Boolean that shows if the Flow that's associated with the Integration is created in Amazon Appflow, or with ObjectTypeName equals _unstructured via API/CLI in flowDefinition.
" + }, + "RoleArn":{ + "shape":"RoleArn", + "documentation":"The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.
" } } }, @@ -3710,6 +3714,10 @@ "IsUnstructured":{ "shape":"optionalBoolean", "documentation":"Boolean that shows if the Flow that's associated with the Integration is created in Amazon Appflow, or with ObjectTypeName equals _unstructured via API/CLI in flowDefinition.
" + }, + "RoleArn":{ + "shape":"RoleArn", + "documentation":"The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.
" } }, "documentation":"An integration in list of integrations.
" @@ -4579,6 +4587,10 @@ "ObjectTypeNames":{ "shape":"ObjectTypeNames", "documentation":"A map in which each key is an event type from an external application such as Segment or Shopify, and each value is an ObjectTypeName (template) used to ingest the event. It supports the following event types: SegmentIdentify, ShopifyCreateCustomers, ShopifyUpdateCustomers, ShopifyCreateDraftOrders, ShopifyUpdateDraftOrders, ShopifyCreateOrders, and ShopifyUpdatedOrders.
The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.
" } } }, @@ -4626,6 +4638,10 @@ "IsUnstructured":{ "shape":"optionalBoolean", "documentation":"Boolean that shows if the Flow that's associated with the Integration is created in Amazon Appflow, or with ObjectTypeName equals _unstructured via API/CLI in flowDefinition.
" + }, + "RoleArn":{ + "shape":"RoleArn", + "documentation":"The Amazon Resource Name (ARN) of the IAM role. The Integration uses this role to make Customer Profiles requests on your behalf.
" } } }, @@ -6030,5 +6046,5 @@ "pattern":"[a-f0-9]{32}" } }, - "documentation":"Amazon Connect Customer Profiles is a unified customer profile for your contact center that has pre-built connectors powered by AppFlow that make it easy to combine customer information from third party applications, such as Salesforce (CRM), ServiceNow (ITSM), and your enterprise resource planning (ERP), with contact history from your Amazon Connect contact center.
For more information about the Amazon Connect Customer Profiles feature, see Use Customer Profiles in the Amazon Connect Administrator's Guide.
" + "documentation":"Amazon Connect Customer Profiles is a unified customer profile for your contact center that has pre-built connectors powered by AppFlow that make it easy to combine customer information from third party applications, such as Salesforce (CRM), ServiceNow (ITSM), and your enterprise resource planning (ERP), with contact history from your Amazon Connect contact center.
For more information about the Amazon Connect Customer Profiles feature, see Use Customer Profiles in the Amazon Connect Administrator's Guide.
" } diff --git a/botocore/data/endpoints.json b/botocore/data/endpoints.json index 092d1848c2..2f01ce98de 100644 --- a/botocore/data/endpoints.json +++ b/botocore/data/endpoints.json @@ -29169,8 +29169,32 @@ }, "ds" : { "endpoints" : { - "us-iso-east-1" : { }, - "us-iso-west-1" : { } + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "ds-fips.us-iso-east-1.c2s.ic.gov" + }, + "fips-us-iso-west-1" : { + "credentialScope" : { + "region" : "us-iso-west-1" + }, + "deprecated" : true, + "hostname" : "ds-fips.us-iso-west-1.c2s.ic.gov" + }, + "us-iso-east-1" : { + "variants" : [ { + "hostname" : "ds-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-iso-west-1" : { + "variants" : [ { + "hostname" : "ds-fips.us-iso-west-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } } }, "dynamodb" : { @@ -29990,7 +30014,19 @@ }, "ds" : { "endpoints" : { - "us-isob-east-1" : { } + "fips-us-isob-east-1" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "ds-fips.us-isob-east-1.sc2s.sgov.gov" + }, + "us-isob-east-1" : { + "variants" : [ { + "hostname" : "ds-fips.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + } ] + } } }, "dynamodb" : { diff --git a/botocore/data/quicksight/2018-04-01/service-2.json b/botocore/data/quicksight/2018-04-01/service-2.json index a4ccd6ae7d..ee1235c532 100644 --- a/botocore/data/quicksight/2018-04-01/service-2.json +++ b/botocore/data/quicksight/2018-04-01/service-2.json @@ -1492,6 +1492,24 @@ ], "documentation":"Describes the current namespace.
" }, + "DescribeQPersonalizationConfiguration":{ + "name":"DescribeQPersonalizationConfiguration", + "http":{ + "method":"GET", + "requestUri":"/accounts/{AwsAccountId}/q-personalization-configuration" + }, + "input":{"shape":"DescribeQPersonalizationConfigurationRequest"}, + "output":{"shape":"DescribeQPersonalizationConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"} + ], + "documentation":"Describes a personalization configuration.
" + }, "DescribeRefreshSchedule":{ "name":"DescribeRefreshSchedule", "http":{ @@ -3073,6 +3091,25 @@ ], "documentation":"Use the UpdatePublicSharingSettings operation to turn on or turn off the public sharing settings of an Amazon QuickSight dashboard.
To use this operation, turn on session capacity pricing for your Amazon QuickSight account.
Before you can turn on public sharing on your account, make sure to give public sharing permissions to an administrative user in the Identity and Access Management (IAM) console. For more information on using IAM with Amazon QuickSight, see Using Amazon QuickSight with IAM in the Amazon QuickSight User Guide.
" }, + "UpdateQPersonalizationConfiguration":{ + "name":"UpdateQPersonalizationConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/accounts/{AwsAccountId}/q-personalization-configuration" + }, + "input":{"shape":"UpdateQPersonalizationConfigurationRequest"}, + "output":{"shape":"UpdateQPersonalizationConfigurationResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalFailureException"}, + {"shape":"ResourceUnavailableException"} + ], + "documentation":"Updates a personalization configuration.
" + }, "UpdateRefreshSchedule":{ "name":"UpdateRefreshSchedule", "http":{ @@ -14520,6 +14557,36 @@ } } }, + "DescribeQPersonalizationConfigurationRequest":{ + "type":"structure", + "required":["AwsAccountId"], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"The ID of the Amazon Web Services account that contains the personalization configuration that the user wants described.
", + "location":"uri", + "locationName":"AwsAccountId" + } + } + }, + "DescribeQPersonalizationConfigurationResponse":{ + "type":"structure", + "members":{ + "PersonalizationMode":{ + "shape":"PersonalizationMode", + "documentation":"A value that indicates whether personalization is enabled or not.
" + }, + "RequestId":{ + "shape":"String", + "documentation":"The Amazon Web Services request ID for this operation.
" + }, + "Status":{ + "shape":"StatusCode", + "documentation":"The HTTP status of the request.
", + "location":"statusCode" + } + } + }, "DescribeRefreshScheduleRequest":{ "type":"structure", "required":[ @@ -23390,6 +23457,13 @@ "max":1000, "min":1 }, + "PersonalizationMode":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "PhysicalTable":{ "type":"structure", "members":{ @@ -32461,6 +32535,43 @@ } } }, + "UpdateQPersonalizationConfigurationRequest":{ + "type":"structure", + "required":[ + "AwsAccountId", + "PersonalizationMode" + ], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"The ID of the Amazon Web Services account account that contains the personalization configuration that the user wants to update.
", + "location":"uri", + "locationName":"AwsAccountId" + }, + "PersonalizationMode":{ + "shape":"PersonalizationMode", + "documentation":"An option to allow Amazon QuickSight to customize data stories with user specific metadata, specifically location and job information, in your IAM Identity Center instance.
" + } + } + }, + "UpdateQPersonalizationConfigurationResponse":{ + "type":"structure", + "members":{ + "PersonalizationMode":{ + "shape":"PersonalizationMode", + "documentation":"The personalization mode that is used for the personalization configuration.
" + }, + "RequestId":{ + "shape":"String", + "documentation":"The Amazon Web Services request ID for this operation.
" + }, + "Status":{ + "shape":"StatusCode", + "documentation":"The HTTP status of the request.
", + "location":"statusCode" + } + } + }, "UpdateRefreshScheduleRequest":{ "type":"structure", "required":[ diff --git a/botocore/data/securityhub/2018-10-26/service-2.json b/botocore/data/securityhub/2018-10-26/service-2.json index c24a2fb450..de3aa366fd 100644 --- a/botocore/data/securityhub/2018-10-26/service-2.json +++ b/botocore/data/securityhub/2018-10-26/service-2.json @@ -29,7 +29,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidAccessException"} ], - "documentation":"Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.
This operation is only used by member accounts that are not added through Organizations.
When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.
" + "documentation":"We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.
Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.
This operation is only used by member accounts that are not added through Organizations.
When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.
" }, "AcceptInvitation":{ "name":"AcceptInvitation", @@ -216,7 +216,7 @@ {"shape":"LimitExceededException"}, {"shape":"InvalidAccessException"} ], - "documentation":"Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.
Updates from BatchUpdateFindings do not affect the value of UpdatedAt for a finding.
Administrator and member accounts can use BatchUpdateFindings to update the following finding fields and objects.
Confidence
Criticality
Note
RelatedFindings
Severity
Types
UserDefinedFields
VerificationState
Workflow
You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the Security Hub User Guide.
" + "documentation":"Used by Security Hub customers to update information about their investigation into a finding. Requested by administrator accounts or member accounts. Administrator accounts can update findings for their account and their member accounts. Member accounts can update findings for their account.
Updates from BatchUpdateFindings don't affect the value of UpdatedAt for a finding.
Administrator and member accounts can use BatchUpdateFindings to update the following finding fields and objects.
Confidence
Criticality
Note
RelatedFindings
Severity
Types
UserDefinedFields
VerificationState
Workflow
You can configure IAM policies to restrict access to fields and field values. For example, you might not want member accounts to be able to suppress findings or change the finding severity. See Configuring access to BatchUpdateFindings in the Security Hub User Guide.
" }, "BatchUpdateStandardsControlAssociations":{ "name":"BatchUpdateStandardsControlAssociations", @@ -302,7 +302,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InvalidInputException"} ], - "documentation":"Used to enable finding aggregation. Must be called from the aggregation Region.
For more details about cross-Region replication, see Configuring finding aggregation in the Security Hub User Guide.
" + "documentation":"The aggregation Region is now called the home Region.
Used to enable cross-Region aggregation. This operation can be invoked from the home Region only.
For information about how cross-Region aggregation works, see Understanding cross-Region aggregation in Security Hub in the Security Hub User Guide.
" }, "CreateInsight":{ "name":"CreateInsight", @@ -337,7 +337,7 @@ {"shape":"ResourceConflictException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.
CreateMembers is always used to add accounts that are not organization members.
For accounts that are managed using Organizations, CreateMembers is only used in the following cases:
Security Hub is not configured to automatically add new organization accounts.
The account was disassociated or deleted in Security Hub.
This action can only be used by an account that has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.
For accounts that are not organization members, you create the account association and then send an invitation to the member account. To send the invitation, you use the InviteMembers operation. If the account owner accepts the invitation, the account becomes a member account in Security Hub.
Accounts that are managed using Organizations do not receive an invitation. They automatically become a member account in Security Hub.
If the organization account does not have Security Hub enabled, then Security Hub and the default standards are automatically enabled. Note that Security Hub cannot be enabled automatically for the organization management account. The organization management account must enable Security Hub before the administrator account enables it as a member account.
For organization accounts that already have Security Hub enabled, Security Hub does not make any other changes to those accounts. It does not change their enabled standards or controls.
A permissions policy is added that permits the administrator account to view the findings generated in the member account.
To remove the association between the administrator and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.
Creates a member association in Security Hub between the specified accounts and the account used to make the request, which is the administrator account. If you are integrated with Organizations, then the administrator account is designated by the organization management account.
CreateMembers is always used to add accounts that are not organization members.
For accounts that are managed using Organizations, CreateMembers is only used in the following cases:
Security Hub is not configured to automatically add new organization accounts.
The account was disassociated or deleted in Security Hub.
This action can only be used by an account that has Security Hub enabled. To enable Security Hub, you can use the EnableSecurityHub operation.
For accounts that are not organization members, you create the account association and then send an invitation to the member account. To send the invitation, you use the InviteMembers operation. If the account owner accepts the invitation, the account becomes a member account in Security Hub.
Accounts that are managed using Organizations don't receive an invitation. They automatically become a member account in Security Hub.
If the organization account does not have Security Hub enabled, then Security Hub and the default standards are automatically enabled. Note that Security Hub cannot be enabled automatically for the organization management account. The organization management account must enable Security Hub before the administrator account enables it as a member account.
For organization accounts that already have Security Hub enabled, Security Hub does not make any other changes to those accounts. It does not change their enabled standards or controls.
A permissions policy is added that permits the administrator account to view the findings generated in the member account.
To remove the association between the administrator and member accounts, use the DisassociateFromMasterAccount or DisassociateMembers operation.
Declines invitations to become a member account.
A prospective member account uses this operation to decline an invitation to become a member.
This operation is only called by member accounts that aren't part of an organization. Organization accounts don't receive invitations.
" + "documentation":"We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.
Declines invitations to become a Security Hub member account.
A prospective member account uses this operation to decline an invitation to become a member.
Only member accounts that aren't part of an Amazon Web Services organization should use this operation. Organization accounts don't receive invitations.
" }, "DeleteActionTarget":{ "name":"DeleteActionTarget", @@ -406,7 +406,7 @@ {"shape":"InvalidInputException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Deletes a finding aggregator. When you delete the finding aggregator, you stop finding aggregation.
When you stop finding aggregation, findings that were already aggregated to the aggregation Region are still visible from the aggregation Region. New findings and finding updates are not aggregated.
" + "documentation":"The aggregation Region is now called the home Region.
Deletes a finding aggregator. When you delete the finding aggregator, you stop cross-Region aggregation. Finding replication stops occurring from the linked Regions to the home Region.
When you stop cross-Region aggregation, findings that were already replicated and sent to the home Region are still visible from the home Region. However, new findings and finding updates are no longer replicated and sent to the home Region.
" }, "DeleteInsight":{ "name":"DeleteInsight", @@ -440,7 +440,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidAccessException"} ], - "documentation":"Deletes invitations received by the Amazon Web Services account to become a member account.
A Security Hub administrator account can use this operation to delete invitations sent to one or more member accounts.
This operation is only used to delete invitations that are sent to member accounts that aren't part of an organization. Organization accounts don't receive invitations.
" + "documentation":"We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.
Deletes invitations to become a Security Hub member account.
A Security Hub administrator account can use this operation to delete invitations sent to one or more prospective member accounts.
This operation is only used to delete invitations that are sent to prospective member accounts that aren't part of an Amazon Web Services organization. Organization accounts don't receive invitations.
" }, "DeleteMembers":{ "name":"DeleteMembers", @@ -522,7 +522,7 @@ {"shape":"InvalidAccessException"}, {"shape":"InvalidInputException"} ], - "documentation":"Returns information about product integrations in Security Hub.
You can optionally provide an integration ARN. If you provide an integration ARN, then the results only include that integration.
If you do not provide an integration ARN, then the results include all of the available product integrations.
" + "documentation":"Returns information about product integrations in Security Hub.
You can optionally provide an integration ARN. If you provide an integration ARN, then the results only include that integration.
If you don't provide an integration ARN, then the results include all of the available product integrations.
" }, "DescribeStandards":{ "name":"DescribeStandards", @@ -796,7 +796,7 @@ {"shape":"InvalidInputException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Returns the current finding aggregation configuration.
" + "documentation":"The aggregation Region is now called the home Region.
Returns the current configuration in the calling account for cross-Region aggregation. A finding aggregator is a resource that establishes the home Region and any linked Regions.
" }, "GetFindingHistory":{ "name":"GetFindingHistory", @@ -828,7 +828,7 @@ {"shape":"InvalidAccessException"}, {"shape":"LimitExceededException"} ], - "documentation":"Returns a list of findings that match the specified criteria.
If finding aggregation is enabled, then when you call GetFindings from the aggregation Region, the results include all of the matching findings from both the aggregation Region and the linked Regions.
Returns a list of findings that match the specified criteria.
If cross-Region aggregation is enabled, then when you call GetFindings from the home Region, the results include all of the matching findings from both the home Region and linked Regions.
Returns the count of all Security Hub membership invitations that were sent to the current member account, not including the currently accepted invitation.
" + "documentation":"We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.
Returns the count of all Security Hub membership invitations that were sent to the calling member account, not including the currently accepted invitation.
" }, "GetMasterAccount":{ "name":"GetMasterAccount", @@ -948,7 +948,7 @@ {"shape":"LimitExceededException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that the invitation is sent from.
This operation is only used to invite accounts that do not belong to an organization. Organization accounts do not receive invitations.
Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub.
When the account owner enables Security Hub and accepts the invitation to become a member account, the administrator account can view the findings generated from the member account.
" + "documentation":"We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.
Invites other Amazon Web Services accounts to become member accounts for the Security Hub administrator account that the invitation is sent from.
This operation is only used to invite accounts that don't belong to an Amazon Web Services organization. Organization accounts don't receive invitations.
Before you can use this action to invite a member, you must first use the CreateMembers action to create the member account in Security Hub.
When the account owner enables Security Hub and accepts the invitation to become a member account, the administrator account can view the findings generated in the member account.
" }, "ListAutomationRules":{ "name":"ListAutomationRules", @@ -1032,7 +1032,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InvalidInputException"} ], - "documentation":"If finding aggregation is enabled, then ListFindingAggregators returns the ARN of the finding aggregator. You can run this operation from any Region.
If cross-Region aggregation is enabled, then ListFindingAggregators returns the Amazon Resource Name (ARN) of the finding aggregator. You can run this operation from any Amazon Web Services Region.
Lists all Security Hub membership invitations that were sent to the current Amazon Web Services account.
This operation is only used by accounts that are managed by invitation. Accounts that are managed using the integration with Organizations do not receive invitations.
" + "documentation":"We recommend using Organizations instead of Security Hub invitations to manage your member accounts. For information, see Managing Security Hub administrator and member accounts with Organizations in the Security Hub User Guide.
Lists all Security Hub membership invitations that were sent to the calling account.
Only accounts that are managed by invitation can use this operation. Accounts that are managed using the integration with Organizations don't receive invitations.
" }, "ListMembers":{ "name":"ListMembers", @@ -1247,7 +1247,7 @@ {"shape":"InvalidInputException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Updates the finding aggregation configuration. Used to update the Region linking mode and the list of included or excluded Regions. You cannot use UpdateFindingAggregator to change the aggregation Region.
You must run UpdateFindingAggregator from the current aggregation Region.
The aggregation Region is now called the home Region.
Updates cross-Region aggregation settings. You can use this operation to update the Region linking mode and the list of included or excluded Amazon Web Services Regions. However, you can't use this operation to change the home Region.
You can invoke this operation from the current home Region only.
" }, "UpdateFindings":{ "name":"UpdateFindings", @@ -1725,14 +1725,14 @@ "members":{ "Type":{ "shape":"AutomationRulesActionType", - "documentation":" Specifies that the rule action should update the Types finding field. The Types finding field classifies findings in the format of namespace/category/classifier. For more information, see Types taxonomy for ASFF in the Security Hub User Guide.
Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule.
" }, "FindingFieldsUpdate":{ "shape":"AutomationRulesFindingFieldsUpdate", "documentation":"Specifies that the automation rule action is an update to a finding field.
" } }, - "documentation":"One or more actions to update finding fields if a finding matches the defined criteria of the rule.
" + "documentation":"One or more actions that Security Hub takes when a finding matches the defined criteria of a rule.
" }, "AutomationRulesActionType":{ "type":"string", @@ -1908,7 +1908,7 @@ }, "ResourceId":{ "shape":"StringFilterList", - "documentation":"The identifier for the given resource type. For Amazon Web Services resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, this is the identifier as defined by the Amazon Web Servicesservice that created the resource. For non-Amazon Web Services resources, this is a unique identifier that is associated with the resource.
Array Members: Minimum number of 1 item. Maximum number of 100 items.
" + "documentation":"The identifier for the given resource type. For Amazon Web Services resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For Amazon Web Services resources that lack ARNs, this is the identifier as defined by the Amazon Web Services service that created the resource. For non-Amazon Web Services resources, this is a unique identifier that is associated with the resource.
Array Members: Minimum number of 1 item. Maximum number of 100 items.
" }, "ResourcePartition":{ "shape":"StringFilterList", @@ -3292,7 +3292,7 @@ }, "Lifecycle":{ "shape":"AwsBackupBackupPlanLifecycleDetails", - "documentation":"Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you do not specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.
" + "documentation":"Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you don't specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.
" } }, "documentation":"An array of CopyAction objects, each of which contains details of the copy operation.
Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you do not specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.
" + "documentation":"Defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. If you don't specify a lifecycle, Backup applies the lifecycle policy of the source backup to the destination backup.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.
" } }, "documentation":"Provides details about an array of BackupRule objects, each of which specifies a scheduled task that is used to back up a selection of resources.
The unique ARN associated with the server-side encryption key. You can specify a key to encrypt your backups from services that support full Backup management. If you do not specify a key, Backup creates an KMS key for you by default.
" + "documentation":"The unique ARN associated with the server-side encryption key. You can specify a key to encrypt your backups from services that support full Backup management. If you don't specify a key, Backup creates an KMS key for you by default.
" }, "Notifications":{ "shape":"AwsBackupBackupVaultNotificationsDetails", @@ -7636,7 +7636,7 @@ }, "SchedulingStrategy":{ "shape":"NonEmptyString", - "documentation":"The scheduling strategy to use for the service.
The REPLICA scheduling strategy places and maintains the desired number of tasks across the cluster. By default, the service scheduler spreads tasks across Availability Zones. Task placement strategies and constraints are used to customize task placement decisions.
The DAEMON scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that are specified in the cluster. The service scheduler also evaluates the task placement constraints for running tasks and stops tasks that do not meet the placement constraints.
Valid values: REPLICA | DAEMON
The scheduling strategy to use for the service.
The REPLICA scheduling strategy places and maintains the desired number of tasks across the cluster. By default, the service scheduler spreads tasks across Availability Zones. Task placement strategies and constraints are used to customize task placement decisions.
The DAEMON scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that are specified in the cluster. The service scheduler also evaluates the task placement constraints for running tasks and stops tasks that don't meet the placement constraints.
Valid values: REPLICA | DAEMON
The meaning of this parameter differs according to the database engine you use.
MySQL, MariaDB, SQL Server, PostgreSQL
Contains the name of the initial database of this instance that was provided at create time, if one was specified when the DB instance was created. This same name is returned for the life of the DB instance.
Oracle
Contains the Oracle System ID (SID) of the created DB instance. Not shown when the returned parameters do not apply to an Oracle DB instance.
" + "documentation":"The meaning of this parameter differs according to the database engine you use.
MySQL, MariaDB, SQL Server, PostgreSQL
Contains the name of the initial database of this instance that was provided at create time, if one was specified when the DB instance was created. This same name is returned for the life of the DB instance.
Oracle
Contains the Oracle System ID (SID) of the created DB instance. Not shown when the returned parameters don't apply to an Oracle DB instance.
" }, "DeletionProtection":{ "shape":"Boolean", @@ -14209,7 +14209,7 @@ }, "WorkflowStatus":{ "shape":"StringFilterList", - "documentation":"The status of the investigation into a finding. Allowed values are the following.
NEW - The initial state of a finding, before it is reviewed.
Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases:
RecordState changes from ARCHIVED to ACTIVE.
Compliance.Status changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.
NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
If one of the following occurs, the workflow status is changed automatically from NOTIFIED to NEW:
RecordState changes from ARCHIVED to ACTIVE.
Compliance.Status changes from PASSED to FAILED, WARNING, or NOT_AVAILABLE.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed.
The workflow status of a SUPPRESSED finding does not change if RecordState changes from ARCHIVED to ACTIVE.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
The finding remains RESOLVED unless one of the following occurs:
RecordState changes from ARCHIVED to ACTIVE.
Compliance.Status changes from PASSED to FAILED, WARNING, or NOT_AVAILABLE.
In those cases, the workflow status is automatically reset to NEW.
For findings from controls, if Compliance.Status is PASSED, then Security Hub automatically sets the workflow status to RESOLVED.
The status of the investigation into a finding. Allowed values are the following.
NEW - The initial state of a finding, before it is reviewed.
Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases:
RecordState changes from ARCHIVED to ACTIVE.
Compliance.Status changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.
NOTIFIED - Indicates that the resource owner has been notified about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
If one of the following occurs, the workflow status is changed automatically from NOTIFIED to NEW:
RecordState changes from ARCHIVED to ACTIVE.
Compliance.Status changes from PASSED to FAILED, WARNING, or NOT_AVAILABLE.
SUPPRESSED - Indicates that you reviewed the finding and don't believe that any action is needed.
The workflow status of a SUPPRESSED finding does not change if RecordState changes from ARCHIVED to ACTIVE.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
The finding remains RESOLVED unless one of the following occurs:
RecordState changes from ARCHIVED to ACTIVE.
Compliance.Status changes from PASSED to FAILED, WARNING, or NOT_AVAILABLE.
In those cases, the workflow status is automatically reset to NEW.
For findings from controls, if Compliance.Status is PASSED, then Security Hub automatically sets the workflow status to RESOLVED.
The unique identifier of a control across standards. Values for this field typically consist of an Amazon Web Servicesservice and a number, such as APIGateway.5.
" + "documentation":"The unique identifier of a control across standards. Values for this field typically consist of an Amazon Web Services service and a number, such as APIGateway.5.
" }, "ComplianceAssociatedStandardsId":{ "shape":"StringFilterList", @@ -15035,11 +15035,11 @@ }, "OverrideAction":{ "shape":"WafOverrideAction", - "documentation":"Use the OverrideAction to test your RuleGroup.
Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to None, the RuleGroup blocks a request if any individual rule in the RuleGroup matches the request and is configured to block that request.
However, if you first want to test the RuleGroup, set the OverrideAction to Count. The RuleGroup then overrides any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests are counted.
ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a web ACL. In this case you do not use ActivatedRule Action. For all other update requests, ActivatedRule Action is used instead of ActivatedRule OverrideAction.
Use the OverrideAction to test your RuleGroup.
Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to None, the RuleGroup blocks a request if any individual rule in the RuleGroup matches the request and is configured to block that request.
However, if you first want to test the RuleGroup, set the OverrideAction to Count. The RuleGroup then overrides any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests are counted.
ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a web ACL. In this case you don't use ActivatedRule Action. For all other update requests, ActivatedRule Action is used instead of ActivatedRule OverrideAction.
Specifies the order in which the rules in a web ACL are evaluated. Rules with a lower value for Priority are evaluated before rules with a higher value. The value must be a unique integer. If you add multiple rules to a web ACL, the values do not need to be consecutive.
Specifies the order in which the rules in a web ACL are evaluated. Rules with a lower value for Priority are evaluated before rules with a higher value. The value must be a unique integer. If you add multiple rules to a web ACL, the values don't need to be consecutive.
Typically provides the unique identifier of a control across standards. For Security Hub controls, this field consists of an Amazon Web Servicesservice and a unique number, such as APIGateway.5.
Typically provides the unique identifier of a control across standards. For Security Hub controls, this field consists of an Amazon Web Services service and a unique number, such as APIGateway.5.
If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.
If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.
If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do replicate and send findings to the home Region.
An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.
The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop finding aggregation.
" + "documentation":"The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop cross-Region aggregation.
" }, "FindingAggregationRegion":{ "shape":"NonEmptyString", - "documentation":"The aggregation Region.
" + "documentation":"The home Region. Findings generated in linked Regions are replicated and sent to the home Region.
" }, "RegionLinkingMode":{ "shape":"NonEmptyString", @@ -16926,7 +16926,7 @@ }, "EnableDefaultStandards":{ "shape":"Boolean", - "documentation":"Whether to enable the security standards that Security Hub has designated as automatically enabled. If you do not provide a value for EnableDefaultStandards, it is set to true. To not enable the automatically enabled standards, set EnableDefaultStandards to false.
Whether to enable the security standards that Security Hub has designated as automatically enabled. If you don't provide a value for EnableDefaultStandards, it is set to true. To not enable the automatically enabled standards, set EnableDefaultStandards to false.
The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and delete the finding aggregator.
" } }, - "documentation":"A finding aggregator. A finding aggregator contains the configuration for finding aggregation.
" + "documentation":"A finding aggregator is a Security Hub resource that specifies cross-Region aggregation settings, including the home Region and any linked Regions.
" }, "FindingAggregatorList":{ "type":"list", @@ -17038,7 +17038,7 @@ }, "UpdateSource":{ "shape":"FindingHistoryUpdateSource", - "documentation":" Identifies the source of the event that changed the finding. For example, an integrated Amazon Web Servicesservice or third-party partner integration may call BatchImportFindings , or an Security Hub customer may call BatchUpdateFindings .
Identifies the source of the event that changed the finding. For example, an integrated Amazon Web Services service or third-party partner integration may call BatchImportFindings , or an Security Hub customer may call BatchUpdateFindings .
Describes the type of finding change event, such as a call to BatchImportFindings (by an integrated Amazon Web Servicesservice or third party partner integration) or BatchUpdateFindings (by a Security Hub customer).
Describes the type of finding change event, such as a call to BatchImportFindings (by an integrated Amazon Web Services service or third party partner integration) or BatchUpdateFindings (by a Security Hub customer).
The aggregation Region.
" + "documentation":"The home Region. Findings generated in linked Regions are replicated and sent to the home Region.
" }, "RegionLinkingMode":{ "shape":"NonEmptyString", @@ -17506,7 +17506,7 @@ "members":{ "InsightArns":{ "shape":"ArnList", - "documentation":"The ARNs of the insights to describe. If you do not provide any insight ARNs, then GetInsights returns all of your custom insights. It does not return any managed insights.
The ARNs of the insights to describe. If you don't provide any insight ARNs, then GetInsights returns all of your custom insights. It does not return any managed insights.
The Amazon Web Servicesservice that the configuration policy applies to.
" + "documentation":"The Amazon Web Services service that the configuration policy applies to.
" } }, "documentation":"An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
", @@ -19680,7 +19680,7 @@ }, "DestinationPrefixListId":{ "shape":"NonEmptyString", - "documentation":"The prefix of the destination Amazon Web Servicesservice.
" + "documentation":"The prefix of the destination Amazon Web Services service.
" }, "EgressOnlyInternetGatewayId":{ "shape":"NonEmptyString", @@ -20101,7 +20101,7 @@ "members":{ "SecurityControlId":{ "shape":"NonEmptyString", - "documentation":"The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a number, such as APIGateway.3.
" + "documentation":"The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number, such as APIGateway.3.
" }, "SecurityControlArn":{ "shape":"NonEmptyString", @@ -20173,7 +20173,7 @@ "members":{ "SecurityControlId":{ "shape":"NonEmptyString", - "documentation":" The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number (for example, APIGateway.3). This parameter differs from SecurityControlArn, which is a unique Amazon Resource Name (ARN) assigned to a control. The ARN references the security control ID (for example, arn:aws:securityhub:eu-central-1:123456789012:security-control/APIGateway.3).
The severity value of the finding. The allowed values are the following.
INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.
If you provide Normalized and do not provide Label, then Label is set automatically as follows.
0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL
The severity value of the finding. The allowed values are the following.
INFORMATIONAL - No issue was found.
LOW - The issue does not require action on its own.
MEDIUM - The issue must be addressed but not urgently.
HIGH - The issue must be addressed as a priority.
CRITICAL - The issue must be remediated immediately to avoid it escalating.
If you provide Normalized and don't provide Label, then Label is set automatically as follows.
0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL
Deprecated. The normalized severity of a finding. Instead of providing Normalized, provide Label.
The value of Normalized can be an integer between 0 and 100.
If you provide Label and do not provide Normalized, then Normalized is set automatically as follows.
INFORMATIONAL - 0
LOW - 1
MEDIUM - 40
HIGH - 70
CRITICAL - 90
Deprecated. The normalized severity of a finding. Instead of providing Normalized, provide Label.
The value of Normalized can be an integer between 0 and 100.
If you provide Label and don't provide Normalized, then Normalized is set automatically as follows.
INFORMATIONAL - 0
LOW - 1
MEDIUM - 40
HIGH - 70
CRITICAL - 90
The normalized severity for the finding. This attribute is to be deprecated in favor of Label.
If you provide Normalized and do not provide Label, Label is set automatically as follows.
0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL
The normalized severity for the finding. This attribute is to be deprecated in favor of Label.
If you provide Normalized and don't provide Label, Label is set automatically as follows.
0 - INFORMATIONAL
1–39 - LOW
40–69 - MEDIUM
70–89 - HIGH
90–100 - CRITICAL
The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Servicesservice name and a number, such as APIGateway.3.
" + "documentation":"The unique identifier of a security control across standards. Values for this field typically consist of an Amazon Web Services service name and a number, such as APIGateway.3.
" }, "SecurityControlArn":{ "shape":"NonEmptyString", @@ -20636,7 +20636,7 @@ }, "SecurityControlId":{ "shape":"NonEmptyString", - "documentation":"A unique standard-agnostic identifier for a control. Values for this field typically consist of an Amazon Web Servicesservice and a number, such as APIGateway.5. This field doesn't reference a specific standard.
" + "documentation":"A unique standard-agnostic identifier for a control. Values for this field typically consist of an Amazon Web Services service and a number, such as APIGateway.5. This field doesn't reference a specific standard.
" }, "SecurityControlArn":{ "shape":"NonEmptyString", @@ -21483,7 +21483,7 @@ }, "Regions":{ "shape":"StringList", - "documentation":"If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that do not aggregate findings to the aggregation Region.
If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do aggregate findings to the aggregation Region.
An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.
If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.
If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do replicate and send findings to the home Region.
An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.
The aggregation Region.
" + "documentation":"The home Region. Findings generated in linked Regions are replicated and sent to the home Region.
" }, "RegionLinkingMode":{ "shape":"NonEmptyString", @@ -21887,7 +21887,7 @@ "members":{ "Status":{ "shape":"WorkflowStatus", - "documentation":"The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.
The allowed values are the following.
NEW - The initial state of a finding, before it is reviewed.
Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases:
RecordState changes from ARCHIVED to ACTIVE.
ComplianceStatus changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.
The allowed values are the following.
NEW - The initial state of a finding, before it is reviewed.
Security Hub also resets the workflow status from NOTIFIED or RESOLVED to NEW in the following cases:
RecordState changes from ARCHIVED to ACTIVE.
ComplianceStatus changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
SUPPRESSED - Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
Provides details about the status of the investigation into a finding.
" @@ -21918,11 +21918,11 @@ "members":{ "Status":{ "shape":"WorkflowStatus", - "documentation":"The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.
The allowed values are the following.
NEW - The initial state of a finding, before it is reviewed.
Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:
The record state changes from ARCHIVED to ACTIVE.
The compliance status changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated.
The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to SUPPRESSED or RESOLVED does not prevent a new finding for the same issue.
The allowed values are the following.
NEW - The initial state of a finding, before it is reviewed.
Security Hub also resets WorkFlowStatus from NOTIFIED or RESOLVED to NEW in the following cases:
The record state changes from ARCHIVED to ACTIVE.
The compliance status changes from PASSED to either WARNING, FAILED, or NOT_AVAILABLE.
NOTIFIED - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.
RESOLVED - The finding was reviewed and remediated and is now considered resolved.
SUPPRESSED - Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated.
Used to update information about the investigation into the finding.
" } }, - "documentation":"Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps you assess your Amazon Web Services environment against security industry standards and best practices.
Security Hub collects security data across Amazon Web Services accounts, Amazon Web Servicesservices, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues.
To help you manage the security state of your organization, Security Hub supports multiple security standards. These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes several security controls, each of which represents a security best practice. Security Hub runs checks against security controls and generates control findings to help you assess your compliance against security best practices.
In addition to generating control findings, Security Hub also receives findings from other Amazon Web Servicesservices, such as Amazon GuardDuty and Amazon Inspector, and supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You can also send Security Hub findings to other Amazon Web Servicesservices and supported third-party products.
Security Hub offers automation features that help you triage and remediate security issues. For example, you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with Amazon EventBridge to trigger automatic responses to specific findings.
This guide, the Security Hub API Reference, provides information about the Security Hub API. This includes supported resources, HTTP methods, parameters, and schemas. If you're new to Security Hub, you might find it helpful to also review the Security Hub User Guide . The user guide explains key concepts and provides procedures that demonstrate how to use Security Hub features. It also provides information about topics such as integrating Security Hub with other Amazon Web Servicesservices.
In addition to interacting with Security Hub by making calls to the Security Hub API, you can use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to Security Hub and other Amazon Web Servicesservices . They also handle tasks such as signing requests, managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools and SDKs, see Tools to Build on Amazon Web Services.
With the exception of operations that are related to central configuration, Security Hub API requests are executed only in the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, API requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of central configuration operations, see the Central configuration terms and concepts section of the Security Hub User Guide.
The following throttling limits apply to Security Hub API operations.
BatchEnableStandards - RateLimit of 1 request per second. BurstLimit of 1 request per second.
GetFindings - RateLimit of 3 requests per second. BurstLimit of 6 requests per second.
BatchImportFindings - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
BatchUpdateFindings - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
UpdateStandardsControl - RateLimit of 1 request per second. BurstLimit of 5 requests per second.
All other operations - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps you assess your Amazon Web Services environment against security industry standards and best practices.
Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services services, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues.
To help you manage the security state of your organization, Security Hub supports multiple security standards. These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes several security controls, each of which represents a security best practice. Security Hub runs checks against security controls and generates control findings to help you assess your compliance against security best practices.
In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services services, such as Amazon GuardDuty and Amazon Inspector, and supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You can also send Security Hub findings to other Amazon Web Services services and supported third-party products.
Security Hub offers automation features that help you triage and remediate security issues. For example, you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with Amazon EventBridge to trigger automatic responses to specific findings.
This guide, the Security Hub API Reference, provides information about the Security Hub API. This includes supported resources, HTTP methods, parameters, and schemas. If you're new to Security Hub, you might find it helpful to also review the Security Hub User Guide . The user guide explains key concepts and provides procedures that demonstrate how to use Security Hub features. It also provides information about topics such as integrating Security Hub with other Amazon Web Services services.
In addition to interacting with Security Hub by making calls to the Security Hub API, you can use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to Security Hub and other Amazon Web Services services . They also handle tasks such as signing requests, managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools and SDKs, see Tools to Build on Amazon Web Services.
With the exception of operations that are related to central configuration, Security Hub API requests are executed only in the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, API requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of central configuration operations, see the Central configuration terms and concepts section of the Security Hub User Guide.
The following throttling limits apply to Security Hub API operations.
BatchEnableStandards - RateLimit of 1 request per second. BurstLimit of 1 request per second.
GetFindings - RateLimit of 3 requests per second. BurstLimit of 6 requests per second.
BatchImportFindings - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
BatchUpdateFindings - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
UpdateStandardsControl - RateLimit of 1 request per second. BurstLimit of 5 requests per second.
All other operations - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
An object containing additional settings for your VDM configuration as applicable to the Guardian.
" }, + "HttpsPolicy":{ + "type":"string", + "documentation":"The https policy to use for tracking open and click events. If the value is OPTIONAL or HttpsPolicy is not specified, the open trackers use HTTP and click tracker use the original protocol of the link. If the value is REQUIRE, both open and click tracker uses HTTPS and if the value is REQUIRE_OPEN_ONLY open tracker uses HTTPS and link tracker is same as original protocol of the link.
", + "enum":[ + "REQUIRE", + "REQUIRE_OPEN_ONLY", + "OPTIONAL" + ] + }, "Identity":{ "type":"string", "min":1 @@ -5702,7 +5711,8 @@ "CustomRedirectDomain":{ "shape":"CustomRedirectDomain", "documentation":"The domain to use to track open and click events.
" - } + }, + "HttpsPolicy":{"shape":"HttpsPolicy"} }, "documentation":"A request to add a custom domain for tracking open and click events to a configuration set.
" }, @@ -6724,6 +6734,10 @@ "CustomRedirectDomain":{ "shape":"CustomRedirectDomain", "documentation":"The domain to use for tracking open and click events.
" + }, + "HttpsPolicy":{ + "shape":"HttpsPolicy", + "documentation":"The https policy to use for tracking open and click events.
" } }, "documentation":"An object that defines the tracking options for a configuration set. When you use the Amazon SES API v2 to send an email, it contains an invisible image that's used to track when recipients open your email. If your email contains links, those links are changed slightly in order to track when recipients click them.
These images and links include references to a domain operated by Amazon Web Services. You can optionally configure the Amazon SES to use a domain that you operate for these images and links.
" diff --git a/docs/source/conf.py b/docs/source/conf.py index 97b53adb3f..74a8dc942d 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -59,7 +59,7 @@ # The short X.Y version. version = '1.35.' # The full version, including alpha/beta/rc tags. -release = '1.35.28' +release = '1.35.29' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages.