From 41c8c546c3f76f602c4f330a66108e1146700698 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 27 Sep 2024 18:33:46 +0000 Subject: [PATCH 1/3] Update to latest models --- .../api-change-customerprofiles-34492.json | 5 + .../api-change-quicksight-15546.json | 5 + .../api-change-securityhub-36527.json | 5 + .../next-release/api-change-sesv2-14853.json | 5 + .../2020-08-15/service-2.json | 18 ++- .../data/quicksight/2018-04-01/service-2.json | 111 ++++++++++++++++++ .../securityhub/2018-10-26/service-2.json | 102 ++++++++-------- botocore/data/sesv2/2019-09-27/service-2.json | 16 ++- 8 files changed, 214 insertions(+), 53 deletions(-) create mode 100644 .changes/next-release/api-change-customerprofiles-34492.json create mode 100644 .changes/next-release/api-change-quicksight-15546.json create mode 100644 .changes/next-release/api-change-securityhub-36527.json create mode 100644 .changes/next-release/api-change-sesv2-14853.json diff --git a/.changes/next-release/api-change-customerprofiles-34492.json b/.changes/next-release/api-change-customerprofiles-34492.json new file mode 100644 index 0000000000..955109bfff --- /dev/null +++ b/.changes/next-release/api-change-customerprofiles-34492.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``customer-profiles``", + "description": "Introduces optional RoleArn parameter for PutIntegration request and includes RoleArn in the response of PutIntegration, GetIntegration and ListIntegrations" +} diff --git a/.changes/next-release/api-change-quicksight-15546.json b/.changes/next-release/api-change-quicksight-15546.json new file mode 100644 index 0000000000..4cf77abca5 --- /dev/null +++ b/.changes/next-release/api-change-quicksight-15546.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``quicksight``", + "description": "Adding personalization in QuickSight data stories. Admins can enable or disable personalization through QuickSight settings." +} diff --git a/.changes/next-release/api-change-securityhub-36527.json b/.changes/next-release/api-change-securityhub-36527.json new file mode 100644 index 0000000000..271afbb265 --- /dev/null +++ b/.changes/next-release/api-change-securityhub-36527.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``securityhub``", + "description": "Documentation updates for AWS Security Hub" +} diff --git a/.changes/next-release/api-change-sesv2-14853.json b/.changes/next-release/api-change-sesv2-14853.json new file mode 100644 index 0000000000..1f7d742e79 --- /dev/null +++ b/.changes/next-release/api-change-sesv2-14853.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``sesv2``", + "description": "This release adds support for engagement tracking over Https using custom domains." +} diff --git a/botocore/data/customer-profiles/2020-08-15/service-2.json b/botocore/data/customer-profiles/2020-08-15/service-2.json index eabe1e22f2..147591d3e5 100644 --- a/botocore/data/customer-profiles/2020-08-15/service-2.json +++ b/botocore/data/customer-profiles/2020-08-15/service-2.json @@ -2844,6 +2844,10 @@ "IsUnstructured":{ "shape":"optionalBoolean", "documentation":"

Boolean that shows if the Flow that's associated with the Integration is created in Amazon Appflow, or with ObjectTypeName equals _unstructured via API/CLI in flowDefinition.

" + }, + "RoleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.

" } } }, @@ -3710,6 +3714,10 @@ "IsUnstructured":{ "shape":"optionalBoolean", "documentation":"

Boolean that shows if the Flow that's associated with the Integration is created in Amazon Appflow, or with ObjectTypeName equals _unstructured via API/CLI in flowDefinition.

" + }, + "RoleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.

" } }, "documentation":"

An integration in list of integrations.

" @@ -4579,6 +4587,10 @@ "ObjectTypeNames":{ "shape":"ObjectTypeNames", "documentation":"

A map in which each key is an event type from an external application such as Segment or Shopify, and each value is an ObjectTypeName (template) used to ingest the event. It supports the following event types: SegmentIdentify, ShopifyCreateCustomers, ShopifyUpdateCustomers, ShopifyCreateDraftOrders, ShopifyUpdateDraftOrders, ShopifyCreateOrders, and ShopifyUpdatedOrders.

" + }, + "RoleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.

" } } }, @@ -4626,6 +4638,10 @@ "IsUnstructured":{ "shape":"optionalBoolean", "documentation":"

Boolean that shows if the Flow that's associated with the Integration is created in Amazon Appflow, or with ObjectTypeName equals _unstructured via API/CLI in flowDefinition.

" + }, + "RoleArn":{ + "shape":"RoleArn", + "documentation":"

The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.

" } } }, @@ -6030,5 +6046,5 @@ "pattern":"[a-f0-9]{32}" } }, - "documentation":"Amazon Connect Customer Profiles

Amazon Connect Customer Profiles is a unified customer profile for your contact center that has pre-built connectors powered by AppFlow that make it easy to combine customer information from third party applications, such as Salesforce (CRM), ServiceNow (ITSM), and your enterprise resource planning (ERP), with contact history from your Amazon Connect contact center.

For more information about the Amazon Connect Customer Profiles feature, see Use Customer Profiles in the Amazon Connect Administrator's Guide.

" + "documentation":"Amazon Connect Customer Profiles

Amazon Connect Customer Profiles is a unified customer profile for your contact center that has pre-built connectors powered by AppFlow that make it easy to combine customer information from third party applications, such as Salesforce (CRM), ServiceNow (ITSM), and your enterprise resource planning (ERP), with contact history from your Amazon Connect contact center.

For more information about the Amazon Connect Customer Profiles feature, see Use Customer Profiles in the Amazon Connect Administrator's Guide.

" } diff --git a/botocore/data/quicksight/2018-04-01/service-2.json b/botocore/data/quicksight/2018-04-01/service-2.json index a4ccd6ae7d..ee1235c532 100644 --- a/botocore/data/quicksight/2018-04-01/service-2.json +++ b/botocore/data/quicksight/2018-04-01/service-2.json @@ -1492,6 +1492,24 @@ ], "documentation":"

Describes the current namespace.

" }, + "DescribeQPersonalizationConfiguration":{ + "name":"DescribeQPersonalizationConfiguration", + "http":{ + "method":"GET", + "requestUri":"/accounts/{AwsAccountId}/q-personalization-configuration" + }, + "input":{"shape":"DescribeQPersonalizationConfigurationRequest"}, + "output":{"shape":"DescribeQPersonalizationConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"} + ], + "documentation":"

Describes a personalization configuration.

" + }, "DescribeRefreshSchedule":{ "name":"DescribeRefreshSchedule", "http":{ @@ -3073,6 +3091,25 @@ ], "documentation":"

Use the UpdatePublicSharingSettings operation to turn on or turn off the public sharing settings of an Amazon QuickSight dashboard.

To use this operation, turn on session capacity pricing for your Amazon QuickSight account.

Before you can turn on public sharing on your account, make sure to give public sharing permissions to an administrative user in the Identity and Access Management (IAM) console. For more information on using IAM with Amazon QuickSight, see Using Amazon QuickSight with IAM in the Amazon QuickSight User Guide.

" }, + "UpdateQPersonalizationConfiguration":{ + "name":"UpdateQPersonalizationConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/accounts/{AwsAccountId}/q-personalization-configuration" + }, + "input":{"shape":"UpdateQPersonalizationConfigurationRequest"}, + "output":{"shape":"UpdateQPersonalizationConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalFailureException"}, + {"shape":"ResourceUnavailableException"} + ], + "documentation":"

Updates a personalization configuration.

" + }, "UpdateRefreshSchedule":{ "name":"UpdateRefreshSchedule", "http":{ @@ -14520,6 +14557,36 @@ } } }, + "DescribeQPersonalizationConfigurationRequest":{ + "type":"structure", + "required":["AwsAccountId"], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

The ID of the Amazon Web Services account that contains the personalization configuration that the user wants described.

", + "location":"uri", + "locationName":"AwsAccountId" + } + } + }, + "DescribeQPersonalizationConfigurationResponse":{ + "type":"structure", + "members":{ + "PersonalizationMode":{ + "shape":"PersonalizationMode", + "documentation":"

A value that indicates whether personalization is enabled or not.

" + }, + "RequestId":{ + "shape":"String", + "documentation":"

The Amazon Web Services request ID for this operation.

" + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

The HTTP status of the request.

", + "location":"statusCode" + } + } + }, "DescribeRefreshScheduleRequest":{ "type":"structure", "required":[ @@ -23390,6 +23457,13 @@ "max":1000, "min":1 }, + "PersonalizationMode":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "PhysicalTable":{ "type":"structure", "members":{ @@ -32461,6 +32535,43 @@ } } }, + "UpdateQPersonalizationConfigurationRequest":{ + "type":"structure", + "required":[ + "AwsAccountId", + "PersonalizationMode" + ], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"

The ID of the Amazon Web Services account account that contains the personalization configuration that the user wants to update.

", + "location":"uri", + "locationName":"AwsAccountId" + }, + "PersonalizationMode":{ + "shape":"PersonalizationMode", + "documentation":"

An option to allow Amazon QuickSight to customize data stories with user specific metadata, specifically location and job information, in your IAM Identity Center instance.

" + } + } + }, + "UpdateQPersonalizationConfigurationResponse":{ + "type":"structure", + "members":{ + "PersonalizationMode":{ + "shape":"PersonalizationMode", + "documentation":"

The personalization mode that is used for the personalization configuration.

" + }, + "RequestId":{ + "shape":"String", + "documentation":"

The Amazon Web Services request ID for this operation.

" + }, + "Status":{ + "shape":"StatusCode", + "documentation":"

The HTTP status of the request.

", + "location":"statusCode" + } + } + }, "UpdateRefreshScheduleRequest":{ "type":"structure", "required":[ diff --git a/botocore/data/securityhub/2018-10-26/service-2.json b/botocore/data/securityhub/2018-10-26/service-2.json index c24a2fb450..de3aa366fd 100644 --- a/botocore/data/securityhub/2018-10-26/service-2.json +++ b/botocore/data/securityhub/2018-10-26/service-2.json @@ -29,7 +29,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidAccessException"} ], - "documentation":"

Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.

This operation is only used by member accounts that are not added through Organizations.

When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.

" + "documentation":"

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.

This operation is only used by member accounts that are not added through Organizations.

When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.

" }, "AcceptInvitation":{ "name":"AcceptInvitation", @@ -216,7 +216,7 @@ {"shape":"LimitExceededException"}, {"shape":"InvalidAccessException"} ], - "documentation":"

Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.

Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding.

Administrator and member accounts can use BatchUpdateFindings to update the following finding fields and objects.

You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the Security Hub User Guide.

" + "documentation":"

Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.

Updates from BatchUpdateFindings don't affect the value of UpdatedAt for a finding.

Administrator and member accounts can use BatchUpdateFindings to update the following finding fields and objects.

You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the Security Hub User Guide.

" }, "BatchUpdateStandardsControlAssociations":{ "name":"BatchUpdateStandardsControlAssociations", @@ -302,7 +302,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InvalidInputException"} ], - "documentation":"

Used to enable finding aggregation. Must be called from the aggregation Region.

For more details about cross-Region replication, see Configuring finding aggregation in the Security Hub User Guide.

" + "documentation":"

The aggregation Region is now called the home Region.

Used to enable cross-Region aggregation. This operation can be invoked from the home Region only.

For information about how cross-Region aggregation works, see Understanding cross-Region aggregation in Security Hub in the Security Hub User Guide.

" }, "CreateInsight":{ "name":"CreateInsight", @@ -337,7 +337,7 @@ {"shape":"ResourceConflictException"}, {"shape":"AccessDeniedException"} ], - "documentation":"

Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.

CreateMembers is always used to add accounts that are not organization members.

For accounts that are managed using Organizations, CreateMembers is only used in the following cases:

This action can only be used by an account that has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.

For accounts that are not organization members, you create the account association and then send an invitation to the member account. To send the invitation, you use the InviteMembers operation. If the account owner accepts the invitation, the account becomes a member account in Security Hub.

Accounts that are managed using Organizations do not receive an invitation. They automatically become a member account in Security Hub.

A permissions policy is added that permits the administrator account to view the findings generated in the member account.

To remove the association between the administrator and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.

" + "documentation":"

Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.

CreateMembers is always used to add accounts that are not organization members.

For accounts that are managed using Organizations, CreateMembers is only used in the following cases:

This action can only be used by an account that has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.

For accounts that are not organization members, you create the account association and then send an invitation to the member account. To send the invitation, you use the InviteMembers operation. If the account owner accepts the invitation, the account becomes a member account in Security Hub.

Accounts that are managed using Organizations don't receive an invitation. They automatically become a member account in Security Hub.

A permissions policy is added that permits the administrator account to view the findings generated in the member account.

To remove the association between the administrator and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.

" }, "DeclineInvitations":{ "name":"DeclineInvitations", @@ -353,7 +353,7 @@ {"shape":"InvalidAccessException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Declines invitations to become a member account.

A prospective member account uses this operation to decline an invitation to become a member.

This operation is only called by member accounts that aren't part of an organization. Organization accounts don't receive invitations.

" + "documentation":"

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Declines invitations to become a Security Hub member account.

A prospective member account uses this operation to decline an invitation to become a member.

Only member accounts that aren't part of an Amazon Web Services organization should use this operation. Organization accounts don't receive invitations.

" }, "DeleteActionTarget":{ "name":"DeleteActionTarget", @@ -406,7 +406,7 @@ {"shape":"InvalidInputException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Deletes a finding aggregator. When you delete the finding aggregator, you stop finding aggregation.

When you stop finding aggregation, findings that were already aggregated to the aggregation Region are still visible from the aggregation Region. New findings and finding updates are not aggregated.

" + "documentation":"

The aggregation Region is now called the home Region.

Deletes a finding aggregator. When you delete the finding aggregator, you stop cross-Region aggregation. Finding replication stops occurring from the linked Regions to the home Region.

When you stop cross-Region aggregation, findings that were already replicated and sent to the home Region are still visible from the home Region. However, new findings and finding updates are no longer replicated and sent to the home Region.

" }, "DeleteInsight":{ "name":"DeleteInsight", @@ -440,7 +440,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidAccessException"} ], - "documentation":"

Deletes invitations received by the Amazon Web Services account to become a member account.

A Security Hub administrator account can use this operation to delete invitations sent to one or more member accounts.

This operation is only used to delete invitations that are sent to member accounts that aren't part of an organization. Organization accounts don't receive invitations.

" + "documentation":"

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Deletes invitations to become a Security Hub member account.

A Security Hub administrator account can use this operation to delete invitations sent to one or more prospective member accounts.

This operation is only used to delete invitations that are sent to prospective member accounts that aren't part of an Amazon Web Services organization. Organization accounts don't receive invitations.

" }, "DeleteMembers":{ "name":"DeleteMembers", @@ -522,7 +522,7 @@ {"shape":"InvalidAccessException"}, {"shape":"InvalidInputException"} ], - "documentation":"

Returns information about product integrations in Security Hub.

You can optionally provide an integration ARN. If you provide an integration ARN, then the results only include that integration.

If you do not provide an integration ARN, then the results include all of the available product integrations.

" + "documentation":"

Returns information about product integrations in Security Hub.

You can optionally provide an integration ARN. If you provide an integration ARN, then the results only include that integration.

If you don't provide an integration ARN, then the results include all of the available product integrations.

" }, "DescribeStandards":{ "name":"DescribeStandards", @@ -796,7 +796,7 @@ {"shape":"InvalidInputException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Returns the current finding aggregation configuration.

" + "documentation":"

The aggregation Region is now called the home Region.

Returns the current configuration in the calling account for cross-Region aggregation. A finding aggregator is a resource that establishes the home Region and any linked Regions.

" }, "GetFindingHistory":{ "name":"GetFindingHistory", @@ -828,7 +828,7 @@ {"shape":"InvalidAccessException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Returns a list of findings that match the specified criteria.

If finding aggregation is enabled, then when you call GetFindings from the aggregation Region, the results include all of the matching findings from both the aggregation Region and the linked Regions.

" + "documentation":"

Returns a list of findings that match the specified criteria.

If cross-Region aggregation is enabled, then when you call GetFindings from the home Region, the results include all of the matching findings from both the home Region and linked Regions.

" }, "GetInsightResults":{ "name":"GetInsightResults", @@ -878,7 +878,7 @@ {"shape":"InvalidAccessException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.

" + "documentation":"

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Returns the count of all Security Hub membership invitations that were sent to the calling member account, not including the currently accepted invitation.

" }, "GetMasterAccount":{ "name":"GetMasterAccount", @@ -948,7 +948,7 @@ {"shape":"LimitExceededException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that the invitation is sent from.

This operation is only used to invite accounts that do not belong to an organization. Organization accounts do not receive invitations.

Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub.

When the account owner enables Security Hub and accepts the invitation to become a member account, the administrator account can view the findings generated from the member account.

" + "documentation":"

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that the invitation is sent from.

This operation is only used to invite accounts that don't belong to an Amazon Web Services organization. Organization accounts don't receive invitations.

Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub.

When the account owner enables Security Hub and accepts the invitation to become a member account, the administrator account can view the findings generated in the member account.

" }, "ListAutomationRules":{ "name":"ListAutomationRules", @@ -1032,7 +1032,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InvalidInputException"} ], - "documentation":"

If finding aggregation is enabled, then ListFindingAggregators returns the ARN of the finding aggregator. You can run this operation from any Region.

" + "documentation":"

If cross-Region aggregation is enabled, then ListFindingAggregators returns the Amazon Resource Name (ARN) of the finding aggregator. You can run this operation from any Amazon Web Services Region.

" }, "ListInvitations":{ "name":"ListInvitations", @@ -1048,7 +1048,7 @@ {"shape":"InvalidAccessException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Lists all Security Hub membership invitations that were sent to the current Amazon Web Services account.

This operation is only used by accounts that are managed by invitation. Accounts that are managed using the integration with Organizations do not receive invitations.

" + "documentation":"

We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.

Lists all Security Hub membership invitations that were sent to the calling account.

Only accounts that are managed by invitation can use this operation. Accounts that are managed using the integration with Organizations don't receive invitations.

" }, "ListMembers":{ "name":"ListMembers", @@ -1247,7 +1247,7 @@ {"shape":"InvalidInputException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Updates the finding aggregation configuration. Used to update the Region linking mode and the list of included or excluded Regions. You cannot use UpdateFindingAggregator to change the aggregation Region.

You must run UpdateFindingAggregator from the current aggregation Region.

" + "documentation":"

The aggregation Region is now called the home Region.

Updates cross-Region aggregation settings. You can use this operation to update the Region linking mode and the list of included or excluded Amazon Web Services Regions. However, you can't use this operation to change the home Region.

You can invoke this operation from the current home Region only.

" }, "UpdateFindings":{ "name":"UpdateFindings", @@ -1725,14 +1725,14 @@ "members":{ "Type":{ "shape":"AutomationRulesActionType", - "documentation":"

Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the Security Hub User Guide.

" + "documentation":"

Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.

" }, "FindingFieldsUpdate":{ "shape":"AutomationRulesFindingFieldsUpdate", "documentation":"

Specifies that the automation rule action is an update to a finding field.

" } }, - "documentation":"

One or more actions to update finding fields if a finding matches the defined criteria of the rule.

" + "documentation":"

One or more actions that Security Hub takes when a finding matches the defined criteria of a rule.

" }, "AutomationRulesActionType":{ "type":"string", @@ -1908,7 +1908,7 @@ }, "ResourceId":{ "shape":"StringFilterList", - "documentation":"

The identifier for the given resource type. For Amazon Web Services resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, this is the identifier as defined by the Amazon Web Servicesservice that created the resource. For non-Amazon Web Services resources, this is a unique identifier that is associated with the resource.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

" + "documentation":"

The identifier for the given resource type. For Amazon Web Services resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, this is the identifier as defined by the Amazon Web Services service that created the resource. For non-Amazon Web Services resources, this is a unique identifier that is associated with the resource.

Array Members: Minimum number of 1 item. Maximum number of 100 items.

" }, "ResourcePartition":{ "shape":"StringFilterList", @@ -3292,7 +3292,7 @@ }, "Lifecycle":{ "shape":"AwsBackupBackupPlanLifecycleDetails", - "documentation":"

Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you do not specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.

" + "documentation":"

Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you don't specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.

" } }, "documentation":"

An array of CopyAction objects, each of which contains details of the copy operation.

" @@ -3338,7 +3338,7 @@ }, "Lifecycle":{ "shape":"AwsBackupBackupPlanLifecycleDetails", - "documentation":"

Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you do not specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.

" + "documentation":"

Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you don't specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.

" } }, "documentation":"

Provides details about an array of BackupRule objects, each of which specifies a scheduled task that is used to back up a selection of resources.

" @@ -3360,7 +3360,7 @@ }, "EncryptionKeyArn":{ "shape":"NonEmptyString", - "documentation":"

The unique ARN associated with the server-side encryption key. You can specify a key to encrypt your backups from services that support full Backup management. If you do not specify a key, Backup creates an KMS key for you by default.

" + "documentation":"

The unique ARN associated with the server-side encryption key. You can specify a key to encrypt your backups from services that support full Backup management. If you don't specify a key, Backup creates an KMS key for you by default.

" }, "Notifications":{ "shape":"AwsBackupBackupVaultNotificationsDetails", @@ -7636,7 +7636,7 @@ }, "SchedulingStrategy":{ "shape":"NonEmptyString", - "documentation":"

The scheduling strategy to use for the service.

The REPLICA scheduling strategy places and maintains the desired number of tasks across the cluster. By default, the service scheduler spreads tasks across Availability Zones. Task placement strategies and constraints are used to customize task placement decisions.

The DAEMON scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that are specified in the cluster. The service scheduler also evaluates the task placement constraints for running tasks and stops tasks that do not meet the placement constraints.

Valid values: REPLICA | DAEMON

" + "documentation":"

The scheduling strategy to use for the service.

The REPLICA scheduling strategy places and maintains the desired number of tasks across the cluster. By default, the service scheduler spreads tasks across Availability Zones. Task placement strategies and constraints are used to customize task placement decisions.

The DAEMON scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that are specified in the cluster. The service scheduler also evaluates the task placement constraints for running tasks and stops tasks that don't meet the placement constraints.

Valid values: REPLICA | DAEMON

" }, "ServiceArn":{ "shape":"NonEmptyString", @@ -11610,7 +11610,7 @@ }, "DBName":{ "shape":"NonEmptyString", - "documentation":"

The meaning of this parameter differs according to the database engine you use.

MySQL, MariaDB, SQL Server, PostgreSQL

Contains the name of the initial database of this instance that was provided at create time, if one was specified when the DB instance was created. This same name is returned for the life of the DB instance.

Oracle

Contains the Oracle System ID (SID) of the created DB instance. Not shown when the returned parameters do not apply to an Oracle DB instance.

" + "documentation":"

The meaning of this parameter differs according to the database engine you use.

MySQL, MariaDB, SQL Server, PostgreSQL

Contains the name of the initial database of this instance that was provided at create time, if one was specified when the DB instance was created. This same name is returned for the life of the DB instance.

Oracle

Contains the Oracle System ID (SID) of the created DB instance. Not shown when the returned parameters don't apply to an Oracle DB instance.

" }, "DeletionProtection":{ "shape":"Boolean", @@ -14209,7 +14209,7 @@ }, "WorkflowStatus":{ "shape":"StringFilterList", - "documentation":"

The status of the investigation into a finding. Allowed values are the following.

" + "documentation":"

The status of the investigation into a finding. Allowed values are the following.

" }, "RecordState":{ "shape":"StringFilterList", @@ -14275,7 +14275,7 @@ }, "ComplianceSecurityControlId":{ "shape":"StringFilterList", - "documentation":"

The unique identifier of a control across standards. Values for this field typically consist of an Amazon Web Servicesservice and a number, such as APIGateway.5.

" + "documentation":"

The unique identifier of a control across standards. Values for this field typically consist of an Amazon Web Services service and a number, such as APIGateway.5.

" }, "ComplianceAssociatedStandardsId":{ "shape":"StringFilterList", @@ -15035,11 +15035,11 @@ }, "OverrideAction":{ "shape":"WafOverrideAction", - "documentation":"

Use the OverrideAction to test your RuleGroup.

Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to None, the RuleGroup blocks a request if any individual rule in the RuleGroup matches the request and is configured to block that request.

However, if you first want to test the RuleGroup, set the OverrideAction to Count. The RuleGroup then overrides any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests are counted.

ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a web ACL. In this case you do not use ActivatedRule Action. For all other update requests, ActivatedRule Action is used instead of ActivatedRule OverrideAction.

" + "documentation":"

Use the OverrideAction to test your RuleGroup.

Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to None, the RuleGroup blocks a request if any individual rule in the RuleGroup matches the request and is configured to block that request.

However, if you first want to test the RuleGroup, set the OverrideAction to Count. The RuleGroup then overrides any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests are counted.

ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a web ACL. In this case you don't use ActivatedRule Action. For all other update requests, ActivatedRule Action is used instead of ActivatedRule OverrideAction.

" }, "Priority":{ "shape":"Integer", - "documentation":"

Specifies the order in which the rules in a web ACL are evaluated. Rules with a lower value for Priority are evaluated before rules with a higher value. The value must be a unique integer. If you add multiple rules to a web ACL, the values do not need to be consecutive.

" + "documentation":"

Specifies the order in which the rules in a web ACL are evaluated. Rules with a lower value for Priority are evaluated before rules with a higher value. The value must be a unique integer. If you add multiple rules to a web ACL, the values don't need to be consecutive.

" }, "RuleId":{ "shape":"NonEmptyString", @@ -15857,7 +15857,7 @@ }, "SecurityControlId":{ "shape":"NonEmptyString", - "documentation":"

Typically provides the unique identifier of a control across standards. For Security Hub controls, this field consists of an Amazon Web Servicesservice and a unique number, such as APIGateway.5.

" + "documentation":"

Typically provides the unique identifier of a control across standards. For Security Hub controls, this field consists of an Amazon Web Services service and a unique number, such as APIGateway.5.

" }, "AssociatedStandards":{ "shape":"AssociatedStandardsList", @@ -16231,7 +16231,7 @@ }, "Regions":{ "shape":"StringList", - "documentation":"

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.

An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.

" + "documentation":"

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do replicate and send findings to the home Region.

An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.

" } } }, @@ -16240,11 +16240,11 @@ "members":{ "FindingAggregatorArn":{ "shape":"NonEmptyString", - "documentation":"

The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop finding aggregation.

" + "documentation":"

The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop cross-Region aggregation.

" }, "FindingAggregationRegion":{ "shape":"NonEmptyString", - "documentation":"

The aggregation Region.

" + "documentation":"

The home Region. Findings generated in linked Regions are replicated and sent to the home Region.

" }, "RegionLinkingMode":{ "shape":"NonEmptyString", @@ -16926,7 +16926,7 @@ }, "EnableDefaultStandards":{ "shape":"Boolean", - "documentation":"

Whether to enable the security standards that Security Hub has designated as automatically enabled. If you do not provide a value for EnableDefaultStandards, it is set to true. To not enable the automatically enabled standards, set EnableDefaultStandards to false.

" + "documentation":"

Whether to enable the security standards that Security Hub has designated as automatically enabled. If you don't provide a value for EnableDefaultStandards, it is set to true. To not enable the automatically enabled standards, set EnableDefaultStandards to false.

" }, "ControlFindingGenerator":{ "shape":"ControlFindingGenerator", @@ -17018,7 +17018,7 @@ "documentation":"

The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and delete the finding aggregator.

" } }, - "documentation":"

A finding aggregator. A finding aggregator contains the configuration for finding aggregation.

" + "documentation":"

A finding aggregator is a Security Hub resource that specifies cross-Region aggregation settings, including the home Region and any linked Regions.

" }, "FindingAggregatorList":{ "type":"list", @@ -17038,7 +17038,7 @@ }, "UpdateSource":{ "shape":"FindingHistoryUpdateSource", - "documentation":"

Identifies the source of the event that changed the finding. For example, an integrated Amazon Web Servicesservice or third-party partner integration may call BatchImportFindings , or an Security Hub customer may call BatchUpdateFindings .

" + "documentation":"

Identifies the source of the event that changed the finding. For example, an integrated Amazon Web Services service or third-party partner integration may call BatchImportFindings , or an Security Hub customer may call BatchUpdateFindings .

" }, "Updates":{ "shape":"FindingHistoryUpdatesList", @@ -17078,7 +17078,7 @@ "members":{ "Type":{ "shape":"FindingHistoryUpdateSourceType", - "documentation":"

Describes the type of finding change event, such as a call to BatchImportFindings (by an integrated Amazon Web Servicesservice or third party partner integration) or BatchUpdateFindings (by a Security Hub customer).

" + "documentation":"

Describes the type of finding change event, such as a call to BatchImportFindings (by an integrated Amazon Web Services service or third party partner integration) or BatchUpdateFindings (by a Security Hub customer).

" }, "Identity":{ "shape":"NonEmptyString", @@ -17396,7 +17396,7 @@ }, "FindingAggregationRegion":{ "shape":"NonEmptyString", - "documentation":"

The aggregation Region.

" + "documentation":"

The home Region. Findings generated in linked Regions are replicated and sent to the home Region.

" }, "RegionLinkingMode":{ "shape":"NonEmptyString", @@ -17506,7 +17506,7 @@ "members":{ "InsightArns":{ "shape":"ArnList", - "documentation":"

The ARNs of the insights to describe. If you do not provide any insight ARNs, then GetInsights returns all of your custom insights. It does not return any managed insights.

" + "documentation":"

The ARNs of the insights to describe. If you don't provide any insight ARNs, then GetInsights returns all of your custom insights. It does not return any managed insights.

" }, "NextToken":{ "shape":"NextToken", @@ -18885,7 +18885,7 @@ "members":{ "SecurityHub":{ "shape":"SecurityHubPolicy", - "documentation":"

The Amazon Web Servicesservice that the configuration policy applies to.

" + "documentation":"

The Amazon Web Services service that the configuration policy applies to.

" } }, "documentation":"

An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

", @@ -19680,7 +19680,7 @@ }, "DestinationPrefixListId":{ "shape":"NonEmptyString", - "documentation":"

The prefix of the destination Amazon Web Servicesservice.

" + "documentation":"

The prefix of the destination Amazon Web Services service.

" }, "EgressOnlyInternetGatewayId":{ "shape":"NonEmptyString", @@ -20101,7 +20101,7 @@ "members":{ "SecurityControlId":{ "shape":"NonEmptyString", - "documentation":"

The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a number, such as APIGateway.3.

" + "documentation":"

The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number, such as APIGateway.3.

" }, "SecurityControlArn":{ "shape":"NonEmptyString", @@ -20173,7 +20173,7 @@ "members":{ "SecurityControlId":{ "shape":"NonEmptyString", - "documentation":"

The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).

" + "documentation":"

The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).

" }, "Title":{ "shape":"NonEmptyString", @@ -20329,11 +20329,11 @@ }, "Label":{ "shape":"SeverityLabel", - "documentation":"

The severity value of the finding. The allowed values are the following.

If you provide Normalized and do not provide Label, then Label is set automatically as follows.

" + "documentation":"

The severity value of the finding. The allowed values are the following.

If you provide Normalized and don't provide Label, then Label is set automatically as follows.

" }, "Normalized":{ "shape":"Integer", - "documentation":"

Deprecated. The normalized severity of a finding. Instead of providing Normalized, provide Label.

The value of Normalized can be an integer between 0 and 100.

If you provide Label and do not provide Normalized, then Normalized is set automatically as follows.

" + "documentation":"

Deprecated. The normalized severity of a finding. Instead of providing Normalized, provide Label.

The value of Normalized can be an integer between 0 and 100.

If you provide Label and don't provide Normalized, then Normalized is set automatically as follows.

" }, "Original":{ "shape":"NonEmptyString", @@ -20366,7 +20366,7 @@ "members":{ "Normalized":{ "shape":"RatioScale", - "documentation":"

The normalized severity for the finding. This attribute is to be deprecated in favor of Label.

If you provide Normalized and do not provide Label, Label is set automatically as follows.

" + "documentation":"

The normalized severity for the finding. This attribute is to be deprecated in favor of Label.

If you provide Normalized and don't provide Label, Label is set automatically as follows.

" }, "Product":{ "shape":"Double", @@ -20554,7 +20554,7 @@ }, "SecurityControlId":{ "shape":"NonEmptyString", - "documentation":"

The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a number, such as APIGateway.3.

" + "documentation":"

The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number, such as APIGateway.3.

" }, "SecurityControlArn":{ "shape":"NonEmptyString", @@ -20636,7 +20636,7 @@ }, "SecurityControlId":{ "shape":"NonEmptyString", - "documentation":"

A unique standard-agnostic identifier for a control. Values for this field typically consist of an Amazon Web Servicesservice and a number, such as APIGateway.5. This field doesn't reference a specific standard.

" + "documentation":"

A unique standard-agnostic identifier for a control. Values for this field typically consist of an Amazon Web Services service and a number, such as APIGateway.5. This field doesn't reference a specific standard.

" }, "SecurityControlArn":{ "shape":"NonEmptyString", @@ -21483,7 +21483,7 @@ }, "Regions":{ "shape":"StringList", - "documentation":"

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.

An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.

" + "documentation":"

If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.

If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do replicate and send findings to the home Region.

An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.

" } } }, @@ -21496,7 +21496,7 @@ }, "FindingAggregationRegion":{ "shape":"NonEmptyString", - "documentation":"

The aggregation Region.

" + "documentation":"

The home Region. Findings generated in linked Regions are replicated and sent to the home Region.

" }, "RegionLinkingMode":{ "shape":"NonEmptyString", @@ -21887,7 +21887,7 @@ "members":{ "Status":{ "shape":"WorkflowStatus", - "documentation":"

The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

The allowed values are the following.

" + "documentation":"

The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

The allowed values are the following.

" } }, "documentation":"

Provides details about the status of the investigation into a finding.

" @@ -21918,11 +21918,11 @@ "members":{ "Status":{ "shape":"WorkflowStatus", - "documentation":"

The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

The allowed values are the following.

" + "documentation":"

The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.

The allowed values are the following.

" } }, "documentation":"

Used to update information about the investigation into the finding.

" } }, - "documentation":"

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps you assess your Amazon Web Services environment against security industry standards and best practices.

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues.

To help you manage the security state of your organization, Security Hub supports multiple security standards. These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes several security controls, each of which represents a security best practice. Security Hub runs checks against security controls and generates control findings to help you assess your compliance against security best practices.

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, such as Amazon GuardDuty and Amazon Inspector, and supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products.

Security Hub offers automation features that help you triage and remediate security issues. For example, you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with Amazon EventBridge to trigger automatic responses to specific findings.

This guide, the Security Hub API Reference, provides information about the Security Hub API. This includes supported resources, HTTP methods, parameters, and schemas. If you're new to Security Hub, you might find it helpful to also review the Security Hub User Guide . The user guide explains key concepts and provides procedures that demonstrate how to use Security Hub features. It also provides information about topics such as integrating Security Hub with other Amazon Web Servicesservices.

In addition to interacting with Security Hub by making calls to the Security Hub API, you can use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools and SDKs, see Tools to Build on Amazon Web Services.

With the exception of operations that are related to central configuration, Security Hub API requests are executed only in the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, API requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of central configuration operations, see the Central configuration terms and concepts section of the Security Hub User Guide.

The following throttling limits apply to Security Hub API operations.

" + "documentation":"

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps you assess your Amazon Web Services environment against security industry standards and best practices.

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services services, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues.

To help you manage the security state of your organization, Security Hub supports multiple security standards. These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes several security controls, each of which represents a security best practice. Security Hub runs checks against security controls and generates control findings to help you assess your compliance against security best practices.

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services services, such as Amazon GuardDuty and Amazon Inspector, and supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You can also send Security Hub findings to other Amazon Web Services services and supported third-party products.

Security Hub offers automation features that help you triage and remediate security issues. For example, you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with Amazon EventBridge to trigger automatic responses to specific findings.

This guide, the Security Hub API Reference, provides information about the Security Hub API. This includes supported resources, HTTP methods, parameters, and schemas. If you're new to Security Hub, you might find it helpful to also review the Security Hub User Guide . The user guide explains key concepts and provides procedures that demonstrate how to use Security Hub features. It also provides information about topics such as integrating Security Hub with other Amazon Web Services services.

In addition to interacting with Security Hub by making calls to the Security Hub API, you can use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to Security Hub and other Amazon Web Services services . They also handle tasks such as signing requests, managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools and SDKs, see Tools to Build on Amazon Web Services.

With the exception of operations that are related to central configuration, Security Hub API requests are executed only in the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, API requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of central configuration operations, see the Central configuration terms and concepts section of the Security Hub User Guide.

The following throttling limits apply to Security Hub API operations.

" } diff --git a/botocore/data/sesv2/2019-09-27/service-2.json b/botocore/data/sesv2/2019-09-27/service-2.json index 1b2a0e9c1e..2b199fd1e9 100644 --- a/botocore/data/sesv2/2019-09-27/service-2.json +++ b/botocore/data/sesv2/2019-09-27/service-2.json @@ -4230,6 +4230,15 @@ }, "documentation":"

An object containing additional settings for your VDM configuration as applicable to the Guardian.

" }, + "HttpsPolicy":{ + "type":"string", + "documentation":"

The https policy to use for tracking open and click events. If the value is OPTIONAL or HttpsPolicy is not specified, the open trackers use HTTP and click tracker use the original protocol of the link. If the value is REQUIRE, both open and click tracker uses HTTPS and if the value is REQUIRE_OPEN_ONLY open tracker uses HTTPS and link tracker is same as original protocol of the link.

", + "enum":[ + "REQUIRE", + "REQUIRE_OPEN_ONLY", + "OPTIONAL" + ] + }, "Identity":{ "type":"string", "min":1 @@ -5702,7 +5711,8 @@ "CustomRedirectDomain":{ "shape":"CustomRedirectDomain", "documentation":"

The domain to use to track open and click events.

" - } + }, + "HttpsPolicy":{"shape":"HttpsPolicy"} }, "documentation":"

A request to add a custom domain for tracking open and click events to a configuration set.

" }, @@ -6724,6 +6734,10 @@ "CustomRedirectDomain":{ "shape":"CustomRedirectDomain", "documentation":"

The domain to use for tracking open and click events.

" + }, + "HttpsPolicy":{ + "shape":"HttpsPolicy", + "documentation":"

The https policy to use for tracking open and click events.

" } }, "documentation":"

An object that defines the tracking options for a configuration set. When you use the Amazon SES API v2 to send an email, it contains an invisible image that's used to track when recipients open your email. If your email contains links, those links are changed slightly in order to track when recipients click them.

These images and links include references to a domain operated by Amazon Web Services. You can optionally configure the Amazon SES to use a domain that you operate for these images and links.

" From 61e47ca072558cfb99acc16cdb68eb5669741d90 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 27 Sep 2024 18:33:46 +0000 Subject: [PATCH 2/3] Update endpoints model --- botocore/data/endpoints.json | 42 +++++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/botocore/data/endpoints.json b/botocore/data/endpoints.json index 092d1848c2..2f01ce98de 100644 --- a/botocore/data/endpoints.json +++ b/botocore/data/endpoints.json @@ -29169,8 +29169,32 @@ }, "ds" : { "endpoints" : { - "us-iso-east-1" : { }, - "us-iso-west-1" : { } + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "ds-fips.us-iso-east-1.c2s.ic.gov" + }, + "fips-us-iso-west-1" : { + "credentialScope" : { + "region" : "us-iso-west-1" + }, + "deprecated" : true, + "hostname" : "ds-fips.us-iso-west-1.c2s.ic.gov" + }, + "us-iso-east-1" : { + "variants" : [ { + "hostname" : "ds-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-iso-west-1" : { + "variants" : [ { + "hostname" : "ds-fips.us-iso-west-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } } }, "dynamodb" : { @@ -29990,7 +30014,19 @@ }, "ds" : { "endpoints" : { - "us-isob-east-1" : { } + "fips-us-isob-east-1" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "ds-fips.us-isob-east-1.sc2s.sgov.gov" + }, + "us-isob-east-1" : { + "variants" : [ { + "hostname" : "ds-fips.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + } ] + } } }, "dynamodb" : { From 7c6966c286d809370b406154e03e16e071803362 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 27 Sep 2024 18:34:54 +0000 Subject: [PATCH 3/3] Bumping version to 1.35.29 --- .changes/1.35.29.json | 22 +++++++++++++++++++ .../api-change-customerprofiles-34492.json | 5 ----- .../api-change-quicksight-15546.json | 5 ----- .../api-change-securityhub-36527.json | 5 ----- .../next-release/api-change-sesv2-14853.json | 5 ----- CHANGELOG.rst | 9 ++++++++ botocore/__init__.py | 2 +- docs/source/conf.py | 2 +- 8 files changed, 33 insertions(+), 22 deletions(-) create mode 100644 .changes/1.35.29.json delete mode 100644 .changes/next-release/api-change-customerprofiles-34492.json delete mode 100644 .changes/next-release/api-change-quicksight-15546.json delete mode 100644 .changes/next-release/api-change-securityhub-36527.json delete mode 100644 .changes/next-release/api-change-sesv2-14853.json diff --git a/.changes/1.35.29.json b/.changes/1.35.29.json new file mode 100644 index 0000000000..1a94c8937e --- /dev/null +++ b/.changes/1.35.29.json @@ -0,0 +1,22 @@ +[ + { + "category": "``customer-profiles``", + "description": "Introduces optional RoleArn parameter for PutIntegration request and includes RoleArn in the response of PutIntegration, GetIntegration and ListIntegrations", + "type": "api-change" + }, + { + "category": "``quicksight``", + "description": "Adding personalization in QuickSight data stories. Admins can enable or disable personalization through QuickSight settings.", + "type": "api-change" + }, + { + "category": "``securityhub``", + "description": "Documentation updates for AWS Security Hub", + "type": "api-change" + }, + { + "category": "``sesv2``", + "description": "This release adds support for engagement tracking over Https using custom domains.", + "type": "api-change" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-customerprofiles-34492.json b/.changes/next-release/api-change-customerprofiles-34492.json deleted file mode 100644 index 955109bfff..0000000000 --- a/.changes/next-release/api-change-customerprofiles-34492.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``customer-profiles``", - "description": "Introduces optional RoleArn parameter for PutIntegration request and includes RoleArn in the response of PutIntegration, GetIntegration and ListIntegrations" -} diff --git a/.changes/next-release/api-change-quicksight-15546.json b/.changes/next-release/api-change-quicksight-15546.json deleted file mode 100644 index 4cf77abca5..0000000000 --- a/.changes/next-release/api-change-quicksight-15546.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``quicksight``", - "description": "Adding personalization in QuickSight data stories. Admins can enable or disable personalization through QuickSight settings." -} diff --git a/.changes/next-release/api-change-securityhub-36527.json b/.changes/next-release/api-change-securityhub-36527.json deleted file mode 100644 index 271afbb265..0000000000 --- a/.changes/next-release/api-change-securityhub-36527.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``securityhub``", - "description": "Documentation updates for AWS Security Hub" -} diff --git a/.changes/next-release/api-change-sesv2-14853.json b/.changes/next-release/api-change-sesv2-14853.json deleted file mode 100644 index 1f7d742e79..0000000000 --- a/.changes/next-release/api-change-sesv2-14853.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``sesv2``", - "description": "This release adds support for engagement tracking over Https using custom domains." -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f424d77460..c62197fd25 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,15 @@ CHANGELOG ========= +1.35.29 +======= + +* api-change:``customer-profiles``: Introduces optional RoleArn parameter for PutIntegration request and includes RoleArn in the response of PutIntegration, GetIntegration and ListIntegrations +* api-change:``quicksight``: Adding personalization in QuickSight data stories. Admins can enable or disable personalization through QuickSight settings. +* api-change:``securityhub``: Documentation updates for AWS Security Hub +* api-change:``sesv2``: This release adds support for engagement tracking over Https using custom domains. + + 1.35.28 ======= diff --git a/botocore/__init__.py b/botocore/__init__.py index 1246061306..8a5d154c45 100644 --- a/botocore/__init__.py +++ b/botocore/__init__.py @@ -16,7 +16,7 @@ import os import re -__version__ = '1.35.28' +__version__ = '1.35.29' class NullHandler(logging.Handler): diff --git a/docs/source/conf.py b/docs/source/conf.py index 97b53adb3f..74a8dc942d 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -59,7 +59,7 @@ # The short X.Y version. version = '1.35.' # The full version, including alpha/beta/rc tags. -release = '1.35.28' +release = '1.35.29' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages.