amazon SNS topic.

TopicName
Type: string

The name of the Amazon SNS topic.

AwsSnsTopicSubscription

Description

A wrapper type for the attributes of an Amazon SNS subscription.

Members
Endpoint
Type: string

The subscription's endpoint (format depends on the protocol).

Protocol
Type: string

The subscription's protocol.

AwsSqsQueueDetails

Description

Data about a queue.

Members
DeadLetterTargetArn
Type: string

The ARN of the dead-letter queue to which Amazon SQS moves messages after the value of maxReceiveCount is exceeded.

KmsDataKeyReusePeriodSeconds
Type: int

The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling KMS again.

KmsMasterKeyId
Type: string

The ID of an Amazon Web Services managed key for Amazon SQS or a custom KMS key.

QueueName
Type: string

The name of the new queue.

AwsSsmComplianceSummary

Description

Provides the details about the compliance status for a patch.

Members
ComplianceType
Type: string

The type of resource for which the compliance was determined. For AwsSsmPatchCompliance, ComplianceType is Patch.

CompliantCriticalCount
Type: int

For the patches that are compliant, the number that have a severity of CRITICAL.

CompliantHighCount
Type: int

For the patches that are compliant, the number that have a severity of HIGH.

CompliantInformationalCount
Type: int

For the patches that are compliant, the number that have a severity of INFORMATIONAL.

CompliantLowCount
Type: int

For the patches that are compliant, the number that have a severity of LOW.

CompliantMediumCount
Type: int

For the patches that are compliant, the number that have a severity of MEDIUM.

CompliantUnspecifiedCount
Type: int

For the patches that are compliant, the number that have a severity of UNSPECIFIED.

ExecutionType
Type: string

The type of execution that was used determine compliance.

NonCompliantCriticalCount
Type: int

For the patch items that are noncompliant, the number of items that have a severity of CRITICAL.

NonCompliantHighCount
Type: int

For the patches that are noncompliant, the number that have a severity of HIGH.

NonCompliantInformationalCount
Type: int

For the patches that are noncompliant, the number that have a severity of INFORMATIONAL.

NonCompliantLowCount
Type: int

For the patches that are noncompliant, the number that have a severity of LOW.

NonCompliantMediumCount
Type: int

For the patches that are noncompliant, the number that have a severity of MEDIUM.

NonCompliantUnspecifiedCount
Type: int

For the patches that are noncompliant, the number that have a severity of UNSPECIFIED.

OverallSeverity
Type: string

The highest severity for the patches. Valid values are as follows:

  • CRITICAL

  • HIGH

  • MEDIUM

  • LOW

  • INFORMATIONAL

  • UNSPECIFIED

PatchBaselineId
Type: string

The identifier of the patch baseline. The patch baseline lists the patches that are approved for installation.

PatchGroup
Type: string

The identifier of the patch group for which compliance was determined. A patch group uses tags to group EC2 instances that should have the same patch compliance.

Status
Type: string

The current patch compliance status. Valid values are as follows:

  • COMPLIANT

  • NON_COMPLIANT

  • UNSPECIFIED_DATA

AwsSsmPatch

Description

Provides details about the compliance for a patch.

Members
ComplianceSummary
Type: AwsSsmComplianceSummary structure

The compliance status details for the patch.

AwsSsmPatchComplianceDetails

Description

Provides information about the state of a patch on an instance based on the patch baseline that was used to patch the instance.

Members
Patch
Type: AwsSsmPatch structure

Information about the status of a patch.

AwsStepFunctionStateMachineDetails

Description

Provides details about an Step Functions state machine, which is a workflow consisting of a series of event- driven steps.

Members
Label
Type: string

A user-defined or an auto-generated string that identifies a Map state. This parameter is present only if the stateMachineArn specified in input is a qualified state machine ARN.

LoggingConfiguration

Used to set CloudWatch Logs options.

Name
Type: string

The name of the state machine.

RoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM role used when creating this state machine.

StateMachineArn
Type: string

The ARN that identifies the state machine.

Status
Type: string

The current status of the state machine.

TracingConfiguration

Specifies whether X-Ray tracing is enabled.

Type
Type: string

The type of the state machine (STANDARD or EXPRESS).

AwsStepFunctionStateMachineLoggingConfigurationDestinationsCloudWatchLogsLogGroupDetails

Description

An object describing a CloudWatch log group. For more information, see Amazon Web Services::Logs::LogGroup in the CloudFormation User Guide.

Members
LogGroupArn
Type: string

The ARN (ends with :*) of the CloudWatch Logs log group to which you want your logs emitted.

AwsStepFunctionStateMachineLoggingConfigurationDetails

Description

The LoggingConfiguration data type is used to set CloudWatch Logs options.

Members
Destinations

An array of objects that describes where your execution history events will be logged.

IncludeExecutionData
Type: boolean

Determines whether execution data is included in your log. When set to false, data is excluded.

Level
Type: string

Defines which category of execution history events are logged.

AwsStepFunctionStateMachineTracingConfigurationDetails

Description

Specifies whether X-Ray tracing is enabled.

Members
Enabled
Type: boolean

When set to true, X-Ray tracing is enabled.

AwsWafRateBasedRuleDetails

Description

Details about a rate-based rule for global resources. A rate-based rule provides settings to indicate when to allow, block, or count a request. Rate-based rules include the number of requests that arrive over a specified period of time.

Members
MatchPredicates
Type: Array of AwsWafRateBasedRuleMatchPredicate structures

The predicates to include in the rate-based rule.

MetricName
Type: string

The name of the metrics for the rate-based rule.

Name
Type: string

The name of the rate-based rule.

RateKey
Type: string

The field that WAF uses to determine whether requests are likely arriving from single source and are subject to rate monitoring.

RateLimit
Type: long (int|float)

The maximum number of requests that have an identical value for the field specified in RateKey that are allowed within a five-minute period. If the number of requests exceeds RateLimit and the other predicates specified in the rule are met, WAF triggers the action for the rule.

RuleId
Type: string

The unique identifier for the rate-based rule.

AwsWafRateBasedRuleMatchPredicate

Description

A match predicate. A predicate might look for characteristics such as specific IP addresses, geographic locations, or sizes.

Members
DataId
Type: string

The unique identifier for the predicate.

Negated
Type: boolean

If set to true, then the rule actions are performed on requests that match the predicate settings.

If set to false, then the rule actions are performed on all requests except those that match the predicate settings.

Type
Type: string

The type of predicate. Valid values are as follows:

  • ByteMatch

  • GeoMatch

  • IPMatch

  • RegexMatch

  • SizeConstraint

  • SqlInjectionMatch

  • XssMatch

AwsWafRegionalRateBasedRuleDetails

Description

contains details about a rate-based rule for Regional resources. A rate-based rule provides settings to indicate when to allow, block, or count a request. Rate-based rules include the number of requests that arrive over a specified period of time.

Members
MatchPredicates
Type: Array of AwsWafRegionalRateBasedRuleMatchPredicate structures

The predicates to include in the rate-based rule.

MetricName
Type: string

The name of the metrics for the rate-based rule.

Name
Type: string

The name of the rate-based rule.

RateKey
Type: string

The field that WAF uses to determine whether requests are likely arriving from single source and are subject to rate monitoring.

RateLimit
Type: long (int|float)

The maximum number of requests that have an identical value for the field specified in RateKey that are allowed within a five-minute period. If the number of requests exceeds RateLimit and the other predicates specified in the rule are met, WAF triggers the action for the rule.

RuleId
Type: string

The unique identifier for the rate-based rule.

AwsWafRegionalRateBasedRuleMatchPredicate

Description

Details for a match predicate. A predicate might look for characteristics such as specific IP addresses, geographic locations, or sizes.

Members
DataId
Type: string

The unique identifier for the predicate.

Negated
Type: boolean

If set to true, then the rule actions are performed on requests that match the predicate settings.

If set to false, then the rule actions are performed on all requests except those that match the predicate settings.

Type
Type: string

The type of predicate. Valid values are as follows:

  • ByteMatch

  • GeoMatch

  • IPMatch

  • RegexMatch

  • SizeConstraint

  • SqlInjectionMatch

  • XssMatch

AwsWafRegionalRuleDetails

Description

Provides information about an WAF Regional rule. This rule identifies the web requests that you want to allow, block, or count.

Members
MetricName
Type: string

A name for the metrics for the rule.

Name
Type: string

A descriptive name for the rule.

PredicateList
Type: Array of AwsWafRegionalRulePredicateListDetails structures

Specifies the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, and SizeConstraintSet objects that you want to add to a rule and, for each object, indicates whether you want to negate the settings.

RuleId
Type: string

The ID of the rule.

AwsWafRegionalRuleGroupDetails

Description

Provides information about an WAF Regional rule group. The rule group is a collection of rules for inspecting and controlling web requests.

Members
MetricName
Type: string

A name for the metrics for this rule group.

Name
Type: string

The descriptive name of the rule group.

RuleGroupId
Type: string

The ID of the rule group.

Rules
Type: Array of AwsWafRegionalRuleGroupRulesDetails structures

Provides information about the rule statements used to identify the web requests that you want to allow, block, or count.

AwsWafRegionalRuleGroupRulesActionDetails

Description

Describes the action that WAF should take on a web request when it matches the criteria defined in the rule.

Members
Type
Type: string

Specifies the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, and SizeConstraintSet objects that you want to add to a rule and, for each object, indicates whether you want to negate the settings.

AwsWafRegionalRuleGroupRulesDetails

Description

Provides information about the rules attached to a rule group

Members
Action

The action that WAF should take on a web request when it matches the criteria defined in the rule.

Priority
Type: int

If you define more than one rule in a web ACL, WAF evaluates each request against the rules in order based on the value of Priority.

RuleId
Type: string

The ID for a rule.

Type
Type: string

The type of rule in the rule group.

AwsWafRegionalRulePredicateListDetails

Description

Provides details about the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, and SizeConstraintSet objects that you want to add to a rule and, for each object, indicates whether you want to negate the settings.

Members
DataId
Type: string

A unique identifier for a predicate in a rule, such as ByteMatchSetId or IPSetId.

Negated
Type: boolean

Specifies if you want WAF to allow, block, or count requests based on the settings in the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, or SizeConstraintSet.

Type
Type: string

The type of predicate in a rule, such as ByteMatch or IPSet.

AwsWafRegionalWebAclDetails

Description

Provides information about the web access control list (web ACL). The web ACL contains the rules that identify the requests that you want to allow, block, or count.

Members
DefaultAction
Type: string

The action to perform if none of the rules contained in the web ACL match.

MetricName
Type: string

A name for the metrics for this web ACL.

Name
Type: string

A descriptive name for the web ACL.

RulesList
Type: Array of AwsWafRegionalWebAclRulesListDetails structures

An array that contains the action for each rule in a web ACL, the priority of the rule, and the ID of the rule.

WebAclId
Type: string

The ID of the web ACL.

AwsWafRegionalWebAclRulesListActionDetails

Description

The action that WAF takes when a web request matches all conditions in the rule, such as allow, block, or count the request.

Members
Type
Type: string

For actions that are associated with a rule, the action that WAF takes when a web request matches all conditions in a rule.

AwsWafRegionalWebAclRulesListDetails

Description

A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet objects that identify the web requests that you want to allow, block, or count.

Members
Action

The action that WAF takes when a web request matches all conditions in the rule, such as allow, block, or count the request.

OverrideAction

Overrides the rule evaluation result in the rule group.

Priority
Type: int

The order in which WAF evaluates the rules in a web ACL.

RuleId
Type: string

The ID of an WAF Regional rule to associate with a web ACL.

Type
Type: string

For actions that are associated with a rule, the action that WAF takes when a web request matches all conditions in a rule.

AwsWafRegionalWebAclRulesListOverrideActionDetails

Description

Provides details about the action to use in the place of the action that results from the rule group evaluation.

Members
Type
Type: string

Overrides the rule evaluation result in the rule group.

AwsWafRuleDetails

Description

Provides information about a WAF rule. This rule specifies the web requests that you want to allow, block, or count.

Members
MetricName
Type: string

The name of the metrics for this rule.

Name
Type: string

A descriptive name for the rule.

PredicateList
Type: Array of AwsWafRulePredicateListDetails structures

Specifies the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, and SizeConstraintSet objects that you want to add to a rule and, for each object, indicates whether you want to negate the settings.

RuleId
Type: string

The ID of the WAF rule.

AwsWafRuleGroupDetails

Description

Provides information about an WAF rule group. A rule group is a collection of rules for inspecting and controlling web requests.

Members
MetricName
Type: string

The name of the metrics for this rule group.

Name
Type: string

The name of the rule group.

RuleGroupId
Type: string

The ID of the rule group.

Rules
Type: Array of AwsWafRuleGroupRulesDetails structures

Provides information about the rules attached to the rule group. These rules identify the web requests that you want to allow, block, or count.

AwsWafRuleGroupRulesActionDetails

Description

Provides information about what action WAF should take on a web request when it matches the criteria defined in the rule.

Members
Type
Type: string

The action that WAF should take on a web request when it matches the rule's statement.

AwsWafRuleGroupRulesDetails

Description

Provides information about the rules attached to the rule group. These rules identify the web requests that you want to allow, block, or count.

Members
Action

Provides information about what action WAF should take on a web request when it matches the criteria defined in the rule.

Priority
Type: int

If you define more than one rule in a web ACL, WAF evaluates each request against the rules in order based on the value of Priority.

RuleId
Type: string

The rule ID for a rule.

Type
Type: string

The type of rule.

AwsWafRulePredicateListDetails

Description

Provides details about the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, and SizeConstraintSet objects that you want to add to a rule and, for each object, indicates whether you want to negate the settings.

Members
DataId
Type: string

A unique identifier for a predicate in a rule, such as ByteMatchSetId or IPSetId.

Negated
Type: boolean

Specifies if you want WAF to allow, block, or count requests based on the settings in the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, or SizeConstraintSet.

Type
Type: string

The type of predicate in a rule, such as ByteMatch or IPSet.

AwsWafWebAclDetails

Description

Provides information about an WAF web access control list (web ACL).

Members
DefaultAction
Type: string

The action to perform if none of the rules contained in the web ACL match.

Name
Type: string

A friendly name or description of the web ACL. You can't change the name of a web ACL after you create it.

Rules
Type: Array of AwsWafWebAclRule structures

An array that contains the action for each rule in a web ACL, the priority of the rule, and the ID of the rule.

WebAclId
Type: string

A unique identifier for a web ACL.

AwsWafWebAclRule

Description

Details for a rule in an WAF web ACL.

Members
Action
Type: WafAction structure

Specifies the action that CloudFront or WAF takes when a web request matches the conditions in the rule.

ExcludedRules
Type: Array of WafExcludedRule structures

Rules to exclude from a rule group.

OverrideAction
Type: WafOverrideAction structure

Use the OverrideAction to test your RuleGroup.

Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to None, the RuleGroup blocks a request if any individual rule in the RuleGroup matches the request and is configured to block that request.

However, if you first want to test the RuleGroup, set the OverrideAction to Count. The RuleGroup then overrides any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests are counted.

ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a web ACL. In this case you don't use ActivatedRule Action. For all other update requests, ActivatedRule Action is used instead of ActivatedRule OverrideAction.

Priority
Type: int

Specifies the order in which the rules in a web ACL are evaluated. Rules with a lower value for Priority are evaluated before rules with a higher value. The value must be a unique integer. If you add multiple rules to a web ACL, the values don't need to be consecutive.

RuleId
Type: string

The identifier for a rule.

Type
Type: string

The rule type.

Valid values: REGULAR | RATE_BASED | GROUP

The default is REGULAR.

AwsWafv2ActionAllowDetails

Description

Specifies that WAF should allow the request and optionally defines additional custom handling for the request.

Members
CustomRequestHandling

Defines custom handling for the web request. For information about customizing web requests and responses, see Customizing web requests and responses in WAF in the WAF Developer Guide..

AwsWafv2ActionBlockDetails

Description

Specifies that WAF should block the request and optionally defines additional custom handling for the response to the web request.

Members
CustomResponse

Defines a custom response for the web request. For information, see Customizing web requests and responses in WAF in the WAF Developer Guide..

AwsWafv2CustomHttpHeader

Description

A custom header for custom request and response handling.

Members
Name
Type: string

The name of the custom header.

Value
Type: string

The value of the custom header.

AwsWafv2CustomRequestHandlingDetails

Description

Custom request handling behavior that inserts custom headers into a web request. WAF uses custom request handling when the rule action doesn't block the request.

Members
InsertHeaders
Type: Array of AwsWafv2CustomHttpHeader structures

The HTTP headers to insert into the request.

AwsWafv2CustomResponseDetails

Description

A custom response to send to the client. You can define a custom response for rule actions and default web ACL actions that are set to block.

Members
CustomResponseBodyKey
Type: string

References the response body that you want WAF to return to the web request client. You can define a custom response for a rule action or a default web ACL action that is set to block.

ResponseCode
Type: int

The HTTP status code to return to the client. For a list of status codes that you can use in your custom responses, see Supported status codes for custom response in the WAF Developer Guide.

ResponseHeaders
Type: Array of AwsWafv2CustomHttpHeader structures

The HTTP headers to use in the response.

AwsWafv2RuleGroupDetails

Description

Details about an WAFv2 rule group.

Members
Arn
Type: string

The Amazon Resource Name (ARN) of the entity.

Capacity
Type: long (int|float)

The web ACL capacity units (WCUs) required for this rule group.

Description
Type: string

A description of the rule group that helps with identification.

Id
Type: string

A unique identifier for the rule group.

Name
Type: string

The name of the rule group. You cannot change the name of a rule group after you create it.

Rules
Type: Array of AwsWafv2RulesDetails structures

The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.

Scope
Type: string

Specifies whether the rule group is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.

VisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection.

AwsWafv2RulesActionCaptchaDetails

Description

Specifies that WAF should run a CAPTCHA check against the request.

Members
CustomRequestHandling

Defines custom handling for the web request, used when the CAPTCHA inspection determines that the request's token is valid and unexpired. For more information, see Customizing web requests and responses in WAF in the WAF Developer Guide..

AwsWafv2RulesActionDetails

Description

The action that WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting.

Members
Allow
Type: AwsWafv2ActionAllowDetails structure

Instructs WAF to allow the web request.

Block
Type: AwsWafv2ActionBlockDetails structure

Instructs WAF to block the web request.

Captcha

Instructs WAF to run a CAPTCHA check against the web request.

Count

Instructs WAF to count the web request and then continue evaluating the request using the remaining rules in the web ACL.

AwsWafv2RulesDetails

Description

Provides details about rules in a rule group. A rule identifies web requests that you want to allow, block, or count. Each rule includes one top-level Statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.

Members
Action
Type: AwsWafv2RulesActionDetails structure

The action that WAF should take on a web request when it matches the rule statement. Settings at the web ACL level can override the rule action setting.

Name
Type: string

The name of the rule.

OverrideAction
Type: string

The action to use in the place of the action that results from the rule group evaluation.

Priority
Type: int

If you define more than one Rule in a WebACL, WAF evaluates each request against the Rules in order based on the value of Priority. WAF processes rules with lower priority first. The priorities don't need to be consecutive, but they must all be different.

VisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection.

AwsWafv2VisibilityConfigDetails

Description

Defines and enables Amazon CloudWatch metrics and web request sample collection.

Members
CloudWatchMetricsEnabled
Type: boolean

A boolean indicating whether the associated resource sends metrics to Amazon CloudWatch. For the list of available metrics, see WAF metrics and dimensions in the WAF Developer Guide.

MetricName
Type: string

A name of the Amazon CloudWatch metric.

SampledRequestsEnabled
Type: boolean

A boolean indicating whether WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the WAF console.

AwsWafv2WebAclActionDetails

Description

Specifies the action that Amazon CloudFront or WAF takes when a web request matches the conditions in the rule.

Members
Allow
Type: AwsWafv2ActionAllowDetails structure

Specifies that WAF should allow requests by default.

Block
Type: AwsWafv2ActionBlockDetails structure

Specifies that WAF should block requests by default.

AwsWafv2WebAclCaptchaConfigDetails

Description

Specifies how WAF should handle CAPTCHA evaluations for rules that don't have their own CaptchaConfig settings.

Members
ImmunityTimeProperty

Determines how long a CAPTCHA timestamp in the token remains valid after the client successfully solves a CAPTCHA puzzle.

AwsWafv2WebAclCaptchaConfigImmunityTimePropertyDetails

Description

Used for CAPTCHA and challenge token settings. Determines how long a CAPTCHA or challenge timestamp remains valid after WAF updates it for a successful CAPTCHA or challenge response.

Members
ImmunityTime
Type: long (int|float)

The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by WAF.

AwsWafv2WebAclDetails

Description

Details about an WAFv2 web Access Control List (ACL).

Members
Arn
Type: string

The Amazon Resource Name (ARN) of the web ACL that you want to associate with the resource.

Capacity
Type: long (int|float)

The web ACL capacity units (WCUs) currently being used by this web ACL.

CaptchaConfig

Specifies how WAF should handle CAPTCHA evaluations for rules that don't have their own CaptchaConfig settings.

DefaultAction
Type: AwsWafv2WebAclActionDetails structure

The action to perform if none of the Rules contained in the web ACL match.

Description
Type: string

A description of the web ACL that helps with identification.

Id
Type: string

A unique identifier for the web ACL.

ManagedbyFirewallManager
Type: boolean

Indicates whether this web ACL is managed by Firewall Manager.

Name
Type: string

The name of the web ACL.

Rules
Type: Array of AwsWafv2RulesDetails structures

The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.

VisibilityConfig

Defines and enables Amazon CloudWatch metrics and web request sample collection.

AwsXrayEncryptionConfigDetails

Description

Information about the encryption configuration for X-Ray.

Members
KeyId
Type: string

The identifier of the KMS key that is used for encryption. Provided if Type is KMS.

Status
Type: string

The current status of the encryption configuration. Valid values are ACTIVE or UPDATING.

When Status is equal to UPDATING, X-Ray might use both the old and new encryption.

Type
Type: string

The type of encryption. KMS indicates that the encryption uses KMS keys. NONE indicates the default encryption.

BatchUpdateFindingsUnprocessedFinding

Description

A finding from a BatchUpdateFindings request that Security Hub was unable to update.

Members
ErrorCode
Required: Yes
Type: string

The code associated with the error. Possible values are:

  • ConcurrentUpdateError - Another request attempted to update the finding while this request was being processed. This error may also occur if you call BatchUpdateFindings and BatchImportFindings at the same time.

  • DuplicatedFindingIdentifier - The request included two or more findings with the same FindingIdentifier.

  • FindingNotFound - The FindingIdentifier included in the request did not match an existing finding.

  • FindingSizeExceeded - The finding size was greater than the permissible value of 240 KB.

  • InternalFailure - An internal service failure occurred when updating the finding.

  • InvalidInput - The finding update contained an invalid value that did not satisfy the Amazon Web Services Security Finding Format syntax.

ErrorMessage
Required: Yes
Type: string

The message associated with the error. Possible values are:

  • Concurrent finding updates detected

  • Finding Identifier is duplicated

  • Finding Not Found

  • Finding size exceeded 240 KB

  • Internal service failure

  • Invalid Input

FindingIdentifier
Required: Yes
Type: AwsSecurityFindingIdentifier structure

The identifier of the finding that was not updated.

BooleanConfigurationOptions

Description

The options for customizing a security control parameter with a boolean. For a boolean parameter, the options are true and false.

Members
DefaultValue
Type: boolean

The Security Hub default value for a boolean parameter.

BooleanFilter

Description

Boolean filter for querying findings.

Members
Value
Type: boolean

The value of the boolean.

Cell

Description

An occurrence of sensitive data detected in a Microsoft Excel workbook, comma-separated value (CSV) file, or tab-separated value (TSV) file.

Members
CellReference
Type: string

For a Microsoft Excel workbook, provides the location of the cell, as an absolute cell reference, that contains the data. For example, Sheet2!C5 for cell C5 on Sheet2.

Column
Type: long (int|float)

The column number of the column that contains the data. For a Microsoft Excel workbook, the column number corresponds to the alphabetical column identifiers. For example, a value of 1 for Column corresponds to the A column in the workbook.

ColumnName
Type: string

The name of the column that contains the data.

Row
Type: long (int|float)

The row number of the row that contains the data.

CidrBlockAssociation

Description

An IPv4 CIDR block association.

Members
AssociationId
Type: string

The association ID for the IPv4 CIDR block.

CidrBlock
Type: string

The IPv4 CIDR block.

CidrBlockState
Type: string

Information about the state of the IPv4 CIDR block.

City

Description

Information about a city.

Members
CityName
Type: string

The name of the city.

ClassificationResult

Description

Details about the sensitive data that was detected on the resource.

Members
AdditionalOccurrences
Type: boolean

Indicates whether there are additional occurrences of sensitive data that are not included in the finding. This occurs when the number of occurrences exceeds the maximum that can be included.

CustomDataIdentifiers
Type: CustomDataIdentifiersResult structure

Provides details about sensitive data that was identified based on customer-defined configuration.

MimeType
Type: string

The type of content that the finding applies to.

SensitiveData
Type: Array of SensitiveDataResult structures

Provides details about sensitive data that was identified based on built-in configuration.

SizeClassified
Type: long (int|float)

The total size in bytes of the affected data.

Status
Type: ClassificationStatus structure

The current status of the sensitive data detection.

ClassificationStatus

Description

Provides details about the current status of the sensitive data detection.

Members
Code
Type: string

The code that represents the status of the sensitive data detection.

Reason
Type: string

A longer description of the current status of the sensitive data detection.

CloudWatchLogsLogGroupArnConfigDetails

Description

The Amazon Resource Name (ARN) and other details of the Amazon CloudWatch Logs log group that Amazon Route 53 is publishing logs to.

Members
CloudWatchLogsLogGroupArn
Type: string

The ARN of the CloudWatch Logs log group that Route 53 is publishing logs to.

HostedZoneId
Type: string

The ID of the hosted zone that CloudWatch Logs is logging queries for.

Id
Type: string

The ID for a DNS query logging configuration.

CodeVulnerabilitiesFilePath

Description

Provides details about where a code vulnerability is located in your Lambda function.

Members
EndLine
Type: int

The line number of the last line of code in which the vulnerability is located.

FileName
Type: string

The name of the file in which the code vulnerability is located.

FilePath
Type: string

The file path to the code in which the vulnerability is located.

StartLine
Type: int

The line number of the first line of code in which the vulnerability is located.

Compliance

Description

This object typically provides details about a control finding, such as applicable standards and the status of control checks. While finding providers can add custom content in Compliance object fields, they are typically used to review details of Security Hub control findings.

Members
AssociatedStandards
Type: Array of AssociatedStandard structures

Typically provides an array of enabled security standards in which a security control is currently enabled.

RelatedRequirements
Type: Array of strings

Typically provides the industry or regulatory framework requirements that are related to a control. The check for that control is aligned with these requirements.

Array Members: Maximum number of 32 items.

SecurityControlId
Type: string

Typically provides the unique identifier of a control across standards. For Security Hub controls, this field consists of an Amazon Web Services service and a unique number, such as APIGateway.5.

SecurityControlParameters
Type: Array of SecurityControlParameter structures

Typically an object that includes security control parameter names and values.

Status
Type: string

Typically summarizes the result of a control check.

For Security Hub controls, valid values for Status are as follows.

    • PASSED - Standards check passed for all evaluated resources.

    • WARNING - Some information is missing or this check is not supported for your configuration.

    • FAILED - Standards check failed for at least one evaluated resource.

    • NOT_AVAILABLE - Check could not be performed due to a service outage, API error, or because the result of the Config evaluation was NOT_APPLICABLE. If the Config evaluation result was NOT_APPLICABLE for a Security Hub control, Security Hub automatically archives the finding after 3 days.

StatusReasons
Type: Array of StatusReason structures

Typically used to provide a list of reasons for the value of Status.

ConfigurationOptions

Description

The options for customizing a security control parameter.

Members
Boolean
Type: BooleanConfigurationOptions structure

The options for customizing a security control parameter that is a boolean. For a boolean parameter, the options are true and false.

Double
Type: DoubleConfigurationOptions structure

The options for customizing a security control parameter that is a double.

Enum
Type: EnumConfigurationOptions structure

The options for customizing a security control parameter that is an enum.

EnumList

The options for customizing a security control parameter that is a list of enums.

Integer
Type: IntegerConfigurationOptions structure

The options for customizing a security control parameter that is an integer.

IntegerList

The options for customizing a security control parameter that is a list of integers.

String
Type: StringConfigurationOptions structure

The options for customizing a security control parameter that is a string data type.

StringList

The options for customizing a security control parameter that is a list of strings.

ConfigurationPolicyAssociation

Description

Provides details about the association between an Security Hub configuration and a target account, organizational unit, or the root. An association can exist between a target and a configuration policy, or between a target and self-managed behavior.

Members
Target
Type: Target structure

The target account, organizational unit, or the root.

ConfigurationPolicyAssociationSummary

Description

An object that contains the details of a configuration policy association that’s returned in a ListConfigurationPolicyAssociations request.

Members
AssociationStatus
Type: string

The current status of the association between the specified target and the configuration.

AssociationStatusMessage
Type: string

The explanation for a FAILED value for AssociationStatus.

AssociationType
Type: string

Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

ConfigurationPolicyId
Type: string

The universally unique identifier (UUID) of the configuration policy.

TargetId
Type: string

The identifier of the target account, organizational unit, or the root.

TargetType
Type: string

Specifies whether the target is an Amazon Web Services account, organizational unit, or the root.

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

ConfigurationPolicySummary

Description

An object that contains the details of an Security Hub configuration policy that’s returned in a ListConfigurationPolicies request.

Members
Arn
Type: string

The Amazon Resource Name (ARN) of the configuration policy.

Description
Type: string

The description of the configuration policy.

Id
Type: string

The universally unique identifier (UUID) of the configuration policy.

Name
Type: string

The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, /.

ServiceEnabled
Type: boolean

Indicates whether the service that the configuration policy applies to is enabled in the policy.

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.

ContainerDetails

Description

Container details related to a finding.

Members
ContainerRuntime
Type: string

The runtime of the container.

ImageId
Type: string

The identifier of the container image related to a finding.

ImageName
Type: string

The name of the container image related to a finding.

LaunchedAt
Type: string

Indicates when the container started.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Name
Type: string

The name of the container related to a finding.

Privileged
Type: boolean

When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).

VolumeMounts
Type: Array of VolumeMount structures

Provides information about the mounting of a volume in a container.

Country

Description

Information about a country.

Members
CountryCode
Type: string

The 2-letter ISO 3166 country code for the country.

CountryName
Type: string

The name of the country.

CustomDataIdentifiersDetections

Description

The list of detected instances of sensitive data.

Members
Arn
Type: string

The ARN of the custom identifier that was used to detect the sensitive data.

Count
Type: long (int|float)

The total number of occurrences of sensitive data that were detected.

Name
Type: string

he name of the custom identifier that detected the sensitive data.

Occurrences
Type: Occurrences structure

Details about the sensitive data that was detected.

CustomDataIdentifiersResult

Description

Contains an instance of sensitive data that was detected by a customer-defined identifier.

Members
Detections
Type: Array of CustomDataIdentifiersDetections structures

The list of detected instances of sensitive data.

TotalCount
Type: long (int|float)

The total number of occurrences of sensitive data.

Cvss

Description

CVSS scores from the advisory related to the vulnerability.

Members
Adjustments
Type: Array of Adjustment structures

Adjustments to the CVSS metrics.

BaseScore
Type: double

The base CVSS score.

BaseVector
Type: string

The base scoring vector for the CVSS score.

Source
Type: string

The origin of the original CVSS score and vector.

Version
Type: string

The version of CVSS for the CVSS score.

DataClassificationDetails

Description

Provides details about sensitive data that was detected on a resource.

Members
DetailedResultsLocation
Type: string

The path to the folder or file that contains the sensitive data.

Result
Type: ClassificationResult structure

The details about the sensitive data that was detected on the resource.

DateFilter

Description

A date filter for querying findings.

Members
DateRange
Type: DateRange structure

A date range for the date filter.

End
Type: string

A timestamp that provides the end date for the date filter.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Start
Type: string

A timestamp that provides the start date for the date filter.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

DateRange

Description

A date range for the date filter.

Members
Unit
Type: string

A date range unit for the date filter.

Value
Type: int

A date range value for the date filter.

Detection

Description

A top-level object field that provides details about an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

Members
Sequence
Type: Sequence structure

Provides details about an attack sequence.

DnsRequestAction

Description

Provided if ActionType is DNS_REQUEST. It provides details about the DNS request that was detected.

Members
Blocked
Type: boolean

Indicates whether the DNS request was blocked.

Domain
Type: string

The DNS domain that is associated with the DNS request.

Length Constraints: 128.

Protocol
Type: string

The protocol that was used for the DNS request.

Length Constraints: Minimum length of 1. Maximum length of 64.

DoubleConfigurationOptions

Description

The options for customizing a security control parameter that is a double.

Members
DefaultValue
Type: double

The Security Hub default value for a control parameter that is a double.

Max
Type: double

The maximum valid value for a control parameter that is a double.

Min
Type: double

The minimum valid value for a control parameter that is a double.

EnumConfigurationOptions

Description

The options for customizing a security control parameter that is an enum.

Members
AllowedValues
Type: Array of strings

The valid values for a control parameter that is an enum.

DefaultValue
Type: string

The Security Hub default value for a control parameter that is an enum.

EnumListConfigurationOptions

Description

The options for customizing a security control parameter that is a list of enums.

Members
AllowedValues
Type: Array of strings

The valid values for a control parameter that is a list of enums.

DefaultValue
Type: Array of strings

The Security Hub default value for a control parameter that is a list of enums.

MaxItems
Type: int

The maximum number of list items that an enum list control parameter can accept.

FilePaths

Description

Provides information about the file paths that were affected by the threat.

Members
FileName
Type: string

The name of the infected or suspicious file corresponding to the hash.

Length Constraints: Minimum of 1 length. Maximum of 128 length.

FilePath
Type: string

Path to the infected or suspicious file on the resource it was detected on.

Length Constraints: Minimum of 1 length. Maximum of 128 length.

Hash
Type: string

The hash value for the infected or suspicious file.

Length Constraints: Minimum of 1 length. Maximum of 128 length.

ResourceId
Type: string

The Amazon Resource Name (ARN) of the resource on which the threat was detected.

Length Constraints: Minimum of 1 length. Maximum of 128 length.

FindingAggregator

Description

A finding aggregator is a Security Hub resource that specifies cross-Region aggregation settings, including the home Region and any linked Regions.

Members
FindingAggregatorArn
Type: string

The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and delete the finding aggregator.

FindingHistoryRecord

Description

A list of events that changed the specified finding during the specified time period. Each record represents a single finding change event.

Members
FindingCreated
Type: boolean

Identifies whether the event marks the creation of a new finding. A value of True means that the finding is newly created. A value of False means that the finding isn’t newly created.

FindingIdentifier

Identifies which finding to get the finding history for.

NextToken
Type: string

A token for pagination purposes. Provide this token in the subsequent request to GetFindingsHistory to get up to an additional 100 results of history for the same finding that you specified in your initial request.

UpdateSource
Type: FindingHistoryUpdateSource structure

Identifies the source of the event that changed the finding. For example, an integrated Amazon Web Services service or third-party partner integration may call BatchImportFindings , or an Security Hub customer may call BatchUpdateFindings .

UpdateTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp that indicates when Security Hub processed the updated finding record.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Updates
Type: Array of FindingHistoryUpdate structures

An array of objects that provides details about the finding change event, including the Amazon Web Services Security Finding Format (ASFF) field that changed, the value of the field before the change, and the value of the field after the change.

FindingHistoryUpdate

Description

An array of objects that provides details about a change to a finding, including the Amazon Web Services Security Finding Format (ASFF) field that changed, the value of the field before the change, and the value of the field after the change.

Members
NewValue
Type: string

The value of the ASFF field after the finding change event. To preserve storage and readability, Security Hub omits this value if FindingHistoryRecord exceeds database limits.

OldValue
Type: string

The value of the ASFF field before the finding change event.

UpdatedField
Type: string

The ASFF field that changed during the finding change event.

FindingHistoryUpdateSource

Description

Identifies the source of the finding change event.

Members
Identity
Type: string

The identity of the source that initiated the finding change event. For example, the Amazon Resource Name (ARN) of a partner that calls BatchImportFindings or of a customer that calls BatchUpdateFindings.

Type
Type: string

Describes the type of finding change event, such as a call to BatchImportFindings (by an integrated Amazon Web Services service or third party partner integration) or BatchUpdateFindings (by a Security Hub customer).

FindingProviderFields

Description

In a BatchImportFindings request, finding providers use FindingProviderFields to provide and update values for the following fields:

  • Confidence

  • Criticality

  • RelatedFindings

  • Severity

  • Types

The preceding fields are nested under the FindingProviderFields object, but also have analogues of the same name as top-level ASFF fields. When a new finding is sent to Security Hub by a finding provider, Security Hub populates the FindingProviderFields object automatically, if it is empty, based on the corresponding top-level fields.

Finding providers can update FindingProviderFields only by using the BatchImportFindings operation. Finding providers can't update this object with the BatchUpdateFindings operation. Customers can update the top-level fields by using the BatchUpdateFindings operation. Customers can't update FindingProviderFields.

For information about how Security Hub handles updates from BatchImportFindings to FindingProviderFields and to the corresponding top-level attributes, see Using FindingProviderFields in the Security Hub User Guide.

Members
Confidence
Type: int

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

Criticality
Type: int

The level of importance assigned to the resources associated with the finding.

A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

RelatedFindings
Type: Array of RelatedFinding structures

A list of findings that are related to the current finding.

Severity
Type: FindingProviderSeverity structure

The severity of a finding.

Types
Type: Array of strings

One or more finding types in the format of namespace/category/classifier that classify a finding.

Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

FindingProviderSeverity

Description

The severity assigned to a finding by the finding provider. This object may include one or more of the following attributes:

  • Label

  • Normalized

  • Original

  • Product

If a BatchImportFindings request for a new finding only provides Label or only provides Normalized, Security Hub automatically populates the value of the other field.

The Normalized and Product attributes are included in the FindingProviderSeverity structure to preserve the historical information associated with the finding, even if the top-level Severity object is later modified using the BatchUpdateFindings operation.

If the top-level Finding.Severity object is present, but Finding.FindingProviderFields isn't present, Security Hub creates the FindingProviderFields.Severity object and copies the entire Finding.Severity object into it. This ensures that the original, provider-supplied details are retained within the FindingProviderFields.Severity object, even if the top-level Severity object is overwritten.

Members
Label
Type: string

The severity label assigned to the finding by the finding provider.

Original
Type: string

The finding provider's original value for the severity.

Length Constraints: Minimum length of 1. Maximum length of 64.

FirewallPolicyDetails

Description

Defines the behavior of the firewall.

Members
StatefulRuleGroupReferences

The stateful rule groups that are used in the firewall policy.

StatelessCustomActions

The custom action definitions that are available to use in the firewall policy's StatelessDefaultActions setting.

StatelessDefaultActions
Type: Array of strings

The actions to take on a packet if it doesn't match any of the stateless rules in the policy.

You must specify a standard action (aws:pass, aws:drop, aws:forward_to_sfe), and can optionally include a custom action from StatelessCustomActions.

StatelessFragmentDefaultActions
Type: Array of strings

The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.

You must specify a standard action (aws:pass, aws:drop, aws:forward_to_sfe), and can optionally include a custom action from StatelessCustomActions.

StatelessRuleGroupReferences

The stateless rule groups that are used in the firewall policy.

FirewallPolicyStatefulRuleGroupReferencesDetails

Description

A stateful rule group that is used by the firewall policy.

Members
ResourceArn
Type: string

The ARN of the stateful rule group.

FirewallPolicyStatelessCustomActionsDetails

Description

A custom action that can be used for stateless packet handling.

Members
ActionDefinition

The definition of the custom action.

ActionName
Type: string

The name of the custom action.

FirewallPolicyStatelessRuleGroupReferencesDetails

Description

A stateless rule group that is used by the firewall policy.

Members
Priority
Type: int

The order in which to run the stateless rule group.

ResourceArn
Type: string

The ARN of the stateless rule group.

GeneratorDetails

Description

Provides metadata for the Amazon CodeGuru detector associated with a finding. This field pertains to findings that relate to Lambda functions. Amazon Inspector identifies policy violations and vulnerabilities in Lambda function code based on internal detectors developed in collaboration with Amazon CodeGuru. Security Hub receives those findings.

Members
Description
Type: string

The description of the detector used to identify the code vulnerability.

Labels
Type: Array of strings

An array of tags used to identify the detector associated with the finding.

Array Members: Minimum number of 0 items. Maximum number of 10 items.

Name
Type: string

The name of the detector used to identify the code vulnerability.

GeoLocation

Description

Provides the latitude and longitude coordinates of a location.

Members
Lat
Type: double

The latitude of the location.

Lon
Type: double

The longitude of the location.

IcmpTypeCode

Description

An Internet Control Message Protocol (ICMP) type and code.

Members
Code
Type: int

The ICMP code for which to deny or allow access. To deny or allow all codes, use the value -1.

Type
Type: int

The ICMP type for which to deny or allow access. To deny or allow all types, use the value -1.

ImportFindingsError

Description

The list of the findings that cannot be imported. For each finding, the list provides the error.

Members
ErrorCode
Required: Yes
Type: string

The code of the error returned by the BatchImportFindings operation.

ErrorMessage
Required: Yes
Type: string

The message of the error returned by the BatchImportFindings operation.

Id
Required: Yes
Type: string

The identifier of the finding that could not be updated.

Indicator

Description

Contains information about the indicators observed in an Amazon GuardDuty Extended Threat Detection attack sequence. Indicators include a set of signals, which can be API activities or findings that GuardDuty uses to detect an attack sequence finding. GuardDuty generates an attack sequence finding when multiple signals align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty and GuardDuty S3 Protection enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

Members
Key
Type: string

The name of the indicator that’s present in the attack sequence finding.

Title
Type: string

The title describing the indicator.

Type
Type: string

The type of indicator.

Values
Type: Array of strings

Values associated with each indicator key. For example, if the indicator key is SUSPICIOUS_NETWORK, then the value will be the name of the network. If the indicator key is ATTACK_TACTIC, then the value will be one of the MITRE tactics.

Insight

Description

Contains information about a Security Hub insight.

Members
Filters
Required: Yes
Type: AwsSecurityFindingFilters structure

One or more attributes used to filter the findings included in the insight. You can filter by up to ten finding attributes. For each attribute, you can provide up to 20 filter values. The insight only includes findings that match the criteria defined in the filters.

GroupByAttribute
Required: Yes
Type: string

The grouping attribute for the insight's findings. Indicates how to group the matching findings, and identifies the type of item that the insight applies to. For example, if an insight is grouped by resource identifier, then the insight produces a list of resource identifiers.

InsightArn
Required: Yes
Type: string

The ARN of a Security Hub insight.

Name
Required: Yes
Type: string

The name of a Security Hub insight.

InsightResultValue

Description

The insight result values returned by the GetInsightResults operation.

Members
Count
Required: Yes
Type: int

The number of findings returned for each GroupByAttributeValue.

GroupByAttributeValue
Required: Yes
Type: string

The value of the attribute that the findings are grouped by for the insight whose results are returned by the GetInsightResults operation.

InsightResults

Description

The insight results returned by the GetInsightResults operation.

Members
GroupByAttribute
Required: Yes
Type: string

The attribute that the findings are grouped by for the insight whose results are returned by the GetInsightResults operation.

InsightArn
Required: Yes
Type: string

The ARN of the insight whose results are returned by the GetInsightResults operation.

ResultValues
Required: Yes
Type: Array of InsightResultValue structures

The list of insight result values returned by the GetInsightResults operation.

IntegerConfigurationOptions

Description

The options for customizing a security control parameter that is an integer.

Members
DefaultValue
Type: int

The Security Hub default value for a control parameter that is an integer.

Max
Type: int

The maximum valid value for a control parameter that is an integer.

Min
Type: int

The minimum valid value for a control parameter that is an integer.

IntegerListConfigurationOptions

Description

The options for customizing a security control parameter that is a list of integers.

Members
DefaultValue
Type: Array of ints

The Security Hub default value for a control parameter that is a list of integers.

Max
Type: int

The maximum valid value for a control parameter that is a list of integers.

MaxItems
Type: int

The maximum number of list items that an interger list control parameter can accept.

Min
Type: int

The minimum valid value for a control parameter that is a list of integers.

InternalException

Description

Internal server error.

Members
Code
Type: string
Message
Type: string

InvalidAccessException

Description

The account doesn't have permission to perform this action.

Members
Code
Type: string
Message
Type: string

InvalidInputException

Description

The request was rejected because you supplied an invalid or out-of-range value for an input parameter.

Members
Code
Type: string
Message
Type: string

Invitation

Description

Details about an invitation.

Members
AccountId
Type: string

The account ID of the Security Hub administrator account that the invitation was sent from.

InvitationId
Type: string

The ID of the invitation sent to the member account.

InvitedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The timestamp of when the invitation was sent.

MemberStatus
Type: string

The current status of the association between the member and administrator accounts.

IpFilter

Description

The IP filter for querying findings.

Members
Cidr
Type: string

A finding's CIDR value.

IpOrganizationDetails

Description

Provides information about an internet provider.

Members
Asn
Type: int

The Autonomous System Number (ASN) of the internet provider

AsnOrg
Type: string

The name of the organization that registered the ASN.

Isp
Type: string

The ISP information for the internet provider.

Org
Type: string

The name of the internet provider.

Ipv6CidrBlockAssociation

Description

An IPV6 CIDR block association.

Members
AssociationId
Type: string

The association ID for the IPv6 CIDR block.

CidrBlockState
Type: string

Information about the state of the CIDR block. Valid values are as follows:

  • associating

  • associated

  • disassociating

  • disassociated

  • failed

  • failing

Ipv6CidrBlock
Type: string

The IPv6 CIDR block.

KeywordFilter

Description

A keyword filter for querying findings.

Members
Value
Type: string

A value for the keyword.

LimitExceededException

Description

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account or throttling limits. The error code describes the limit exceeded.

Members
Code
Type: string
Message
Type: string

LoadBalancerState

Description

Information about the state of the load balancer.

Members
Code
Type: string

The state code. The initial state of the load balancer is provisioning.

After the load balancer is fully set up and ready to route traffic, its state is active.

If the load balancer could not be set up, its state is failed.

Reason
Type: string

A description of the state.

Malware

Description

A list of malware related to a finding.

Members
Name
Required: Yes
Type: string

The name of the malware that was observed.

Length Constraints: Minimum of 1. Maximum of 64.

Path
Type: string

The file system path of the malware that was observed.

Length Constraints: Minimum of 1. Maximum of 512.

State
Type: string

The state of the malware that was observed.

Type
Type: string

The type of the malware that was observed.

MapFilter

Description

A map filter for filtering Security Hub findings. Each map filter provides the field to check for, the value to check for, and the comparison operator.

Members
Comparison
Type: string

The condition to apply to the key value when filtering Security Hub findings with a map filter.

To search for values that have the filter value, use one of the following comparison operators:

  • To search for values that include the filter value, use CONTAINS. For example, for the ResourceTags field, the filter Department CONTAINS Security matches findings that include the value Security for the Department tag. In the same example, a finding with a value of Security team for the Department tag is a match.

  • To search for values that exactly match the filter value, use EQUALS. For example, for the ResourceTags field, the filter Department EQUALS Security matches findings that have the value Security for the Department tag.

CONTAINS and EQUALS filters on the same field are joined by OR. A finding matches if it matches any one of those filters. For example, the filters Department CONTAINS Security OR Department CONTAINS Finance match a finding that includes either Security, Finance, or both values.

To search for values that don't have the filter value, use one of the following comparison operators:

  • To search for values that exclude the filter value, use NOT_CONTAINS. For example, for the ResourceTags field, the filter Department NOT_CONTAINS Finance matches findings that exclude the value Finance for the Department tag.

  • To search for values other than the filter value, use NOT_EQUALS. For example, for the ResourceTags field, the filter Department NOT_EQUALS Finance matches findings that don’t have the value Finance for the Department tag.

NOT_CONTAINS and NOT_EQUALS filters on the same field are joined by AND. A finding matches only if it matches all of those filters. For example, the filters Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance match a finding that excludes both the Security and Finance values.

CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can’t have both an EQUALS filter and a NOT_EQUALS filter on the same field. Combining filters in this way returns an error.

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the Security Hub User Guide.

Key
Type: string

The key of the map filter. For example, for ResourceTags, Key identifies the name of the tag. For UserDefinedFields, Key is the name of the field.

Value
Type: string

The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called Department might be Security. If you provide security as the filter value, then there's no match.

Member

Description

The details about a member account.

Members
AccountId
Type: string

The Amazon Web Services account ID of the member account.

AdministratorId
Type: string

The Amazon Web Services account ID of the Security Hub administrator account associated with this member account.

Email
Type: string

The email address of the member account.

InvitedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

A timestamp for the date and time when the invitation was sent to the member account.

MasterId
Type: string

This is replaced by AdministratorID.

The Amazon Web Services account ID of the Security Hub administrator account associated with this member account.

MemberStatus
Type: string

The status of the relationship between the member account and its administrator account.

The status can have one of the following values:

  • Created - Indicates that the administrator account added the member account, but has not yet invited the member account.

  • Invited - Indicates that the administrator account invited the member account. The member account has not yet responded to the invitation.

  • Enabled - Indicates that the member account is currently active. For manually invited member accounts, indicates that the member account accepted the invitation.

  • Removed - Indicates that the administrator account disassociated the member account.

  • Resigned - Indicates that the member account disassociated themselves from the administrator account.

  • Deleted - Indicates that the administrator account deleted the member account.

  • AccountSuspended - Indicates that an organization account was suspended from Amazon Web Services at the same time that the administrator account tried to enable the organization account as a member account.

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The timestamp for the date and time when the member account was updated.

Network

Description

The details of network-related information about a finding.

Members
DestinationDomain
Type: string

The destination domain of network-related information about a finding.

Length Constraints: Minimum of 1. Maximum of 128.

DestinationIpV4
Type: string

The destination IPv4 address of network-related information about a finding.

DestinationIpV6
Type: string

The destination IPv6 address of network-related information about a finding.

DestinationPort
Type: int

The destination port of network-related information about a finding.

Direction
Type: string

The direction of network traffic associated with a finding.

OpenPortRange
Type: PortRange structure

The range of open ports that is present on the network.

Protocol
Type: string

The protocol of network-related information about a finding.

Length Constraints: Minimum of 1. Maximum of 16.

SourceDomain
Type: string

The source domain of network-related information about a finding.

Length Constraints: Minimum of 1. Maximum of 128.

SourceIpV4
Type: string

The source IPv4 address of network-related information about a finding.

SourceIpV6
Type: string

The source IPv6 address of network-related information about a finding.

SourceMac
Type: string

The source media access control (MAC) address of network-related information about a finding.

SourcePort
Type: int

The source port of network-related information about a finding.

NetworkAutonomousSystem

Description

Contains information about the Autonomous System (AS) of the network endpoints involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

Members
Name
Type: string

The name associated with the AS.

Number
Type: int

The unique number that identifies the AS.

NetworkConnection

Description

Contains information about the network connection involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

Members
Direction
Type: string

The direction in which the network traffic is flowing.

NetworkConnectionAction

Description

Provided if ActionType is NETWORK_CONNECTION. It provides details about the attempted network connection that was detected.

Members
Blocked
Type: boolean

Indicates whether the network connection attempt was blocked.

ConnectionDirection
Type: string

The direction of the network connection request (IN or OUT).

LocalPortDetails
Type: ActionLocalPortDetails structure

Information about the port on the EC2 instance.

Protocol
Type: string

The protocol used to make the network connection request.

Length Constraints: Minimum length of 1. Maximum length of 64.

RemoteIpDetails
Type: ActionRemoteIpDetails structure

Information about the remote IP address that issued the network connection request.

RemotePortDetails
Type: ActionRemotePortDetails structure

Information about the port on the remote IP address.

NetworkEndpoint

Description

Contains information about network endpoints involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

This field can provide information about the network endpoints associated with the resource in the attack sequence finding, or about a specific network endpoint used for the attack.

Members
AutonomousSystem
Type: NetworkAutonomousSystem structure

The Autonomous System Number (ASN) of the network endpoint.

Connection
Type: NetworkConnection structure

Information about the network connection.

Domain
Type: string

The domain information for the network endpoint.

Id
Type: string

The identifier of the network endpoint involved in the attack sequence.

Ip
Type: string

The IP address used in the network endpoint.

Location
Type: NetworkGeoLocation structure

Information about the location of the network endpoint.

Port
Type: int

The port number associated with the network endpoint.

NetworkGeoLocation

Description

Contains information about the location of a network endpoint involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

Members
City
Type: string

The name of the city.

Country
Type: string

The name of the country.

Lat
Type: double

The latitude information of the endpoint location.

Lon
Type: double

The longitude information of the endpoint location.

NetworkHeader

Description

Details about a network path component that occurs before or after the current component.

Members
Destination
Type: NetworkPathComponentDetails structure

Information about the destination of the component.

Protocol
Type: string

The protocol used for the component.

Length Constraints: Minimum of 1. Maximum of 16.

Source
Type: NetworkPathComponentDetails structure

Information about the origin of the component.

NetworkPathComponent

Description

Information about a network path component.

Members
ComponentId
Type: string

The identifier of a component in the network path.

Length Constraints: Minimum of 1. Maximum of 32.

ComponentType
Type: string

The type of component.

Length Constraints: Minimum of 1. Maximum of 32.

Egress
Type: NetworkHeader structure

Information about the component that comes after the current component in the network path.

Ingress
Type: NetworkHeader structure

Information about the component that comes before the current node in the network path.

NetworkPathComponentDetails

Description

Information about the destination of the next component in the network path.

Members
Address
Type: Array of strings

The IP addresses of the destination.

PortRanges
Type: Array of PortRange structures

A list of port ranges for the destination.

Note

Description

A user-defined note added to a finding.

Members
Text
Required: Yes
Type: string

The text of a note.

Length Constraints: Minimum of 1. Maximum of 512.

UpdatedAt
Required: Yes
Type: string

A timestamp that indicates when the note was updated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

UpdatedBy
Required: Yes
Type: string

The principal that created a note.

NoteUpdate

Description

The updated note.

Members
Text
Required: Yes
Type: string

The updated note text.

UpdatedBy
Required: Yes
Type: string

The principal that updated the note.

NumberFilter

Description

A number filter for querying findings.

Members
Eq
Type: double

The equal-to condition to be applied to a single field when querying for findings.

Gt
Type: double

The greater-than condition to be applied to a single field when querying for findings.

Gte
Type: double

The greater-than-equal condition to be applied to a single field when querying for findings.

Lt
Type: double

The less-than condition to be applied to a single field when querying for findings.

Lte
Type: double

The less-than-equal condition to be applied to a single field when querying for findings.

Occurrences

Description

The detected occurrences of sensitive data.

Members
Cells
Type: Array of Cell structures

Occurrences of sensitive data detected in Microsoft Excel workbooks, comma-separated value (CSV) files, or tab-separated value (TSV) files.

LineRanges
Type: Array of Range structures

Occurrences of sensitive data detected in a non-binary text file or a Microsoft Word file. Non-binary text files include files such as HTML, XML, JSON, and TXT files.

OffsetRanges
Type: Array of Range structures

Occurrences of sensitive data detected in a binary text file.

Pages
Type: Array of Page structures

Occurrences of sensitive data in an Adobe Portable Document Format (PDF) file.

Records
Type: Array of Record structures

Occurrences of sensitive data in an Apache Avro object container or an Apache Parquet file.

OrganizationConfiguration

Description

Provides information about the way an organization is configured in Security Hub.

Members
ConfigurationType
Type: string

Indicates whether the organization uses local or central configuration.

If you use local configuration, the Security Hub delegated administrator can set AutoEnable to true and AutoEnableStandards to DEFAULT. This automatically enables Security Hub and default security standards in new organization accounts. These new account settings must be set separately in each Amazon Web Services Region, and settings may be different in each Region.

If you use central configuration, the delegated administrator can create configuration policies. Configuration policies can be used to configure Security Hub, security standards, and security controls in multiple accounts and Regions. If you want new organization accounts to use a specific configuration, you can create a configuration policy and associate it with the root or specific organizational units (OUs). New accounts will inherit the policy from the root or their assigned OU.

Status
Type: string

Describes whether central configuration could be enabled as the ConfigurationType for the organization. If your ConfigurationType is local configuration, then the value of Status is always ENABLED.

StatusMessage
Type: string

Provides an explanation if the value of Status is equal to FAILED when ConfigurationType is equal to CENTRAL.

Page

Description

An occurrence of sensitive data in an Adobe Portable Document Format (PDF) file.

Members
LineRange
Type: Range structure

An occurrence of sensitive data detected in a non-binary text file or a Microsoft Word file. Non-binary text files include files such as HTML, XML, JSON, and TXT files.

OffsetRange
Type: Range structure

An occurrence of sensitive data detected in a binary text file.

PageNumber
Type: long (int|float)

The page number of the page that contains the sensitive data.

ParameterConfiguration

Description

An object that provides the current value of a security control parameter and identifies whether it has been customized.

Members
Value
Type: ParameterValue structure

The current value of a control parameter.

ValueType
Required: Yes
Type: string

Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior.

When ValueType is set equal to DEFAULT, the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ValueType is set equal to DEFAULT, Security Hub ignores user-provided input for the Value field.

When ValueType is set equal to CUSTOM, the Value field can't be empty.

ParameterDefinition

Description

An object that describes a security control parameter and the options for customizing it.

Members
ConfigurationOptions
Required: Yes
Type: ConfigurationOptions structure

The options for customizing a control parameter. Customization options vary based on the data type of the parameter.

Description
Required: Yes
Type: string

Description of a control parameter.

ParameterValue

Description

An object that includes the data type of a security control parameter and its current value.

Members
Boolean
Type: boolean

A control parameter that is a boolean.

Double
Type: double

A control parameter that is a double.

Enum
Type: string

A control parameter that is an enum.

EnumList
Type: Array of strings

A control parameter that is a list of enums.

Integer
Type: int

A control parameter that is an integer.

IntegerList
Type: Array of ints

A control parameter that is a list of integers.

String
Type: string

A control parameter that is a string.

StringList
Type: Array of strings

A control parameter that is a list of strings.

PatchSummary

Description

Provides an overview of the patch compliance status for an instance against a selected compliance standard.

Members
FailedCount
Type: int

The number of patches from the compliance standard that failed to install.

The value can be an integer from 0 to 100000.

Id
Required: Yes
Type: string

The identifier of the compliance standard that was used to determine the patch compliance status.

Length Constraints: Minimum length of 1. Maximum length of 256.

InstalledCount
Type: int

The number of patches from the compliance standard that were installed successfully.

The value can be an integer from 0 to 100000.

InstalledOtherCount
Type: int

The number of installed patches that are not part of the compliance standard.

The value can be an integer from 0 to 100000.

InstalledPendingReboot
Type: int

The number of patches that were applied, but that require the instance to be rebooted in order to be marked as installed.

The value can be an integer from 0 to 100000.

InstalledRejectedCount
Type: int

The number of patches that are installed but are also on a list of patches that the customer rejected.

The value can be an integer from 0 to 100000.

MissingCount
Type: int

The number of patches that are part of the compliance standard but are not installed. The count includes patches that failed to install.

The value can be an integer from 0 to 100000.

Operation
Type: string

The type of patch operation performed. For Patch Manager, the values are SCAN and INSTALL.

Length Constraints: Minimum length of 1. Maximum length of 256.

OperationEndTime
Type: string

Indicates when the operation completed.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

OperationStartTime
Type: string

Indicates when the operation started.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

RebootOption
Type: string

The reboot option specified for the instance.

Length Constraints: Minimum length of 1. Maximum length of 256.

Policy

Description

An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

Members
SecurityHub
Type: SecurityHubPolicy structure

The Amazon Web Services service that the configuration policy applies to.

PortProbeAction

Description

Provided if ActionType is PORT_PROBE. It provides details about the attempted port probe that was detected.

Members
Blocked
Type: boolean

Indicates whether the port probe was blocked.

PortProbeDetails
Type: Array of PortProbeDetail structures

Information about the ports affected by the port probe.

PortProbeDetail

Description

A port scan that was part of the port probe. For each scan, PortProbeDetails provides information about the local IP address and port that were scanned, and the remote IP address that the scan originated from.

Members
LocalIpDetails
Type: ActionLocalIpDetails structure

Provides information about the IP address where the scanned port is located.

LocalPortDetails
Type: ActionLocalPortDetails structure

Provides information about the port that was scanned.

RemoteIpDetails
Type: ActionRemoteIpDetails structure

Provides information about the remote IP address that performed the scan.

PortRange

Description

A range of ports.

Members
Begin
Type: int

The first port in the port range.

End
Type: int

The last port in the port range.

PortRangeFromTo

Description

A range of ports.

Members
From
Type: int

The first port in the port range.

To
Type: int

The last port in the port range.

ProcessDetails

Description

The details of process-related information about a finding.

Members
LaunchedAt
Type: string

Indicates when the process was launched.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Name
Type: string

The name of the process.

Length Constraints: Minimum of 1. Maximum of 64.

ParentPid
Type: int

The parent process ID. This field accepts positive integers between O and 2147483647.

Path
Type: string

The path to the process executable.

Length Constraints: Minimum of 1. Maximum of 512.

Pid
Type: int

The process ID.

TerminatedAt
Type: string

Indicates when the process was terminated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Product

Description

Contains details about a product.

Members
ActivationUrl
Type: string

The URL to the service or product documentation about the integration with Security Hub, including how to activate the integration.

Categories
Type: Array of strings

The categories assigned to the product.

CompanyName
Type: string

The name of the company that provides the product.

Description
Type: string

A description of the product.

IntegrationTypes
Type: Array of strings

The types of integration that the product supports. Available values are the following.

  • SEND_FINDINGS_TO_SECURITY_HUB - The integration sends findings to Security Hub.

  • RECEIVE_FINDINGS_FROM_SECURITY_HUB - The integration receives findings from Security Hub.

  • UPDATE_FINDINGS_IN_SECURITY_HUB - The integration does not send new findings to Security Hub, but does make updates to the findings that it receives from Security Hub.

MarketplaceUrl
Type: string

For integrations with Amazon Web Services services, the Amazon Web Services Console URL from which to activate the service.

For integrations with third-party products, the Amazon Web Services Marketplace URL from which to subscribe to or purchase the product.

ProductArn
Required: Yes
Type: string

The ARN assigned to the product.

ProductName
Type: string

The name of the product.

ProductSubscriptionResourcePolicy
Type: string

The resource policy associated with the product.

PropagatingVgwSetDetails

Description

Describes a virtual private gateway propagating route.

Members
GatewayId
Type: string

The ID of the virtual private gateway.

Range

Description

Identifies where the sensitive data begins and ends.

Members
End
Type: long (int|float)

The number of lines (for a line range) or characters (for an offset range) from the beginning of the file to the end of the sensitive data.

Start
Type: long (int|float)

The number of lines (for a line range) or characters (for an offset range) from the beginning of the file to the end of the sensitive data.

StartColumn
Type: long (int|float)

In the line where the sensitive data starts, the column within the line where the sensitive data starts.

Recommendation

Description

A recommendation on how to remediate the issue identified in a finding.

Members
Text
Type: string

Describes the recommended steps to take to remediate an issue identified in a finding.

Length Constraints: Minimum of 1 length. Maximum of 512 length.

Url
Type: string

A URL to a page or site that contains information about how to remediate a finding.

Record

Description

An occurrence of sensitive data in an Apache Avro object container or an Apache Parquet file.

Members
JsonPath
Type: string

The path, as a JSONPath expression, to the field in the record that contains the data. If the field name is longer than 20 characters, it is truncated. If the path is longer than 250 characters, it is truncated.

RecordIndex
Type: long (int|float)

The record index, starting from 0, for the record that contains the data.

RelatedFinding

Description

Details about a related finding.

Members
Id
Required: Yes
Type: string

The product-generated identifier for a related finding.

ProductArn
Required: Yes
Type: string

The ARN of the product that generated a related finding.

Remediation

Description

Details about the remediation steps for a finding.

Members
Recommendation
Type: Recommendation structure

A recommendation on the steps to take to remediate the issue identified by a finding.

Resource

Description

A resource related to a finding.

Members
ApplicationArn
Type: string

The Amazon Resource Name (ARN) of the application that is related to a finding.

ApplicationName
Type: string

The name of the application that is related to a finding.

DataClassification
Type: DataClassificationDetails structure

Contains information about sensitive data that was detected on the resource.

Details
Type: ResourceDetails structure

Additional details about the resource related to a finding.

Id
Required: Yes
Type: string

The canonical identifier for the given resource type.

Partition
Type: string

The canonical Amazon Web Services partition name that the Region is assigned to.

Region
Type: string

The canonical Amazon Web Services external Region name where this resource is located.

Length Constraints: Minimum length of 1. Maximum length of 16.

ResourceRole
Type: string

Identifies the role of the resource in the finding. A resource is either the actor or target of the finding activity,

Tags
Type: Associative array of custom strings keys (NonEmptyString) to strings

A list of Amazon Web Services tags associated with a resource at the time the finding was processed. Tags must follow Amazon Web Services tag naming limits and requirements.

Type
Required: Yes
Type: string

The type of the resource that details are provided for. If possible, set Type to one of the supported resource types. For example, if the resource is an EC2 instance, then set Type to AwsEc2Instance.

If the resource does not match any of the provided types, then set Type to Other.

Length Constraints: Minimum length of 1. Maximum length of 256.

ResourceConflictException

Description

The resource specified in the request conflicts with an existing resource.

Members
Code
Type: string
Message
Type: string

ResourceDetails

Description

Additional details about a resource related to a finding.

To provide the details, use the object that corresponds to the resource type. For example, if the resource type is AwsEc2Instance, then you use the AwsEc2Instance object to provide the details.

If the type-specific object does not contain all of the fields you want to populate, then you use the Other object to populate those additional fields.

You also use the Other object to populate the details when the selected type does not have a corresponding object.

Members
AwsAmazonMqBroker
Type: AwsAmazonMqBrokerDetails structure

Provides details about AppSync message broker. A message broker allows software applications and components to communicate using various programming languages, operating systems, and formal messaging protocols.

AwsApiGatewayRestApi
Type: AwsApiGatewayRestApiDetails structure

Provides information about a REST API in version 1 of Amazon API Gateway.

AwsApiGatewayStage
Type: AwsApiGatewayStageDetails structure

Provides information about a version 1 Amazon API Gateway stage.

AwsApiGatewayV2Api
Type: AwsApiGatewayV2ApiDetails structure

Provides information about a version 2 API in Amazon API Gateway.

AwsApiGatewayV2Stage
Type: AwsApiGatewayV2StageDetails structure

Provides information about a version 2 stage for Amazon API Gateway.

AwsAppSyncGraphQlApi
Type: AwsAppSyncGraphQlApiDetails structure

Provides details about an AppSync Graph QL API, which lets you query multiple databases, microservices, and APIs from a single GraphQL endpoint.

AwsAthenaWorkGroup
Type: AwsAthenaWorkGroupDetails structure

Provides information about an Amazon Athena workgroup. A workgroup helps you separate users, teams, applications, or workloads. It also helps you set limits on data processing and track costs.

AwsAutoScalingAutoScalingGroup

Details for an autoscaling group.

AwsAutoScalingLaunchConfiguration

Provides details about a launch configuration.

AwsBackupBackupPlan
Type: AwsBackupBackupPlanDetails structure

Provides details about an Backup backup plan.

AwsBackupBackupVault
Type: AwsBackupBackupVaultDetails structure

Provides details about an Backup backup vault.

AwsBackupRecoveryPoint

Provides details about an Backup backup, or recovery point.

AwsCertificateManagerCertificate

Provides details about an Certificate Manager certificate.

AwsCloudFormationStack

Details about an CloudFormation stack. A stack is a collection of Amazon Web Services resources that you can manage as a single unit.

AwsCloudFrontDistribution

Details about a CloudFront distribution.

AwsCloudTrailTrail
Type: AwsCloudTrailTrailDetails structure

Provides details about a CloudTrail trail.

AwsCloudWatchAlarm
Type: AwsCloudWatchAlarmDetails structure

Details about an Amazon CloudWatch alarm. An alarm allows you to monitor and receive alerts about your Amazon Web Services resources and applications across multiple Regions.

AwsCodeBuildProject
Type: AwsCodeBuildProjectDetails structure

Details for an CodeBuild project.

AwsDmsEndpoint
Type: AwsDmsEndpointDetails structure

Provides details about an Database Migration Service (DMS) endpoint. An endpoint provides connection, data store type, and location information about your data store.

AwsDmsReplicationInstance

Provides details about an DMS replication instance. DMS uses a replication instance to connect to your source data store, read the source data, and format the data for consumption by the target data store.

AwsDmsReplicationTask

Provides details about an DMS replication task. A replication task moves a set of data from the source endpoint to the target endpoint.

AwsDynamoDbTable
Type: AwsDynamoDbTableDetails structure

Details about a DynamoDB table.

AwsEc2ClientVpnEndpoint

Provides details about an Client VPN endpoint. A Client VPN endpoint is the resource that you create and configure to enable and manage client VPN sessions. It's the termination point for all client VPN sessions.

AwsEc2Eip
Type: AwsEc2EipDetails structure

Details about an Elastic IP address.

AwsEc2Instance
Type: AwsEc2InstanceDetails structure

Details about an EC2 instance related to a finding.

AwsEc2LaunchTemplate
Type: AwsEc2LaunchTemplateDetails structure

Specifies the properties for creating an Amazon Elastic Compute Cloud (Amazon EC2) launch template.

AwsEc2NetworkAcl
Type: AwsEc2NetworkAclDetails structure

Details about an EC2 network access control list (ACL).

AwsEc2NetworkInterface

Details for an EC2 network interface.

AwsEc2RouteTable
Type: AwsEc2RouteTableDetails structure

Provides details about a route table. A route table contains a set of rules, called routes, that determine where to direct network traffic from your subnet or gateway.

AwsEc2SecurityGroup
Type: AwsEc2SecurityGroupDetails structure

Details for an EC2 security group.

AwsEc2Subnet
Type: AwsEc2SubnetDetails structure

Details about a subnet in Amazon EC2.

AwsEc2TransitGateway
Type: AwsEc2TransitGatewayDetails structure

Details about an Amazon EC2 transit gateway that interconnects your virtual private clouds (VPC) and on-premises networks.

AwsEc2Volume
Type: AwsEc2VolumeDetails structure

Details for an Amazon EC2 volume.

AwsEc2Vpc
Type: AwsEc2VpcDetails structure

Details for an Amazon EC2 VPC.

AwsEc2VpcEndpointService

Details about the service configuration for a VPC endpoint service.

AwsEc2VpcPeeringConnection

Details about an Amazon EC2 VPC peering connection. A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately.

AwsEc2VpnConnection
Type: AwsEc2VpnConnectionDetails structure

Details about an Amazon EC2 VPN connection.

AwsEcrContainerImage
Type: AwsEcrContainerImageDetails structure

Information about an Amazon ECR image.

AwsEcrRepository
Type: AwsEcrRepositoryDetails structure

Information about an Amazon Elastic Container Registry repository.

AwsEcsCluster
Type: AwsEcsClusterDetails structure

Details about an Amazon ECS cluster.

AwsEcsContainer
Type: AwsEcsContainerDetails structure

Provides information about a Docker container that's part of a task.

AwsEcsService
Type: AwsEcsServiceDetails structure

Details about a service within an ECS cluster.

AwsEcsTask
Type: AwsEcsTaskDetails structure

Details about a task in a cluster.

AwsEcsTaskDefinition
Type: AwsEcsTaskDefinitionDetails structure

Details about a task definition. A task definition describes the container and volume definitions of an Amazon Elastic Container Service task.

AwsEfsAccessPoint
Type: AwsEfsAccessPointDetails structure

Details about an Amazon EFS access point. An access point is an application-specific view into an EFS file system that applies an operating system user and group, and a file system path, to any file system request made through the access point.

AwsEksCluster
Type: AwsEksClusterDetails structure

Details about an Amazon EKS cluster.

AwsElasticBeanstalkEnvironment

Details about an Elastic Beanstalk environment.

AwsElasticsearchDomain

Details for an Elasticsearch domain.

AwsElbLoadBalancer
Type: AwsElbLoadBalancerDetails structure

Contains details about a Classic Load Balancer.

AwsElbv2LoadBalancer
Type: AwsElbv2LoadBalancerDetails structure

Details about a load balancer.

AwsEventSchemasRegistry

A schema defines the structure of events that are sent to Amazon EventBridge. Schema registries are containers for schemas. They collect and organize schemas so that your schemas are in logical groups.

AwsEventsEndpoint
Type: AwsEventsEndpointDetails structure

Provides details about an Amazon EventBridge global endpoint. The endpoint can improve your application’s availability by making it Regional-fault tolerant.

AwsEventsEventbus
Type: AwsEventsEventbusDetails structure

Provides details about Amazon EventBridge event bus for an endpoint. An event bus is a router that receives events and delivers them to zero or more destinations, or targets.

AwsGuardDutyDetector
Type: AwsGuardDutyDetectorDetails structure

Provides details about an Amazon GuardDuty detector. A detector is an object that represents the GuardDuty service. A detector is required for GuardDuty to become operational.

AwsIamAccessKey
Type: AwsIamAccessKeyDetails structure

Details about an IAM access key related to a finding.

AwsIamGroup
Type: AwsIamGroupDetails structure

Contains details about an IAM group.

AwsIamPolicy
Type: AwsIamPolicyDetails structure

Details about an IAM permissions policy.

AwsIamRole
Type: AwsIamRoleDetails structure

Details about an IAM role.

AwsIamUser
Type: AwsIamUserDetails structure

Details about an IAM user.

AwsKinesisStream
Type: AwsKinesisStreamDetails structure

Details about an Amazon Kinesis data stream.

AwsKmsKey
Type: AwsKmsKeyDetails structure

Details about an KMS key.

AwsLambdaFunction
Type: AwsLambdaFunctionDetails structure

Details about a Lambda function.

AwsLambdaLayerVersion

Details for a Lambda layer version.

AwsMskCluster
Type: AwsMskClusterDetails structure

Provides details about an Amazon Managed Streaming for Apache Kafka (Amazon MSK) cluster.

AwsNetworkFirewallFirewall

Details about an Network Firewall firewall.

AwsNetworkFirewallFirewallPolicy

Details about an Network Firewall firewall policy.

AwsNetworkFirewallRuleGroup

Details about an Network Firewall rule group.

AwsOpenSearchServiceDomain

Details about an Amazon OpenSearch Service domain.

AwsRdsDbCluster
Type: AwsRdsDbClusterDetails structure

Details about an Amazon RDS database cluster.

AwsRdsDbClusterSnapshot

Details about an Amazon RDS database cluster snapshot.

AwsRdsDbInstance
Type: AwsRdsDbInstanceDetails structure

Details about an Amazon RDS database instance.

AwsRdsDbSecurityGroup

Details about an Amazon RDS DB security group.

AwsRdsDbSnapshot
Type: AwsRdsDbSnapshotDetails structure

Details about an Amazon RDS database snapshot.

AwsRdsEventSubscription

Details about an RDS event notification subscription.

AwsRedshiftCluster
Type: AwsRedshiftClusterDetails structure

Contains details about an Amazon Redshift cluster.

AwsRoute53HostedZone
Type: AwsRoute53HostedZoneDetails structure

Provides details about an Amazon Route 53 hosted zone, including the four name servers assigned to the hosted zone. A hosted zone represents a collection of records that can be managed together, belonging to a single parent domain name.

AwsS3AccessPoint
Type: AwsS3AccessPointDetails structure

Provides details about an Amazon Simple Storage Service (Amazon S3) access point. S3 access points are named network endpoints that are attached to S3 buckets that you can use to perform S3 object operations.

AwsS3AccountPublicAccessBlock

Details about the Amazon S3 Public Access Block configuration for an account.

AwsS3Bucket
Type: AwsS3BucketDetails structure

Details about an S3 bucket related to a finding.

AwsS3Object
Type: AwsS3ObjectDetails structure

Details about an S3 object related to a finding.

AwsSageMakerNotebookInstance

Provides details about an Amazon SageMaker AI notebook instance.

AwsSecretsManagerSecret

Details about a Secrets Manager secret.

AwsSnsTopic
Type: AwsSnsTopicDetails structure

Details about an SNS topic.

AwsSqsQueue
Type: AwsSqsQueueDetails structure

Details about an SQS queue.

AwsSsmPatchCompliance

Provides information about the state of a patch on an instance based on the patch baseline that was used to patch the instance.

AwsStepFunctionStateMachine

Provides details about an Step Functions state machine, which is a workflow consisting of a series of event-driven steps.

AwsWafRateBasedRule
Type: AwsWafRateBasedRuleDetails structure

Details about a rate-based rule for global resources.

AwsWafRegionalRateBasedRule

Details about a rate-based rule for Regional resources.

AwsWafRegionalRule
Type: AwsWafRegionalRuleDetails structure

Details about an WAF rule for Regional resources.

AwsWafRegionalRuleGroup

Details about an WAF rule group for Regional resources.

AwsWafRegionalWebAcl
Type: AwsWafRegionalWebAclDetails structure

Details about an WAF web access control list (web ACL) for Regional resources.

AwsWafRule
Type: AwsWafRuleDetails structure

Details about an WAF rule for global resources.

AwsWafRuleGroup
Type: AwsWafRuleGroupDetails structure

Details about an WAF rule group for global resources.

AwsWafWebAcl
Type: AwsWafWebAclDetails structure

Details for an WAF web ACL.

AwsWafv2RuleGroup
Type: AwsWafv2RuleGroupDetails structure

Details about an WAFv2 rule group.

AwsWafv2WebAcl
Type: AwsWafv2WebAclDetails structure

Details about an WAFv2 web Access Control List (ACL).

AwsXrayEncryptionConfig

Information about the encryption configuration for X-Ray.

Container
Type: ContainerDetails structure

Details about a container resource related to a finding.

Other
Type: Associative array of custom strings keys (NonEmptyString) to strings

Details about a resource that are not available in a type-specific details object. Use the Other object in the following cases.

  • The type-specific object does not contain all of the fields that you want to populate. In this case, first use the type-specific object to populate those fields. Use the Other object to populate the fields that are missing from the type-specific object.

  • The resource type does not have a corresponding object. This includes resources for which the type is Other.

ResourceInUseException

Description

The request was rejected because it conflicts with the resource's availability. For example, you tried to update a security control that's currently in the UPDATING state.

Members
Code
Type: string
Message
Type: string

ResourceNotFoundException

Description

The request was rejected because we can't find the specified resource.

Members
Code
Type: string
Message
Type: string

Result

Description

Details about the account that was not processed.

Members
AccountId
Type: string

An Amazon Web Services account ID of the account that was not processed.

ProcessingResult
Type: string

The reason that the account was not processed.

RouteSetDetails

Description

Provides details about the routes in the route table.

Members
CarrierGatewayId
Type: string

The ID of the carrier gateway.

CoreNetworkArn
Type: string

The Amazon Resource Name (ARN) of the core network.

DestinationCidrBlock
Type: string

The IPv4 CIDR block used for the destination match.

DestinationIpv6CidrBlock
Type: string

The IPv6 CIDR block used for the destination match.

DestinationPrefixListId
Type: string

The prefix of the destination Amazon Web Services service.

EgressOnlyInternetGatewayId
Type: string

The ID of the egress-only internet gateway.

GatewayId
Type: string

The ID of a gateway attached to your VPC.

InstanceId
Type: string

The ID of a NAT instance in your VPC.

InstanceOwnerId
Type: string

The ID of the Amazon Web Services account that owns the instance.

LocalGatewayId
Type: string

The ID of the local gateway.

NatGatewayId
Type: string

The ID of a NAT gateway.

NetworkInterfaceId
Type: string

The ID of the network interface.

Origin
Type: string

Describes how the route was created.

State
Type: string

The state of the route.

TransitGatewayId
Type: string

The ID of a transit gateway.

VpcPeeringConnectionId
Type: string

The ID of a VPC peering connection.

RuleGroupDetails

Description

Details about the rule group.

Members
RuleVariables
Type: RuleGroupVariables structure

Additional settings to use in the specified rules.

RulesSource
Type: RuleGroupSource structure

The rules and actions for the rule group.

For stateful rule groups, can contain RulesString, RulesSourceList, or StatefulRules.

For stateless rule groups, contains StatelessRulesAndCustomActions.

RuleGroupSource

Description

The rules and actions for the rule group.

Members
RulesSourceList
Type: RuleGroupSourceListDetails structure

Stateful inspection criteria for a domain list rule group. A domain list rule group determines access by specific protocols to specific domains.

RulesString
Type: string

Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules.

StatefulRules
Type: Array of RuleGroupSourceStatefulRulesDetails structures

Suricata rule specifications.

StatelessRulesAndCustomActions

The stateless rules and custom actions used by a stateless rule group.

RuleGroupSourceCustomActionsDetails

Description

A custom action definition. A custom action is an optional, non-standard action to use for stateless packet handling.

Members
ActionDefinition

The definition of a custom action.

ActionName
Type: string

A descriptive name of the custom action.

RuleGroupSourceListDetails

Description

Stateful inspection criteria for a domain list rule group.

Members
GeneratedRulesType
Type: string

Indicates whether to allow or deny access to the domains listed in Targets.

TargetTypes
Type: Array of strings

The protocols that you want to inspect. Specify LS_SNI for HTTPS. Specify HTTP_HOST for HTTP. You can specify either or both.

Targets
Type: Array of strings

The domains that you want to inspect for in your traffic flows. You can provide full domain names, or use the '.' prefix as a wildcard. For example, .example.com matches all domains that end with example.com.

RuleGroupSourceStatefulRulesDetails

Description

A Suricata rule specification.

Members
Action
Type: string

Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria.

Header

The stateful inspection criteria for the rule.

RuleOptions
Type: Array of RuleGroupSourceStatefulRulesOptionsDetails structures

Additional options for the rule.

RuleGroupSourceStatefulRulesHeaderDetails

Description

The inspection criteria for a stateful rule.

Members
Destination
Type: string

The destination IP address or address range to inspect for, in CIDR notation. To match with any address, specify ANY.

DestinationPort
Type: string

The destination port to inspect for. You can specify an individual port, such as 1994. You also can specify a port range, such as 1990:1994. To match with any port, specify ANY.

Direction
Type: string

The direction of traffic flow to inspect. If set to ANY, the inspection matches bidirectional traffic, both from the source to the destination and from the destination to the source. If set to FORWARD, the inspection only matches traffic going from the source to the destination.

Protocol
Type: string

The protocol to inspect for. To inspector for all protocols, use IP.

Source
Type: string

The source IP address or address range to inspect for, in CIDR notation. To match with any address, specify ANY.

SourcePort
Type: string

The source port to inspect for. You can specify an individual port, such as 1994. You also can specify a port range, such as 1990:1994. To match with any port, specify ANY.

RuleGroupSourceStatefulRulesOptionsDetails

Description

A rule option for a stateful rule.

Members
Keyword
Type: string

A keyword to look for.

Settings
Type: Array of strings

A list of settings.

RuleGroupSourceStatelessRuleDefinition

Description

The definition of the stateless rule.

Members
Actions
Type: Array of strings

The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must specify a standard action (aws:pass, aws:drop, or aws:forward_to_sfe). You can then add custom actions.

MatchAttributes

The criteria for Network Firewall to use to inspect an individual packet in a stateless rule inspection.

RuleGroupSourceStatelessRuleMatchAttributes

Description

Criteria for the stateless rule.

Members
DestinationPorts

A list of port ranges to specify the destination ports to inspect for.

Destinations

The destination IP addresses and address ranges to inspect for, in CIDR notation.

Protocols
Type: Array of ints

The protocols to inspect for.

SourcePorts

A list of port ranges to specify the source ports to inspect for.

Sources

The source IP addresses and address ranges to inspect for, in CIDR notation.

TcpFlags

The TCP flags and masks to inspect for.

RuleGroupSourceStatelessRuleMatchAttributesDestinationPorts

Description

A port range to specify the destination ports to inspect for.

Members
FromPort
Type: int

The starting port value for the port range.

ToPort
Type: int

The ending port value for the port range.

RuleGroupSourceStatelessRuleMatchAttributesDestinations

Description

A destination IP address or range.

Members
AddressDefinition
Type: string

An IP address or a block of IP addresses.

RuleGroupSourceStatelessRuleMatchAttributesSourcePorts

Description

A port range to specify the source ports to inspect for.

Members
FromPort
Type: int

The starting port value for the port range.

ToPort
Type: int

The ending port value for the port range.

RuleGroupSourceStatelessRuleMatchAttributesSources

Description

A source IP addresses and address range to inspect for.

Members
AddressDefinition
Type: string

An IP address or a block of IP addresses.

RuleGroupSourceStatelessRuleMatchAttributesTcpFlags

Description

A set of TCP flags and masks to inspect for.

Members
Flags
Type: Array of strings

Defines the flags from the Masks setting that must be set in order for the packet to match. Flags that are listed must be set. Flags that are not listed must not be set.

Masks
Type: Array of strings

The set of flags to consider in the inspection. If not specified, then all flags are inspected.

RuleGroupSourceStatelessRulesAndCustomActionsDetails

Description

Stateless rules and custom actions for a stateless rule group.

Members
CustomActions
Type: Array of RuleGroupSourceCustomActionsDetails structures

Custom actions for the rule group.

StatelessRules
Type: Array of RuleGroupSourceStatelessRulesDetails structures

Stateless rules for the rule group.

RuleGroupSourceStatelessRulesDetails

Description

A stateless rule in the rule group.

Members
Priority
Type: int

Indicates the order in which to run this rule relative to all of the rules in the stateless rule group.

RuleDefinition

Provides the definition of the stateless rule.

RuleGroupVariablesIpSetsDetails

Description

A list of IP addresses and address ranges, in CIDR notation.

Members
Definition
Type: Array of strings

The list of IP addresses and ranges.

RuleGroupVariablesPortSetsDetails

Description

A list of port ranges.

Members
Definition
Type: Array of strings

The list of port ranges.

SecurityControl

Description

A security control in Security Hub describes a security best practice related to a specific resource.

Members
Description
Required: Yes
Type: string

The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.

LastUpdateReason
Type: string

The most recent reason for updating the customizable properties of a security control. This differs from the UpdateReason field of the BatchUpdateStandardsControlAssociations API, which tracks the reason for updating the enablement status of a control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.

Parameters
Type: Associative array of custom strings keys (NonEmptyString) to ParameterConfiguration structures

An object that identifies the name of a control parameter, its current value, and whether it has been customized.

RemediationUrl
Required: Yes
Type: string

A link to Security Hub documentation that explains how to remediate a failed finding for a security control.

SecurityControlArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) for a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.

SecurityControlId
Required: Yes
Type: string

The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number, such as APIGateway.3.

SecurityControlStatus
Required: Yes
Type: string

The enablement status of a security control in a specific standard.

SeverityRating
Required: Yes
Type: string

The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide.

Title
Required: Yes
Type: string

The title of a security control.

UpdateStatus
Type: string

Identifies whether customizable properties of a security control are reflected in Security Hub findings. A status of READY indicates that Security Hub uses the current control parameter values when running security checks of the control. A status of UPDATING indicates that all security checks might not use the current parameter values.

SecurityControlCustomParameter

Description

A list of security controls and control parameter values that are included in a configuration policy.

Members
Parameters
Type: Associative array of custom strings keys (NonEmptyString) to ParameterConfiguration structures

An object that specifies parameter values for a control in a configuration policy.

SecurityControlId
Type: string

The ID of the security control.

SecurityControlDefinition

Description

Provides metadata for a security control, including its unique standard-agnostic identifier, title, description, severity, availability in Amazon Web Services Regions, and a link to remediation steps.

Members
CurrentRegionAvailability
Required: Yes
Type: string

Specifies whether a security control is available in the current Amazon Web Services Region.

CustomizableProperties
Type: Array of strings

Security control properties that you can customize. Currently, only parameter customization is supported for select controls. An empty array is returned for controls that don’t support custom properties.

Description
Required: Yes
Type: string

The description of a security control across standards. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter doesn't reference a specific standard.

ParameterDefinitions
Type: Associative array of custom strings keys (NonEmptyString) to ParameterDefinition structures

An object that provides a security control parameter name, description, and the options for customizing it. This object is excluded for a control that doesn't support custom parameters.

RemediationUrl
Required: Yes
Type: string

A link to Security Hub documentation that explains how to remediate a failed finding for a security control.

SecurityControlId
Required: Yes
Type: string

The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).

SeverityRating
Required: Yes
Type: string

The severity of a security control. For more information about how Security Hub determines control severity, see Assigning severity to control findings in the Security Hub User Guide.

Title
Required: Yes
Type: string

The title of a security control.

SecurityControlParameter

Description

A parameter that a security control accepts.

Members
Name
Type: string

The name of a

Value
Type: Array of strings

The current value of a control parameter.

SecurityControlsConfiguration

Description

An object that defines which security controls are enabled in an Security Hub configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

Members
DisabledSecurityControlIdentifiers
Type: Array of strings

A list of security controls that are disabled in the configuration policy. Security Hub enables all other controls (including newly released controls) other than the listed controls.

EnabledSecurityControlIdentifiers
Type: Array of strings

A list of security controls that are enabled in the configuration policy. Security Hub disables all other controls (including newly released controls) other than the listed controls.

SecurityControlCustomParameters
Type: Array of SecurityControlCustomParameter structures

A list of security controls and control parameter values that are included in a configuration policy.

SecurityHubPolicy

Description

An object that defines how Security Hub is configured. The configuration policy includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

Members
EnabledStandardIdentifiers
Type: Array of strings

A list that defines which security standards are enabled in the configuration policy.

SecurityControlsConfiguration

An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

ServiceEnabled
Type: boolean

Indicates whether Security Hub is enabled in the policy.

SensitiveDataDetections

Description

The list of detected instances of sensitive data.

Members
Count
Type: long (int|float)

The total number of occurrences of sensitive data that were detected.

Occurrences
Type: Occurrences structure

Details about the sensitive data that was detected.

Type
Type: string

The type of sensitive data that was detected. For example, the type might indicate that the data is an email address.

SensitiveDataResult

Description

Contains a detected instance of sensitive data that are based on built-in identifiers.

Members
Category
Type: string

The category of sensitive data that was detected. For example, the category can indicate that the sensitive data involved credentials, financial information, or personal information.

Detections
Type: Array of SensitiveDataDetections structures

The list of detected instances of sensitive data.

TotalCount
Type: long (int|float)

The total number of occurrences of sensitive data.

Sequence

Description

Contains information about an Amazon GuardDuty Extended Threat Detection attack sequence finding. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

Members
Actors
Type: Array of Actor structures

Provides information about the actors involved in the attack sequence.

Endpoints
Type: Array of NetworkEndpoint structures

Contains information about the network endpoints that were used in the attack sequence.

SequenceIndicators
Type: Array of Indicator structures

Contains information about the indicators observed in the attack sequence. The values for SignalIndicators are a subset of the values for SequenceIndicators, but the values for these fields don't always match 1:1.

Signals
Type: Array of Signal structures

Contains information about the signals involved in the attack sequence.

Uid
Type: string

Unique identifier of the attack sequence.

Severity

Description

The severity of the finding.

The finding provider can provide the initial severity. The finding provider can only update the severity if it hasn't been updated using BatchUpdateFindings.

The finding must have either Label or Normalized populated. If only one of these attributes is populated, then Security Hub automatically populates the other one. If neither attribute is populated, then the finding is invalid. Label is the preferred attribute.

Members
Label
Type: string

The severity value of the finding. The allowed values are the following.

  • INFORMATIONAL - No issue was found.

  • LOW - The issue does not require action on its own.

  • MEDIUM - The issue must be addressed but not urgently.

  • HIGH - The issue must be addressed as a priority.

  • CRITICAL - The issue must be remediated immediately to avoid it escalating.

If you provide Normalized and don't provide Label, then Label is set automatically as follows.

  • 0 - INFORMATIONAL

  • 1–39 - LOW

  • 40–69 - MEDIUM

  • 70–89 - HIGH

  • 90–100 - CRITICAL

Normalized
Type: int

Deprecated. The normalized severity of a finding. Instead of providing Normalized, provide Label.

The value of Normalized can be an integer between 0 and 100.

If you provide Label and don't provide Normalized, then Normalized is set automatically as follows.

  • INFORMATIONAL - 0

  • LOW - 1

  • MEDIUM - 40

  • HIGH - 70

  • CRITICAL - 90

Original
Type: string

The native severity from the finding product that generated the finding.

Length Constraints: Minimum length of 1. Maximum length of 64.

Product
Type: double

Deprecated. This attribute isn't included in findings. Instead of providing Product, provide Original.

The native severity as defined by the Amazon Web Services service or integrated partner product that generated the finding.

SeverityUpdate

Description

Updates to the severity information for a finding.

Members
Label
Type: string

The severity value of the finding. The allowed values are the following.

  • INFORMATIONAL - No issue was found.

  • LOW - The issue does not require action on its own.

  • MEDIUM - The issue must be addressed but not urgently.

  • HIGH - The issue must be addressed as a priority.

  • CRITICAL - The issue must be remediated immediately to avoid it escalating.

Normalized
Type: int

The normalized severity for the finding. This attribute is to be deprecated in favor of Label.

If you provide Normalized and don't provide Label, Label is set automatically as follows.

  • 0 - INFORMATIONAL

  • 1–39 - LOW

  • 40–69 - MEDIUM

  • 70–89 - HIGH

  • 90–100 - CRITICAL

Product
Type: double

The native severity as defined by the Amazon Web Services service or integrated partner product that generated the finding.

Signal

Description

Contains information about the signals involved in an Amazon GuardDuty Extended Threat Detection attack sequence. An attack sequence is a type of threat detected by GuardDuty. GuardDuty generates an attack sequence finding when multiple events, or signals, align to a potentially suspicious activity. When GuardDuty and Security Hub are integrated, GuardDuty sends attack sequence findings to Security Hub.

A signal can be an API activity or a finding that GuardDuty uses to detect an attack sequence finding.

Members
ActorIds
Type: Array of strings

The IDs of the threat actors involved in the signal.

Count
Type: int

The number of times this signal was observed.

CreatedAt
Type: long (int|float)

The timestamp when the first finding or activity related to this signal was observed.

EndpointIds
Type: Array of strings

Information about the endpoint IDs associated with this signal.

FirstSeenAt
Type: long (int|float)

The timestamp when the first finding or activity related to this signal was observed.

Id
Type: string

The identifier of the signal.

LastSeenAt
Type: long (int|float)

The timestamp when the last finding or activity related to this signal was observed.

Name
Type: string

The name of the GuardDuty signal. For example, when signal type is FINDING, the signal name is the name of the finding.

ProductArn
Type: string

The Amazon Resource Name (ARN) of the product that generated the signal.

ResourceIds
Type: Array of strings

The ARN or ID of the Amazon Web Services resource associated with the signal.

Severity
Type: double

The severity associated with the signal. For more information about severity, see Severity levels for GuardDuty findings in the Amazon GuardDuty User Guide.

SignalIndicators
Type: Array of Indicator structures

Contains information about the indicators associated with the signals in this attack sequence finding. The values for SignalIndicators are a subset of the values for SequenceIndicators, but the values for these fields don't always match 1:1.

Title
Type: string

The description of the GuardDuty finding.

Type
Type: string

The type of the signal used to identify an attack sequence.

Signals can be GuardDuty findings or activities observed in data sources that GuardDuty monitors. For more information, see GuardDuty foundational data sources in the Amazon GuardDuty User Guide.

A signal type can be one of the following values. Here are the related descriptions:

  • FINDING - Individually generated GuardDuty finding.

  • CLOUD_TRAIL - Activity observed from CloudTrail logs

  • S3_DATA_EVENTS - Activity observed from CloudTrail data events for Amazon Simple Storage Service (S3). Activities associated with this type will show up only when you have enabled GuardDuty S3 Protection feature in your account. For more information about S3 Protection and the steps to enable it, see S3 Protection in the Amazon GuardDuty User Guide.

UpdatedAt
Type: long (int|float)

The timestamp when this signal was last observed.

SoftwarePackage

Description

Information about a software package.

Members
Architecture
Type: string

The architecture used for the software package.

Epoch
Type: string

The epoch of the software package.

FilePath
Type: string

The file system path to the package manager inventory file.

FixedInVersion
Type: string

The version of the software package in which the vulnerability has been resolved.

Name
Type: string

The name of the software package.

PackageManager
Type: string

The source of the package.

Release
Type: string

The release of the software package.

Remediation
Type: string

Describes the actions a customer can take to resolve the vulnerability in the software package.

SourceLayerArn
Type: string

The Amazon Resource Name (ARN) of the source layer.

SourceLayerHash
Type: string

The source layer hash of the vulnerable package.

Version
Type: string

The version of the software package.

SortCriterion

Description

A collection of finding attributes used to sort findings.

Members
Field
Type: string

The finding attribute used to sort findings.

SortOrder
Type: string

The order used to sort findings.

Standard

Description

Provides information about a specific security standard.

Members
Description
Type: string

A description of the standard.

EnabledByDefault
Type: boolean

Whether the standard is enabled by default. When Security Hub is enabled from the console, if a standard is enabled by default, the check box for that standard is selected by default.

When Security Hub is enabled using the EnableSecurityHub API operation, the standard is enabled by default unless EnableDefaultStandards is set to false.

Name
Type: string

The name of the standard.

StandardsArn
Type: string

The ARN of a standard.

StandardsManagedBy
Type: StandardsManagedBy structure

Provides details about the management of a standard.

StandardsControl

Description

Details for an individual security standard control.

Members
ControlId
Type: string

The identifier of the security standard control.

ControlStatus
Type: string

The current status of the security standard control. Indicates whether the control is enabled or disabled. Security Hub does not check against disabled controls.

ControlStatusUpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time that the status of the security standard control was most recently updated.

Description
Type: string

The longer description of the security standard control. Provides information about what the control is checking for.

DisabledReason
Type: string

The reason provided for the most recent change in status for the control.

RelatedRequirements
Type: Array of strings

The list of requirements that are related to this control.

RemediationUrl
Type: string

A link to remediation information for the control in the Security Hub user documentation.

SeverityRating
Type: string

The severity of findings generated from this security standard control.

The finding severity is based on an assessment of how easy it would be to compromise Amazon Web Services resources if the issue is detected.

StandardsControlArn
Type: string

The ARN of the security standard control.

Title
Type: string

The title of the security standard control.

StandardsControlAssociationDetail

Description

Provides details about a control's enablement status in a specified standard.

Members
AssociationStatus
Required: Yes
Type: string

Specifies whether a control is enabled or disabled in a specified standard.

RelatedRequirements
Type: Array of strings

The requirement that underlies a control in the compliance framework related to the standard.

SecurityControlArn
Required: Yes
Type: string

The ARN of a security control across standards, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.

SecurityControlId
Required: Yes
Type: string

The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number, such as APIGateway.3.

StandardsArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of a security standard.

StandardsControlArns
Type: Array of strings

Provides the input parameter that Security Hub uses to call the UpdateStandardsControl API. This API can be used to enable or disable a control in a specified standard.

StandardsControlDescription
Type: string

The description of a control. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. This parameter may reference a specific standard.

StandardsControlTitle
Type: string

The title of a control. This field may reference a specific standard.

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time at which the enablement status of the control in the specified standard was last updated.

UpdatedReason
Type: string

The reason for updating the enablement status of a control in a specified standard.

StandardsControlAssociationId

Description

An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. The security control ID or ARN is the same across standards.

Members
SecurityControlId
Required: Yes
Type: string

The unique identifier (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) of a security control across standards.

StandardsArn
Required: Yes
Type: string

The ARN of a standard.

StandardsControlAssociationSummary

Description

An array that provides the enablement status and other details for each control that applies to each enabled standard.

Members
AssociationStatus
Required: Yes
Type: string

The enablement status of a control in a specific standard.

RelatedRequirements
Type: Array of strings

The requirement that underlies this control in the compliance framework related to the standard.

SecurityControlArn
Required: Yes
Type: string

The ARN of a control, such as arn:aws:securityhub:eu-central-1:123456789012:security-control/S3.1. This parameter doesn't mention a specific standard.

SecurityControlId
Required: Yes
Type: string

A unique standard-agnostic identifier for a control. Values for this field typically consist of an Amazon Web Services service and a number, such as APIGateway.5. This field doesn't reference a specific standard.

StandardsArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of a standard.

StandardsControlDescription
Type: string

The description of a control. This typically summarizes how Security Hub evaluates the control and the conditions under which it produces a failed finding. The parameter may reference a specific standard.

StandardsControlTitle
Type: string

The title of a control.

UpdatedAt
Type: timestamp (string|DateTime or anything parsable by strtotime)

The last time that a control's enablement status in a specified standard was updated.

UpdatedReason
Type: string

The reason for updating a control's enablement status in a specified standard.

StandardsControlAssociationUpdate

Description

An array of requested updates to the enablement status of controls in specified standards. The objects in the array include a security control ID, the Amazon Resource Name (ARN) of the standard, the requested enablement status, and the reason for updating the enablement status.

Members
AssociationStatus
Required: Yes
Type: string

The desired enablement status of the control in the standard.

SecurityControlId
Required: Yes
Type: string

The unique identifier for the security control whose enablement status you want to update.

StandardsArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the standard in which you want to update the control's enablement status.

UpdatedReason
Type: string

The reason for updating the control's enablement status in the standard.

StandardsManagedBy

Description

Provides details about the management of a security standard.

Members
Company
Type: string

An identifier for the company that manages a specific security standard. For existing standards, the value is equal to Amazon Web Services.

Product
Type: string

An identifier for the product that manages a specific security standard. For existing standards, the value is equal to the Amazon Web Services service that manages the standard.

StandardsStatusReason

Description

The reason for the current status of a standard subscription.

Members
StatusReasonCode
Required: Yes
Type: string

The reason code that represents the reason for the current status of a standard subscription.

StandardsSubscription

Description

A resource that represents your subscription to a supported standard.

Members
StandardsArn
Required: Yes
Type: string

The ARN of a standard.

StandardsInput
Required: Yes
Type: Associative array of custom strings keys (NonEmptyString) to strings

A key-value pair of input for the standard.

StandardsStatus
Required: Yes
Type: string

The status of the standard subscription.

The status values are as follows:

  • PENDING - Standard is in the process of being enabled.

  • READY - Standard is enabled.

  • INCOMPLETE - Standard could not be enabled completely. Some controls may not be available.

  • DELETING - Standard is in the process of being disabled.

  • FAILED - Standard could not be disabled.

StandardsStatusReason
Type: StandardsStatusReason structure

The reason for the current status.

StandardsSubscriptionArn
Required: Yes
Type: string

The ARN of a resource that represents your subscription to a supported standard.

StandardsSubscriptionRequest

Description

The standard that you want to enable.

Members
StandardsArn
Required: Yes
Type: string

The ARN of the standard that you want to enable. To view the list of available standards and their ARNs, use the DescribeStandards operation.

StandardsInput
Type: Associative array of custom strings keys (NonEmptyString) to strings

A key-value pair of input for the standard.

StatelessCustomActionDefinition

Description

The definition of a custom action that can be used for stateless packet handling.

Members
PublishMetricAction

Information about metrics to publish to CloudWatch.

StatelessCustomPublishMetricAction

Description

Information about metrics to publish to CloudWatch.

Members
Dimensions

Defines CloudWatch dimension values to publish.

StatelessCustomPublishMetricActionDimension

Description

Defines a CloudWatch dimension value to publish.

Members
Value
Type: string

The value to use for the custom metric dimension.

StatusReason

Description

Provides additional context for the value of Compliance.Status.

Members
Description
Type: string

The corresponding description for the status reason code.

ReasonCode
Required: Yes
Type: string

A code that represents a reason for the control status. For the list of status reason codes and their meanings, see Compliance details for control findings in the Security Hub User Guide.

StringConfigurationOptions

Description

The options for customizing a security control parameter that is a string.

Members
DefaultValue
Type: string

The Security Hub default value for a control parameter that is a string.

ExpressionDescription
Type: string

The description of the RE2 regular expression.

Re2Expression
Type: string

An RE2 regular expression that Security Hub uses to validate a user-provided control parameter string.

StringFilter

Description

A string filter for filtering Security Hub findings.

Members
Comparison
Type: string

The condition to apply to a string value when filtering Security Hub findings.

To search for values that have the filter value, use one of the following comparison operators:

  • To search for values that include the filter value, use CONTAINS. For example, the filter Title CONTAINS CloudFront matches findings that have a Title that includes the string CloudFront.

  • To search for values that exactly match the filter value, use EQUALS. For example, the filter AwsAccountId EQUALS 123456789012 only matches findings that have an account ID of 123456789012.

  • To search for values that start with the filter value, use PREFIX. For example, the filter ResourceRegion PREFIX us matches findings that have a ResourceRegion that starts with us. A ResourceRegion that starts with a different value, such as af, ap, or ca, doesn't match.

CONTAINS, EQUALS, and PREFIX filters on the same field are joined by OR. A finding matches if it matches any one of those filters. For example, the filters Title CONTAINS CloudFront OR Title CONTAINS CloudWatch match a finding that includes either CloudFront, CloudWatch, or both strings in the title.

To search for values that don’t have the filter value, use one of the following comparison operators:

  • To search for values that exclude the filter value, use NOT_CONTAINS. For example, the filter Title NOT_CONTAINS CloudFront matches findings that have a Title that excludes the string CloudFront.

  • To search for values other than the filter value, use NOT_EQUALS. For example, the filter AwsAccountId NOT_EQUALS 123456789012 only matches findings that have an account ID other than 123456789012.

  • To search for values that don't start with the filter value, use PREFIX_NOT_EQUALS. For example, the filter ResourceRegion PREFIX_NOT_EQUALS us matches findings with a ResourceRegion that starts with a value other than us.

NOT_CONTAINS, NOT_EQUALS, and PREFIX_NOT_EQUALS filters on the same field are joined by AND. A finding matches only if it matches all of those filters. For example, the filters Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch match a finding that excludes both CloudFront and CloudWatch in the title.

You can’t have both a CONTAINS filter and a NOT_CONTAINS filter on the same field. Similarly, you can't provide both an EQUALS filter and a NOT_EQUALS or PREFIX_NOT_EQUALS filter on the same field. Combining filters in this way returns an error. CONTAINS filters can only be used with other CONTAINS filters. NOT_CONTAINS filters can only be used with other NOT_CONTAINS filters.

You can combine PREFIX filters with NOT_EQUALS or PREFIX_NOT_EQUALS filters for the same field. Security Hub first processes the PREFIX filters, and then the NOT_EQUALS or PREFIX_NOT_EQUALS filters.

For example, for the following filters, Security Hub first identifies findings that have resource types that start with either AwsIam or AwsEc2. It then excludes findings that have a resource type of AwsIamPolicy and findings that have a resource type of AwsEc2NetworkInterface.

  • ResourceType PREFIX AwsIam

  • ResourceType PREFIX AwsEc2

  • ResourceType NOT_EQUALS AwsIamPolicy

  • ResourceType NOT_EQUALS AwsEc2NetworkInterface

CONTAINS and NOT_CONTAINS operators can be used only with automation rules. For more information, see Automation rules in the Security Hub User Guide.

Value
Type: string

The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is Security Hub. If you provide security hub as the filter value, there's no match.

StringListConfigurationOptions

Description

The options for customizing a security control parameter that is a list of strings.

Members
DefaultValue
Type: Array of strings

The Security Hub default value for a control parameter that is a list of strings.

ExpressionDescription
Type: string

The description of the RE2 regular expression.

MaxItems
Type: int

The maximum number of list items that a string list control parameter can accept.

Re2Expression
Type: string

An RE2 regular expression that Security Hub uses to validate a user-provided list of strings for a control parameter.

Target

Description

The target account, organizational unit, or the root that is associated with an Security Hub configuration. The configuration can be a configuration policy or self-managed behavior.

Members
AccountId
Type: string

The Amazon Web Services account ID of the target account.

OrganizationalUnitId
Type: string

The organizational unit ID of the target organizational unit.

RootId
Type: string

The ID of the organization root.

Threat

Description

Provides information about the threat detected in a security finding and the file paths that were affected by the threat.

Members
FilePaths
Type: Array of FilePaths structures

Provides information about the file paths that were affected by the threat.

Array Members: Minimum number of 1 item. Maximum number of 5 items.

ItemCount
Type: int

This total number of items in which the threat has been detected.

Name
Type: string

The name of the threat.

Length Constraints: Minimum of 1 length. Maximum of 128 length.

Severity
Type: string

The severity of the threat.

Length Constraints: Minimum of 1 length. Maximum of 128 length.

ThreatIntelIndicator

Description

Details about the threat intelligence related to a finding.

Members
Category
Type: string

The category of a threat intelligence indicator.

LastObservedAt
Type: string

Indicates when the most recent instance of a threat intelligence indicator was observed.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

Source
Type: string

The source of the threat intelligence indicator.

Length Constraints: Minimum of 1 length. Maximum of 64 length.

SourceUrl
Type: string

The URL to the page or site where you can get more information about the threat intelligence indicator.

Type
Type: string

The type of threat intelligence indicator.

Value
Type: string

The value of a threat intelligence indicator.

Length Constraints: Minimum of 1 length. Maximum of 512 length.

UnprocessedAutomationRule

Description

A list of objects containing RuleArn, ErrorCode, and ErrorMessage. This parameter tells you which automation rules the request didn't process and why.

Members
ErrorCode
Type: int

The error code associated with the unprocessed automation rule.

ErrorMessage
Type: string

An error message describing why a request didn't process a specific rule.

RuleArn
Type: string

The Amazon Resource Name (ARN) for the unprocessed automation rule.

UnprocessedConfigurationPolicyAssociation

Description

An array of configuration policy associations, one for each configuration policy association identifier, that was specified in a BatchGetConfigurationPolicyAssociations request but couldn’t be processed due to an error.

Members
ConfigurationPolicyAssociationIdentifiers

Configuration policy association identifiers that were specified in a BatchGetConfigurationPolicyAssociations request but couldn’t be processed due to an error.

ErrorCode
Type: string

An HTTP status code that identifies why the configuration policy association failed.

ErrorReason
Type: string

A string that identifies why the configuration policy association failed.

UnprocessedSecurityControl

Description

Provides details about a security control for which a response couldn't be returned.

Members
ErrorCode
Required: Yes
Type: string

The error code for the unprocessed security control.

ErrorReason
Type: string

The reason why the security control was unprocessed.

SecurityControlId
Required: Yes
Type: string

The control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) for which a response couldn't be returned.

UnprocessedStandardsControlAssociation

Description

Provides details about which control's enablement status couldn't be retrieved in a specified standard when calling BatchUpdateStandardsControlAssociations. This parameter also provides details about why the request was unprocessed.

Members
ErrorCode
Required: Yes
Type: string

The error code for the unprocessed standard and control association.

ErrorReason
Type: string

The reason why the standard and control association was unprocessed.

StandardsControlAssociationId
Required: Yes
Type: StandardsControlAssociationId structure

An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This parameter shows the specific controls for which the enablement status couldn't be retrieved in specified standards when calling BatchUpdateStandardsControlAssociations.

UnprocessedStandardsControlAssociationUpdate

Description

Provides details about which control's enablement status could not be updated in a specified standard when calling the BatchUpdateStandardsControlAssociations API. This parameter also provides details about why the request was unprocessed.

Members
ErrorCode
Required: Yes
Type: string

The error code for the unprocessed update of the control's enablement status in the specified standard.

ErrorReason
Type: string

The reason why a control's enablement status in the specified standard couldn't be updated.

StandardsControlAssociationUpdate
Required: Yes
Type: StandardsControlAssociationUpdate structure

An array of control and standard associations for which an update failed when calling BatchUpdateStandardsControlAssociations.

UpdateAutomationRulesRequestItem

Description

Specifies the parameters to update in an existing automation rule.

Members
Actions
Type: Array of AutomationRulesAction structures

One or more actions to update finding fields if a finding matches the conditions specified in Criteria.

Criteria

A set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub applies the rule action to the finding.

Description
Type: string

A description of the rule.

IsTerminal
Type: boolean

Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn't evaluate other rules for the finding. By default, a rule isn't terminal.

RuleArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) for the rule.

RuleName
Type: string

The name of the rule.

RuleOrder
Type: int

An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

RuleStatus
Type: string

Whether the rule is active after it is created. If this parameter is equal to ENABLED, Security Hub starts applying the rule to findings and finding updates after the rule is created. To change the value of this parameter after creating a rule, use BatchUpdateAutomationRules .

UserAccount

Description

Provides Amazon Web Services account information of the user involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.

Members
Name
Type: string

The name of the user account involved in the attack sequence.

Uid
Type: string

The unique identifier of the user account involved in the attack sequence.

VolumeMount

Description

Describes the mounting of a volume in a container.

Members
MountPath
Type: string

The path in the container at which the volume should be mounted.

Name
Type: string

The name of the volume.

VpcInfoCidrBlockSetDetails

Description

Provides details about the IPv4 CIDR blocks for the VPC.

Members
CidrBlock
Type: string

The IPv4 CIDR block for the VPC.

VpcInfoIpv6CidrBlockSetDetails

Description

Provides details about the IPv6 CIDR blocks for the VPC.

Members
Ipv6CidrBlock
Type: string

The IPv6 CIDR block for the VPC.

VpcInfoPeeringOptionsDetails

Description

Provides information about the VPC peering connection options for the accepter or requester VPC.

Members
AllowDnsResolutionFromRemoteVpc
Type: boolean

Indicates whether a local VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC.

AllowEgressFromLocalClassicLinkToRemoteVpc
Type: boolean

Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection.

AllowEgressFromLocalVpcToRemoteClassicLink
Type: boolean

Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection.

Vulnerability

Description

A vulnerability associated with a finding.

Members
CodeVulnerabilities
Type: Array of VulnerabilityCodeVulnerabilities structures

The vulnerabilities found in your Lambda function code. This field pertains to findings that Security Hub receives from Amazon Inspector.

Cvss
Type: Array of Cvss structures

CVSS scores from the advisory related to the vulnerability.

EpssScore
Type: double

The Exploit Prediction Scoring System (EPSS) score for a finding.

ExploitAvailable
Type: string

Whether an exploit is available for a finding.

FixAvailable
Type: string

Specifies if all vulnerable packages in a finding have a value for FixedInVersion and Remediation. This field is evaluated for each vulnerability Id based on the number of vulnerable packages that have a value for both FixedInVersion and Remediation. Valid values are as follows:

  • YES if all vulnerable packages have a value for both FixedInVersion and Remediation

  • NO if no vulnerable packages have a value for FixedInVersion and Remediation

  • PARTIAL otherwise

Id
Required: Yes
Type: string

The identifier of the vulnerability.

LastKnownExploitAt
Type: string

The date and time of the last exploit associated with a finding discovered in your environment.

ReferenceUrls
Type: Array of strings

A list of URLs that provide additional information about the vulnerability.

RelatedVulnerabilities
Type: Array of strings

List of vulnerabilities that are related to this vulnerability.

Vendor
Type: VulnerabilityVendor structure

Information about the vendor that generates the vulnerability report.

VulnerablePackages
Type: Array of SoftwarePackage structures

List of software packages that have the vulnerability.

VulnerabilityCodeVulnerabilities

Description

Provides details about the vulnerabilities found in your Lambda function code. This field pertains to findings that Security Hub receives from Amazon Inspector.

Members
Cwes
Type: Array of strings

The Common Weakness Enumeration (CWE) item associated with the detected code vulnerability.

FilePath
Type: CodeVulnerabilitiesFilePath structure

Provides details about where a code vulnerability is located in your Lambda function.

SourceArn
Type: string

The Amazon Resource Name (ARN) of the Lambda layer in which the code vulnerability is located.

VulnerabilityVendor

Description

A vendor that generates a vulnerability report.

Members
Name
Required: Yes
Type: string

The name of the vendor.

Url
Type: string

The URL of the vulnerability advisory.

VendorCreatedAt
Type: string

Indicates when the vulnerability advisory was created.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

VendorSeverity
Type: string

The severity that the vendor assigned to the vulnerability.

VendorUpdatedAt
Type: string

Indicates when the vulnerability advisory was last updated.

For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

WafAction

Description

Details about the action that CloudFront or WAF takes when a web request matches the conditions in the rule.

Members
Type
Type: string

Specifies how you want WAF to respond to requests that match the settings in a rule.

Valid settings include the following:

  • ALLOW - WAF allows requests

  • BLOCK - WAF blocks requests

  • COUNT - WAF increments a counter of the requests that match all of the conditions in the rule. WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify COUNT for the default action for a web ACL.

WafExcludedRule

Description

Details about a rule to exclude from a rule group.

Members
RuleId
Type: string

The unique identifier for the rule to exclude from the rule group.

WafOverrideAction

Description

Details about an override action for a rule.

Members
Type
Type: string

COUNT overrides the action specified by the individual rule within a RuleGroup .

If set to NONE, the rule's action takes place.

Workflow

Description

Provides details about the status of the investigation into a finding.

Members
Status
Type: string

The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

The allowed values are the following.

  • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases:

    • RecordState changes from ARCHIVED to ACTIVE.

    • ComplianceStatus changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.

  • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.

  • SUPPRESSED - Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.

  • RESOLVED - The finding was reviewed and remediated and is now considered resolved.

WorkflowUpdate

Description

Used to update information about the investigation into the finding.

Members
Status
Type: string

The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

The allowed values are the following.

  • NEW - The initial state of a finding, before it is reviewed.

    Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:

    • The record state changes from ARCHIVED to ACTIVE.

    • The compliance status changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.

  • NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.

  • RESOLVED - The finding was reviewed and remediated and is now considered resolved.

  • SUPPRESSED - Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.