String code
String domainName
The domain name corresponding to the distribution.
String eTag
The entity tag is a hash of the object.
String lastModifiedTime
The date and time that the distribution was last modified.
AwsCloudFrontDistributionLogging logging
A complex type that controls whether access logs are written for the distribution.
AwsCloudFrontDistributionOrigins origins
A complex type that contains information about origins for this distribution.
String status
Indicates the current status of the distribution.
String webAclId
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution.
String bucket
The Amazon S3 bucket to store the access logs in.
Boolean enabled
With this field, you can enable or disable the selected distribution.
Boolean includeCookies
Specifies whether you want CloudFront to include cookies in access logs.
String prefix
An optional string that you want CloudFront to use as a prefix to the access log filenames for this distribution.
String domainName
Amazon S3 origins: The DNS name of the Amazon S3 bucket from which you want CloudFront to get objects for this origin.
String id
A unique identifier for the origin or origin group.
String originPath
An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.
String encryptionKey
The AWS Key Management Service (AWS KMS) customer master key (CMK) used to encrypt the build output artifacts.
You can specify either the Amazon Resource Name (ARN) of the CMK or, if available, the CMK alias (using the format alias/alias-name).
AwsCodeBuildProjectEnvironment environment
Information about the build environment for this build project.
String name
The name of the build project.
AwsCodeBuildProjectSource source
Information about the build input source code for this build project.
String serviceRole
The ARN of the IAM role that enables AWS CodeBuild to interact with dependent AWS services on behalf of the AWS account.
AwsCodeBuildProjectVpcConfig vpcConfig
Information about the VPC configuration that AWS CodeBuild accesses.
String certificate
The certificate to use with this build project.
String imagePullCredentialsType
The type of credentials AWS CodeBuild uses to pull images in your build.
Valid values:
CODEBUILD specifies that AWS CodeBuild uses its own credentials. This requires that you modify your
ECR repository policy to trust the AWS CodeBuild service principal.
SERVICE_ROLE specifies that AWS CodeBuild uses your build project's service role.
When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When
you use an AWS CodeBuild curated image, you must use CODEBUILD credentials.
AwsCodeBuildProjectEnvironmentRegistryCredential registryCredential
The credentials for access to a private registry.
String type
The type of build environment to use for related builds.
The environment type ARM_CONTAINER is available only in regions US East (N. Virginia), US East
(Ohio), US West (Oregon), Europe (Ireland), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Asia Pacific (Sydney),
and Europe (Frankfurt).
The environment type LINUX_CONTAINER with compute type build.general1.2xlarge is available only in
regions US East (N. Virginia), US East (N. Virginia), US West (Oregon), Canada (Central), Europe (Ireland),
Europe (London), Europe (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia
Pacific (Sydney), China (Beijing), and China (Ningxia).
The environment type LINUX_GPU_CONTAINER is available only in regions US East (N. Virginia), US East
(N. Virginia), US West (Oregon), Canada (Central), Europe (Ireland), Europe (London), Europe (Frankfurt), Asia
Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney) , China (Beijing), and
China (Ningxia).
Valid values: WINDOWS_CONTAINER | LINUX_CONTAINER | LINUX_GPU_CONTAINER |
ARM_CONTAINER
String credential
The Amazon Resource Name (ARN) or name of credentials created using AWS Secrets Manager.
The credential can use the name of the credentials only if they exist in your current AWS Region.
String credentialProvider
The service that created the credentials to access a private Docker registry.
The valid value, SECRETS_MANAGER, is for AWS Secrets Manager.
String type
The type of repository that contains the source code to be built. Valid values are:
BITBUCKET - The source code is in a Bitbucket repository.
CODECOMMIT - The source code is in an AWS CodeCommit repository.
CODEPIPELINE - The source code settings are specified in the source action of a pipeline in AWS
CodePipeline.
GITHUB - The source code is in a GitHub repository.
GITHUB_ENTERPRISE - The source code is in a GitHub Enterprise repository.
NO_SOURCE - The project does not have input source code.
S3 - The source code is in an S3 input bucket.
String location
Information about the location of the source code to be built.
Valid values include:
For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, AWS CodePipeline ignores it. This is because AWS CodePipeline uses the settings in a pipeline's source action instead of this value.
For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source
code and the buildspec file (for example,
https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ).
For source code in an S3 input bucket, one of the following.
The path to the ZIP file that contains the source code (for example,
bucket-name/path/to/object-name.zip).
The path to the folder that contains the source code (for example,
bucket-name/path/to/source-code/folder/).
For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the buildspec file.
For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the buildspec file.
Integer gitCloneDepth
Information about the Git clone depth for the build project.
Boolean insecureSsl
Whether to ignore SSL warnings while connecting to the project source code.
String type
The instance type of the instance.
String imageId
The Amazon Machine Image (AMI) ID of the instance.
List<E> ipV4Addresses
The IPv4 addresses associated with the instance.
List<E> ipV6Addresses
The IPv6 addresses associated with the instance.
String keyName
The key name associated with the instance.
String iamInstanceProfileArn
The IAM profile ARN of the instance.
String vpcId
The identifier of the VPC that the instance was launched in.
String subnetId
The identifier of the subnet that the instance was launched in.
String launchedAt
The date/time the instance was launched.
String attachTime
The timestamp indicating when the attachment initiated.
String attachmentId
The identifier of the network interface attachment
Boolean deleteOnTermination
Indicates whether the network interface is deleted when the instance is terminated.
Integer deviceIndex
The device index of the network interface attachment on the instance.
String instanceId
The ID of the instance.
String instanceOwnerId
The AWS account ID of the owner of the instance.
String status
The attachment state.
Valid values: attaching | attached | detaching | detached
AwsEc2NetworkInterfaceAttachment attachment
The network interface attachment.
String networkInterfaceId
The ID of the network interface.
List<E> securityGroups
Security groups for the network interface.
Boolean sourceDestCheck
Indicates whether traffic to or from the instance is validated.
String groupName
The name of the security group.
String groupId
The ID of the security group.
String ownerId
The AWS account ID of the owner of the security group.
String vpcId
[VPC only] The ID of the VPC for the security group.
List<E> ipPermissions
The inbound rules associated with the security group.
List<E> ipPermissionsEgress
[VPC only] The outbound rules associated with the security group.
String ipProtocol
The IP protocol name (tcp, udp, icmp, icmpv6) or number.
[VPC only] Use -1 to specify all protocols.
When authorizing security group rules, specifying -1 or a protocol number other than tcp,
udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port
range you specify.
For tcp, udp, and icmp, you must specify a port range.
For icmpv6, the port range is optional. If you omit the port range, traffic for all types and codes
is allowed.
Integer fromPort
The start of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.
A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.
Integer toPort
The end of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.
A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.
List<E> userIdGroupPairs
The security group and AWS account ID pairs.
List<E> ipRanges
The IPv4 ranges.
List<E> ipv6Ranges
The IPv6 ranges.
List<E> prefixListIds
[VPC only] The prefix list IDs for an AWS service. With outbound rules, this is the AWS service to access through a VPC endpoint from instances associated with the security group.
String cidrIp
The IPv4 CIDR range. You can either specify either a CIDR range or a source security group, but not both. To specify a single IPv4 address, use the /32 prefix length.
String cidrIpv6
The IPv6 CIDR range. You can either specify either a CIDR range or a source security group, but not both. To specify a single IPv6 address, use the /128 prefix length.
String prefixListId
The ID of the prefix.
String groupId
The ID of the security group.
String groupName
The name of the security group.
String peeringStatus
The status of a VPC peering connection, if applicable.
String userId
The ID of an AWS account.
For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.
[EC2-Classic] Required when adding or removing rules that reference a security group in another AWS.
String vpcId
The ID of the VPC for the referenced security group, if applicable.
String vpcPeeringConnectionId
The ID of the VPC peering connection, if applicable.
String accessPolicies
IAM policy document specifying the access policies for the new Amazon ES domain.
AwsElasticsearchDomainDomainEndpointOptions domainEndpointOptions
Additional options for the domain endpoint.
String domainId
Unique identifier for an Amazon ES domain.
String domainName
Name of an Amazon ES domain.
Domain names are unique across all domains owned by the same account within an AWS Region.
Domain names must start with a lowercase letter and must be between 3 and 28 characters.
Valid characters are a-z (lowercase only), 0-9, and – (hyphen).
String endpoint
Domain-specific endpoint used to submit index, search, and data upload requests to an Amazon ES domain.
The endpoint is a service URL.
Map<K,V> endpoints
The key-value pair that exists if the Amazon ES domain uses VPC endpoints.
String elasticsearchVersion
Elasticsearch version.
AwsElasticsearchDomainEncryptionAtRestOptions encryptionAtRestOptions
Details about the configuration for encryption at rest.
AwsElasticsearchDomainNodeToNodeEncryptionOptions nodeToNodeEncryptionOptions
Details about the configuration for node-to-node encryption.
AwsElasticsearchDomainVPCOptions vPCOptions
Information that Amazon ES derives based on VPCOptions for the domain.
Boolean enforceHTTPS
Whether to require that all traffic to the domain arrive over HTTPS.
String tLSSecurityPolicy
The TLS security policy to apply to the HTTPS endpoint of the Elasticsearch domain.
Valid values:
Policy-Min-TLS-1-0-2019-07, which supports TLSv1.0 and higher
Policy-Min-TLS-1-2-2019-07, which only supports TLSv1.2
Boolean enabled
Whether node-to-node encryption is enabled.
List<E> availabilityZones
The list of Availability Zones associated with the VPC subnets.
List<E> securityGroupIds
The list of security group IDs associated with the VPC endpoints for the domain.
List<E> subnetIds
A list of subnet IDs associated with the VPC endpoints for the domain.
String vPCId
ID for the VPC.
List<E> availabilityZones
The Availability Zones for the load balancer.
String canonicalHostedZoneId
The ID of the Amazon Route 53 hosted zone associated with the load balancer.
String createdTime
The date and time the load balancer was created.
String dNSName
The public DNS name of the load balancer.
String ipAddressType
The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4
(for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).
String scheme
The nodes of an Internet-facing load balancer have public IP addresses.
List<E> securityGroups
The IDs of the security groups for the load balancer.
LoadBalancerState state
The state of the load balancer.
String type
The type of load balancer.
String vpcId
The ID of the VPC for the load balancer.
String userName
The user associated with the IAM access key related to a finding.
The UserName parameter has been replaced with the PrincipalName parameter because
access keys can also be assigned to principals that are not IAM users.
String status
The status of the IAM access key related to a finding.
String createdAt
The creation date/time of the IAM access key related to a finding.
String principalId
The ID of the principal associated with an access key.
String principalType
The type of principal associated with an access key.
String principalName
The name of the principal.
String assumeRolePolicyDocument
The trust policy that grants permission to assume the role.
String createDate
The date and time, in ISO 8601 date-time format, when the role was created.
String roleId
The stable and unique string identifying the role.
String roleName
The friendly name that identifies the role.
Integer maxSessionDuration
The maximum session duration (in seconds) that you want to set for the specified role.
String path
The path to the role.
String aWSAccountId
The twelve-digit account ID of the AWS account that owns the CMK.
Double creationDate
The date and time when the CMK was created.
String keyId
The globally unique identifier for the CMK.
String keyManager
The manager of the CMK. CMKs in your AWS account are either customer managed or AWS managed.
String keyState
The state of the CMK.
String origin
The source of the CMK's key material.
When this value is AWS_KMS, AWS KMS created the key material.
When this value is EXTERNAL, the key material was imported from your existing key management
infrastructure or the CMK lacks key material.
When this value is AWS_CLOUDHSM, the key material was created in the AWS CloudHSM cluster associated
with a custom key store.
String s3Bucket
An Amazon S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account.
String s3Key
The Amazon S3 key of the deployment package.
String s3ObjectVersion
For versioned objects, the version of the deployment package object to use.
String zipFile
The base64-encoded contents of the deployment package. AWS SDK and AWS CLI clients handle the encoding for you.
String targetArn
The Amazon Resource Name (ARN) of an Amazon SQS queue or Amazon SNS topic.
AwsLambdaFunctionCode code
An AwsLambdaFunctionCode object.
String codeSha256
The SHA256 hash of the function's deployment package.
AwsLambdaFunctionDeadLetterConfig deadLetterConfig
The function's dead letter queue.
AwsLambdaFunctionEnvironment environment
The function's environment variables.
String functionName
The name of the function.
String handler
The function that Lambda calls to begin executing your function.
String kmsKeyArn
The KMS key that's used to encrypt the function's environment variables. This key is only returned if you've configured a customer managed CMK.
String lastModified
The date and time that the function was last updated, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD).
List<E> layers
The function's layers.
String masterArn
For Lambda@Edge functions, the ARN of the master function.
Integer memorySize
The memory that's allocated to the function.
String revisionId
The latest updated revision of the function or alias.
String role
The function's execution role.
String runtime
The runtime environment for the Lambda function.
Integer timeout
The amount of time that Lambda allows a function to run before stopping it.
AwsLambdaFunctionTracingConfig tracingConfig
The function's AWS X-Ray tracing configuration.
AwsLambdaFunctionVpcConfig vpcConfig
The function's networking configuration.
String version
The version of the Lambda function.
Map<K,V> variables
Environment variable key-value pairs.
AwsLambdaFunctionEnvironmentError error
An AwsLambdaFunctionEnvironmentError object.
String mode
The tracing mode.
Long version
The version number.
List<E> compatibleRuntimes
The layer's compatible runtimes. Maximum number of 5 items.
Valid values: nodejs10.x | nodejs12.x | java8 | java11 |
python2.7 | python3.6 | python3.7 | python3.8 |
dotnetcore1.0 | dotnetcore2.1 | go1.x | ruby2.5 |
provided
String createdDate
The date that the version was created, in ISO 8601 format. For example, 2018-11-27T15:10:45.123+0000.
String roleArn
The Amazon Resource Name (ARN) of the IAM role that is associated with the DB instance.
String featureName
The name of the feature associated with the IAM)role.
String status
Describes the state of the association between the IAM role and the DB instance. The Status property
returns one of the following values:
ACTIVE - the IAM role ARN is associated with the DB instance and can be used to access other AWS
services on your behalf.
PENDING - the IAM role ARN is being associated with the DB instance.
INVALID - the IAM role ARN is associated with the DB instance, but the DB instance is unable to
assume the IAM role in order to access other AWS services on your behalf.
List<E> associatedRoles
The AWS Identity and Access Management (IAM) roles associated with the DB instance.
String cACertificateIdentifier
The identifier of the CA certificate for this DB instance.
String dBClusterIdentifier
If the DB instance is a member of a DB cluster, contains the name of the DB cluster that the DB instance is a member of.
String dBInstanceIdentifier
Contains a user-supplied database identifier. This identifier is the unique key that identifies a DB instance.
String dBInstanceClass
Contains the name of the compute and memory capacity class of the DB instance.
Integer dbInstancePort
Specifies the port that the DB instance listens on. If the DB instance is part of a DB cluster, this can be a different port than the DB cluster port.
String dbiResourceId
The AWS Region-unique, immutable identifier for the DB instance. This identifier is found in AWS CloudTrail log entries whenever the AWS KMS key for the DB instance is accessed.
String dBName
The meaning of this parameter differs according to the database engine you use.
MySQL, MariaDB, SQL Server, PostgreSQL
Contains the name of the initial database of this instance that was provided at create time, if one was specified when the DB instance was created. This same name is returned for the life of the DB instance.
Oracle
Contains the Oracle System ID (SID) of the created DB instance. Not shown when the returned parameters do not apply to an Oracle DB instance.
Boolean deletionProtection
Indicates whether the DB instance has deletion protection enabled.
When deletion protection is enabled, the database cannot be deleted.
AwsRdsDbInstanceEndpoint endpoint
Specifies the connection endpoint.
String engine
Provides the name of the database engine to use for this DB instance.
String engineVersion
Indicates the database engine version.
Boolean iAMDatabaseAuthenticationEnabled
True if mapping of AWS Identity and Access Management (IAM) accounts to database accounts is enabled, and otherwise false.
IAM database authentication can be enabled for the following database engines.
For MySQL 5.6, minor version 5.6.34 or higher
For MySQL 5.7, minor version 5.7.16 or higher
Aurora 5.6 or higher
String instanceCreateTime
Provides the date and time the DB instance was created.
String kmsKeyId
If StorageEncrypted is true, the AWS KMS key identifier for the encrypted DB instance.
Boolean publiclyAccessible
Specifies the accessibility options for the DB instance.
A value of true specifies an Internet-facing instance with a publicly resolvable DNS name, which resolves to a public IP address.
A value of false specifies an internal instance with a DNS name that resolves to a private IP address.
Boolean storageEncrypted
Specifies whether the DB instance is encrypted.
String tdeCredentialArn
The ARN from the key store with which the instance is associated for TDE encryption.
List<E> vpcSecurityGroups
A list of VPC security groups that the DB instance belongs to.
String schemaVersion
The schema version that a finding is formatted for.
String id
The security findings provider-specific identifier for a finding.
String productArn
The ARN generated by Security Hub that uniquely identifies a third-party company (security-findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
String generatorId
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
String awsAccountId
The AWS account ID that a finding is generated in.
List<E> types
One or more finding types in the format of namespace/category/classifier that classify a finding.
Valid namespace values are: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications
String firstObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
String lastObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
String createdAt
An ISO8601-formatted timestamp that indicates when the security-findings provider created the potential security issue that a finding captured.
String updatedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.
Severity severity
A finding's severity.
Integer confidence
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
Integer criticality
The level of importance assigned to the resources associated with the finding.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
String title
A finding's title.
In this release, Title is a required property.
String description
A finding's description.
In this release, Description is a required property.
Remediation remediation
A data type that describes the remediation options for a finding.
String sourceUrl
A URL that links to a page about the current finding in the security-findings provider's solution.
Map<K,V> productFields
A data type where security-findings providers can include additional solution-specific details that aren't part
of the defined AwsSecurityFinding format.
Map<K,V> userDefinedFields
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
List<E> malware
A list of malware related to a finding.
Network network
The details of network-related information about a finding.
ProcessDetails process
The details of process-related information about a finding.
List<E> threatIntelIndicators
Threat intelligence details related to a finding.
List<E> resources
A set of resource data types that describe the resources that the finding refers to.
Compliance compliance
This data type is exclusive to findings that are generated as the result of a check run against a specific rule in a supported security standard, such as CIS AWS Foundations. Contains security standard-related finding details.
String verificationState
Indicates the veracity of a finding.
String workflowState
The workflow state of a finding.
String recordState
The record state of a finding.
List<E> relatedFindings
A list of related findings.
Note note
A user-defined note added to a finding.
List<E> productArn
The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub.
List<E> awsAccountId
The AWS account ID that a finding is generated in.
List<E> id
The security findings provider-specific identifier for a finding.
List<E> generatorId
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various security-findings providers' solutions, this generator can be called a rule, a check, a detector, a plug-in, etc.
List<E> type
A finding type in the format of namespace/category/classifier that classifies a finding.
List<E> firstObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured.
List<E> lastObservedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured.
List<E> createdAt
An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured.
List<E> updatedAt
An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record.
List<E> severityProduct
The native severity as defined by the security-findings provider's solution that generated the finding.
List<E> severityNormalized
The normalized severity of a finding.
List<E> severityLabel
The label of a finding's severity.
List<E> confidence
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.
Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.
List<E> criticality
The level of importance assigned to the resources associated with the finding.
A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.
List<E> title
A finding's title.
List<E> description
A finding's description.
List<E> recommendationText
The recommendation of what to do about the issue described in a finding.
List<E> sourceUrl
A URL that links to a page about the current finding in the security-findings provider's solution.
List<E> productFields
A data type where security-findings providers can include additional solution-specific details that aren't part
of the defined AwsSecurityFinding format.
List<E> productName
The name of the solution (product) that generates findings.
List<E> companyName
The name of the findings provider (company) that owns the solution (product) that generates findings.
List<E> userDefinedFields
A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.
List<E> malwareName
The name of the malware that was observed.
List<E> malwareType
The type of the malware that was observed.
List<E> malwarePath
The filesystem path of the malware that was observed.
List<E> malwareState
The state of the malware that was observed.
List<E> networkDirection
Indicates the direction of network traffic associated with a finding.
List<E> networkProtocol
The protocol of network-related information about a finding.
List<E> networkSourceIpV4
The source IPv4 address of network-related information about a finding.
List<E> networkSourceIpV6
The source IPv6 address of network-related information about a finding.
List<E> networkSourcePort
The source port of network-related information about a finding.
List<E> networkSourceDomain
The source domain of network-related information about a finding.
List<E> networkSourceMac
The source media access control (MAC) address of network-related information about a finding.
List<E> networkDestinationIpV4
The destination IPv4 address of network-related information about a finding.
List<E> networkDestinationIpV6
The destination IPv6 address of network-related information about a finding.
List<E> networkDestinationPort
The destination port of network-related information about a finding.
List<E> networkDestinationDomain
The destination domain of network-related information about a finding.
List<E> processName
The name of the process.
List<E> processPath
The path to the process executable.
List<E> processPid
The process ID.
List<E> processParentPid
The parent process ID.
List<E> processLaunchedAt
The date/time that the process was launched.
List<E> processTerminatedAt
The date/time that the process was terminated.
List<E> threatIntelIndicatorType
The type of a threat intelligence indicator.
List<E> threatIntelIndicatorValue
The value of a threat intelligence indicator.
List<E> threatIntelIndicatorCategory
The category of a threat intelligence indicator.
List<E> threatIntelIndicatorLastObservedAt
The date/time of the last observation of a threat intelligence indicator.
List<E> threatIntelIndicatorSource
The source of the threat intelligence.
List<E> threatIntelIndicatorSourceUrl
The URL for more details from the source of the threat intelligence.
List<E> resourceType
Specifies the type of the resource that details are provided for.
List<E> resourceId
The canonical identifier for the given resource type.
List<E> resourcePartition
The canonical AWS partition name that the Region is assigned to.
List<E> resourceRegion
The canonical AWS external Region name where this resource is located.
List<E> resourceTags
A list of AWS tags associated with a resource at the time the finding was processed.
List<E> resourceAwsEc2InstanceType
The instance type of the instance.
List<E> resourceAwsEc2InstanceImageId
The Amazon Machine Image (AMI) ID of the instance.
List<E> resourceAwsEc2InstanceIpV4Addresses
The IPv4 addresses associated with the instance.
List<E> resourceAwsEc2InstanceIpV6Addresses
The IPv6 addresses associated with the instance.
List<E> resourceAwsEc2InstanceKeyName
The key name associated with the instance.
List<E> resourceAwsEc2InstanceIamInstanceProfileArn
The IAM profile ARN of the instance.
List<E> resourceAwsEc2InstanceVpcId
The identifier of the VPC that the instance was launched in.
List<E> resourceAwsEc2InstanceSubnetId
The identifier of the subnet that the instance was launched in.
List<E> resourceAwsEc2InstanceLaunchedAt
The date and time the instance was launched.
List<E> resourceAwsS3BucketOwnerId
The canonical user ID of the owner of the S3 bucket.
List<E> resourceAwsS3BucketOwnerName
The display name of the owner of the S3 bucket.
List<E> resourceAwsIamAccessKeyUserName
The user associated with the IAM access key related to a finding.
List<E> resourceAwsIamAccessKeyStatus
The status of the IAM access key related to a finding.
List<E> resourceAwsIamAccessKeyCreatedAt
The creation date/time of the IAM access key related to a finding.
List<E> resourceContainerName
The name of the container related to a finding.
List<E> resourceContainerImageId
The identifier of the image related to a finding.
List<E> resourceContainerImageName
The name of the image related to a finding.
List<E> resourceContainerLaunchedAt
The date/time that the container was started.
List<E> resourceDetailsOther
The details of a resource that doesn't have a specific subfield for the resource type defined.
List<E> complianceStatus
Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details.
List<E> verificationState
The veracity of a finding.
List<E> workflowState
The workflow state of a finding.
List<E> recordState
The updated record state for the finding.
List<E> relatedFindingsProductArn
The ARN of the solution that generated a related finding.
List<E> relatedFindingsId
The solution-generated identifier for a related finding.
List<E> noteText
The text of a note.
List<E> noteUpdatedAt
The timestamp of when the note was updated.
List<E> noteUpdatedBy
The principal that created a note.
List<E> keyword
A keyword for a finding.
String kmsMasterKeyId
The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK.
List<E> subscription
Subscription is an embedded property that describes the subscription endpoints of an Amazon SNS topic.
String topicName
The name of the topic.
String owner
The subscription's owner.
Integer kmsDataKeyReusePeriodSeconds
The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again.
String kmsMasterKeyId
The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK.
String queueName
The name of the new queue.
String deadLetterTargetArn
The Amazon Resource Name (ARN) of the dead-letter queue to which Amazon SQS moves messages after the value of
maxReceiveCount is exceeded.
String name
A friendly name or description of the WebACL. You can't change the name of a WebACL after you create it.
String defaultAction
The action to perform if none of the Rules contained in the WebACL match.
List<E> rules
An array that contains the action for each rule in a WebACL, the priority of the rule, and the ID of the rule.
String webAclId
A unique identifier for a WebACL.
WafAction action
Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the Rule.
List<E> excludedRules
Rules to exclude from a rule group.
WafOverrideAction overrideAction
Use the OverrideAction to test your RuleGroup.
Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to
None, the RuleGroup blocks a request if any individual rule in the RuleGroup matches the request and
is configured to block that request.
However, if you first want to test the RuleGroup, set the OverrideAction to Count. The
RuleGroup then overrides any block action specified by individual rules contained within the group. Instead of
blocking matching requests, those requests are counted.
ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a
WebACL. In this case you do not use ActivatedRule|Action. For all other update
requests, ActivatedRule|Action is used instead of ActivatedRule|
OverrideAction.
Integer priority
Specifies the order in which the Rules in a WebACL are evaluated. Rules with a lower value for Priority are evaluated before Rules with a higher value. The value must be a unique integer. If you add multiple Rules to a WebACL, the values do not need to be consecutive.
String ruleId
The identifier for a Rule.
String type
The rule type.
Valid values: REGULAR | RATE_BASED | GROUP
The default is REGULAR.
List<E> findings
A list of findings to import. To successfully import a finding, it must follow the AWS Security Finding Format. Maximum of 100 findings per request.
String actionTargetArn
The ARN for the custom action target.
String name
The name of the custom insight to create.
AwsSecurityFindingFilters filters
One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters.
String groupByAttribute
The attribute used as the aggregator to group related findings for the insight.
String insightArn
The ARN of the insight created.
String actionTargetArn
The ARN of the custom action target to delete.
String actionTargetArn
The ARN of the custom action target that was deleted.
String insightArn
The ARN of the insight to delete.
String insightArn
The ARN of the insight that was deleted.
List<E> actionTargetArns
A list of custom action target ARNs for the custom action targets to retrieve.
String nextToken
The token that is required for pagination. On your first call to the DescribeActionTargets
operation, set the value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
Integer maxResults
The maximum number of results to return.
String hubArn
The ARN of the Hub resource to retrieve.
String nextToken
The token that is required for pagination. On your first call to the DescribeProducts operation, set
the value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
Integer maxResults
The maximum number of results to return.
String standardsSubscriptionArn
The ARN of a resource that represents your subscription to a supported standard.
String nextToken
The token that is required for pagination. On your first call to the DescribeStandardsControls
operation, set the value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
Integer maxResults
The maximum number of security standard controls to return.
String nextToken
The token that is required for pagination. On your first call to the DescribeStandards operation,
set the value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
Integer maxResults
The maximum number of standards to return.
String productSubscriptionArn
The ARN of the integrated product to disable the integration for.
String productArn
The ARN of the product to enable the integration for.
String productSubscriptionArn
The ARN of your subscription to the product to enable integrations for.
List<E> standardsSubscriptionArns
The list of the standards subscription ARNs for the standards to retrieve.
String nextToken
The token that is required for pagination. On your first call to the GetEnabledStandards operation,
set the value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
Integer maxResults
The maximum number of results to return in the response.
AwsSecurityFindingFilters filters
The finding attributes used to define a condition to filter the returned findings.
List<E> sortCriteria
The finding attributes used to sort the list of returned findings.
String nextToken
The token that is required for pagination. On your first call to the GetFindings operation, set the
value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
Integer maxResults
The maximum number of findings to return.
String insightArn
The ARN of the insight for which to return results.
InsightResults insightResults
The insight results returned by the operation.
List<E> insightArns
The ARNs of the insights to describe.
String nextToken
The token that is required for pagination. On your first call to the GetInsights operation, set the
value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
Integer maxResults
The maximum number of items to return in the response.
Integer invitationsCount
The number of all membership invitations sent to this Security Hub member account, not including the currently accepted invitation.
Invitation master
A list of details about the Security Hub master account for the current member account.
String insightArn
The ARN of a Security Hub insight.
String name
The name of a Security Hub insight.
AwsSecurityFindingFilters filters
One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters.
String groupByAttribute
The attribute that the insight's findings are grouped by. This attribute is used as a findings aggregator for the purposes of viewing and managing multiple related findings under a single operand.
String insightArn
The ARN of the insight whose results are returned by the GetInsightResults operation.
String groupByAttribute
The attribute that the findings are grouped by for the insight whose results are returned by the
GetInsightResults operation.
List<E> resultValues
The list of insight result values returned by the GetInsightResults operation.
String code
String code
String code
String accountId
The account ID of the Security Hub master account that the invitation was sent from.
String invitationId
The ID of the invitation sent to the member account.
Date invitedAt
The timestamp of when the invitation was sent.
String memberStatus
The current status of the association between the member and master accounts.
String cidr
A finding's CIDR value.
String value
A value for the keyword.
String code
String nextToken
The token that is required for pagination. On your first call to the ListEnabledProductsForImport
operation, set the value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
Integer maxResults
The maximum number of items to return in the response.
Integer maxResults
The maximum number of items to return in the response.
String nextToken
The token that is required for pagination. On your first call to the ListInvitations operation, set
the value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
Boolean onlyAssociated
Specifies which member accounts to include in the response based on their relationship status with the master
account. The default value is TRUE.
If OnlyAssociated is set to TRUE, the response includes member accounts whose
relationship status with the master is set to ENABLED or DISABLED.
If OnlyAssociated is set to FALSE, the response includes all existing member accounts.
Integer maxResults
The maximum number of items to return in the response.
String nextToken
The token that is required for pagination. On your first call to the ListMembers operation, set the
value of this parameter to NULL.
For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.
String resourceArn
The ARN of the resource to retrieve tags for.
String accountId
The AWS account ID of the member account.
String email
The email address of the member account.
String masterId
The AWS account ID of the Security Hub master account associated with this member account.
String memberStatus
The status of the relationship between the member account and its master account.
Date invitedAt
A timestamp for the date and time when the invitation was sent to the member account.
Date updatedAt
The timestamp for the date and time when the member account was updated.
String direction
The direction of network traffic associated with a finding.
String protocol
The protocol of network-related information about a finding.
String sourceIpV4
The source IPv4 address of network-related information about a finding.
String sourceIpV6
The source IPv6 address of network-related information about a finding.
Integer sourcePort
The source port of network-related information about a finding.
String sourceDomain
The source domain of network-related information about a finding.
String sourceMac
The source media access control (MAC) address of network-related information about a finding.
String destinationIpV4
The destination IPv4 address of network-related information about a finding.
String destinationIpV6
The destination IPv6 address of network-related information about a finding.
Integer destinationPort
The destination port of network-related information about a finding.
String destinationDomain
The destination domain of network-related information about a finding.
Double gte
The greater-than-equal condition to be applied to a single field when querying for findings.
Double lte
The less-than-equal condition to be applied to a single field when querying for findings.
Double eq
The equal-to condition to be applied to a single field when querying for findings.
String name
The name of the process.
String path
The path to the process executable.
Integer pid
The process ID.
Integer parentPid
The parent process ID.
String launchedAt
The date/time that the process was launched.
String terminatedAt
The date and time when the process was terminated.
String productArn
The ARN assigned to the product.
String productName
The name of the product.
String companyName
The name of the company that provides the product.
String description
A description of the product.
List<E> categories
The categories assigned to the product.
List<E> integrationTypes
The types of integration that the product supports. Available values are the following.
SEND_FINDINGS_TO_SECURITY_HUB - Indicates that the integration sends findings to Security Hub.
RECEIVE_FINDINGS_FROM_SECURITY_HUB - Indicates that the integration receives findings from Security
Hub.
String marketplaceUrl
The URL for the page that contains more information about the product.
String activationUrl
The URL used to activate the product.
String productSubscriptionResourcePolicy
The resource policy associated with the product.
Recommendation recommendation
A recommendation on the steps to take to remediate the issue identified by a finding.
String type
The type of the resource that details are provided for. If possible, set Type to one of the
supported resource types. For example, if the resource is an EC2 instance, then set Type to
AwsEc2Instance.
If the resource does not match any of the provided types, then set Type to Other.
String id
The canonical identifier for the given resource type.
String partition
The canonical AWS partition name that the Region is assigned to.
String region
The canonical AWS external Region name where this resource is located.
Map<K,V> tags
A list of AWS tags associated with a resource at the time the finding was processed.
ResourceDetails details
Additional details about the resource related to a finding.
String code
AwsCodeBuildProjectDetails awsCodeBuildProject
Details for an AWS CodeBuild project.
AwsCloudFrontDistributionDetails awsCloudFrontDistribution
Details about a CloudFront distribution.
AwsEc2InstanceDetails awsEc2Instance
Details about an Amazon EC2 instance related to a finding.
AwsEc2NetworkInterfaceDetails awsEc2NetworkInterface
Details for an AWS EC2 network interface.
AwsEc2SecurityGroupDetails awsEc2SecurityGroup
Details for an EC2 security group.
AwsElbv2LoadBalancerDetails awsElbv2LoadBalancer
Details about a load balancer.
AwsElasticsearchDomainDetails awsElasticsearchDomain
Details for an Elasticsearch domain.
AwsS3BucketDetails awsS3Bucket
Details about an Amazon S3 Bucket related to a finding.
AwsIamAccessKeyDetails awsIamAccessKey
Details about an IAM access key related to a finding.
AwsIamRoleDetails awsIamRole
Details about an IAM role.
AwsKmsKeyDetails awsKmsKey
Details about a KMS key.
AwsLambdaFunctionDetails awsLambdaFunction
Details about a Lambda function.
AwsLambdaLayerVersionDetails awsLambdaLayerVersion
Details for a Lambda layer version.
AwsRdsDbInstanceDetails awsRdsDbInstance
Details for an RDS database instance.
AwsSnsTopicDetails awsSnsTopic
Details about an SNS topic.
AwsSqsQueueDetails awsSqsQueue
Details about an SQS queue.
AwsWafWebAclDetails awsWafWebAcl
Details for a WAF WebACL.
ContainerDetails container
Details about a container resource related to a finding.
Map<K,V> other
Details about a resource that are not available in a type-specific details object. Use the Other
object in the following cases.
The type-specific object does not contain all of the fields that you want to populate. In this case, first use
the type-specific object to populate those fields. Use the Other object to populate the fields that
are missing from the type-specific object.
The resource type does not have a corresponding object. This includes resources for which the type is
Other.
String code
String standardsControlArn
The ARN of the security standard control.
String controlStatus
The current status of the security standard control. Indicates whether the control is enabled or disabled. Security Hub does not check against disabled controls.
String disabledReason
The reason provided for the most recent change in status for the control.
Date controlStatusUpdatedAt
The date and time that the status of the security standard control was most recently updated.
String controlId
The identifier of the security standard control.
String title
The title of the security standard control.
String description
The longer description of the security standard control. Provides information about what the control is checking for.
String remediationUrl
A link to remediation information for the control in the Security Hub user documentation.
String severityRating
The severity of findings generated from this security standard control.
The finding severity is based on an assessment of how easy it would be to compromise AWS resources if the issue is detected.
List<E> relatedRequirements
The list of requirements that are related to this control.
String standardsSubscriptionArn
The ARN of a resource that represents your subscription to a supported standard.
String standardsArn
The ARN of a standard.
Map<K,V> standardsInput
A key-value pair of input for the standard.
String standardsStatus
The status of the standards subscription.
String standardsArn
The ARN of the standard that you want to enable. To view the list of available standards and their ARNs, use the
DescribeStandards operation.
Map<K,V> standardsInput
A key-value pair of input for the standard.
String type
The type of threat intelligence indicator.
String value
The value of a threat intelligence indicator.
String category
The category of a threat intelligence indicator.
String lastObservedAt
The date and time when the most recent instance of a threat intelligence indicator was observed.
String source
The source of the threat intelligence indicator.
String sourceUrl
The URL to the page or site where you can get more information about the threat intelligence indicator.
AwsSecurityFindingFilters filters
A collection of attributes that specify which findings you want to update.
NoteUpdate note
The updated note for the finding.
String recordState
The updated record state for the finding.
String insightArn
The ARN of the insight that you want to update.
String name
The updated name for the insight.
AwsSecurityFindingFilters filters
The updated filters that define this insight.
String groupByAttribute
The updated GroupBy attribute that defines this insight.
String standardsControlArn
The ARN of the security standard control to enable or disable.
String controlStatus
The updated status of the security standard control.
String disabledReason
A description of the reason why you are disabling a security standard control.
String type
Specifies how you want AWS WAF to respond to requests that match the settings in a Rule.
Valid settings include the following:
ALLOW - AWS WAF allows requests
BLOCK - AWS WAF blocks requests
COUNT - AWS WAF increments a counter of the requests that match all of the conditions in the rule.
AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify
COUNT for the default action for a WebACL.
String ruleId
The unique identifier for the rule to exclude from the rule group.
String type
COUNT overrides the action specified by the individual rule within a RuleGroup .
If set to NONE, the rule's action takes place.
Copyright © 2020. All rights reserved.