From 535fa09bb703af64deb609d7d670078e61e66d5f Mon Sep 17 00:00:00 2001 From: awssdkgo Date: Tue, 2 Jun 2020 18:09:28 +0000 Subject: [PATCH] Release v1.31.9 (2020-06-02) === ### Service Client Updates * `service/guardduty`: Updates service API and documentation * Amazon GuardDuty findings now include S3 bucket details under the resource section if an S3 Bucket was one of the affected resources --- CHANGELOG.md | 7 + aws/version.go | 2 +- models/apis/guardduty/2017-11-28/api-2.json | 167 +++++++ models/apis/guardduty/2017-11-28/docs-2.json | 109 ++++- service/guardduty/api.go | 441 ++++++++++++++++++- 5 files changed, 699 insertions(+), 27 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff34389c03b..18d53673d25 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +Release v1.31.9 (2020-06-02) +=== + +### Service Client Updates +* `service/guardduty`: Updates service API and documentation + * Amazon GuardDuty findings now include S3 bucket details under the resource section if an S3 Bucket was one of the affected resources + Release v1.31.8 (2020-06-01) === diff --git a/aws/version.go b/aws/version.go index f6162839e27..1078db6496a 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.31.8" +const SDKVersion = "1.31.9" diff --git a/models/apis/guardduty/2017-11-28/api-2.json b/models/apis/guardduty/2017-11-28/api-2.json index fec0b1407d0..ca3c98032df 100644 --- a/models/apis/guardduty/2017-11-28/api-2.json +++ b/models/apis/guardduty/2017-11-28/api-2.json @@ -812,6 +812,19 @@ "members":{ } }, + "AccessControlList":{ + "type":"structure", + "members":{ + "AllowsPublicReadAccess":{ + "shape":"Boolean", + "locationName":"allowsPublicReadAccess" + }, + "AllowsPublicWriteAccess":{ + "shape":"Boolean", + "locationName":"allowsPublicWriteAccess" + } + } + }, "AccessKeyDetails":{ "type":"structure", "members":{ @@ -867,6 +880,15 @@ "max":50, "min":1 }, + "AccountLevelPermissions":{ + "type":"structure", + "members":{ + "BlockPublicAccess":{ + "shape":"BlockPublicAccess", + "locationName":"blockPublicAccess" + } + } + }, "Action":{ "type":"structure", "members":{ @@ -983,7 +1005,58 @@ "error":{"httpStatusCode":400}, "exception":true }, + "BlockPublicAccess":{ + "type":"structure", + "members":{ + "IgnorePublicAcls":{ + "shape":"Boolean", + "locationName":"ignorePublicAcls" + }, + "RestrictPublicBuckets":{ + "shape":"Boolean", + "locationName":"restrictPublicBuckets" + }, + "BlockPublicAcls":{ + "shape":"Boolean", + "locationName":"blockPublicAcls" + }, + "BlockPublicPolicy":{ + "shape":"Boolean", + "locationName":"blockPublicPolicy" + } + } + }, "Boolean":{"type":"boolean"}, + "BucketLevelPermissions":{ + "type":"structure", + "members":{ + "AccessControlList":{ + "shape":"AccessControlList", + "locationName":"accessControlList" + }, + "BucketPolicy":{ + "shape":"BucketPolicy", + "locationName":"bucketPolicy" + }, + "BlockPublicAccess":{ + "shape":"BlockPublicAccess", + "locationName":"blockPublicAccess" + } + } + }, + "BucketPolicy":{ + "type":"structure", + "members":{ + "AllowsPublicReadAccess":{ + "shape":"Boolean", + "locationName":"allowsPublicReadAccess" + }, + "AllowsPublicWriteAccess":{ + "shape":"Boolean", + "locationName":"allowsPublicWriteAccess" + } + } + }, "City":{ "type":"structure", "members":{ @@ -1376,6 +1449,19 @@ } } }, + "DefaultServerSideEncryption":{ + "type":"structure", + "members":{ + "EncryptionType":{ + "shape":"String", + "locationName":"encryptionType" + }, + "KmsMasterKeyArn":{ + "shape":"String", + "locationName":"kmsMasterKeyArn" + } + } + }, "DeleteDetectorRequest":{ "type":"structure", "required":["DetectorId"], @@ -3055,6 +3141,28 @@ } } }, + "Owner":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"String", + "locationName":"id" + } + } + }, + "PermissionConfiguration":{ + "type":"structure", + "members":{ + "BucketLevelPermissions":{ + "shape":"BucketLevelPermissions", + "locationName":"bucketLevelPermissions" + }, + "AccountLevelPermissions":{ + "shape":"AccountLevelPermissions", + "locationName":"accountLevelPermissions" + } + } + }, "PortProbeAction":{ "type":"structure", "members":{ @@ -3123,6 +3231,19 @@ "type":"list", "member":{"shape":"ProductCode"} }, + "PublicAccess":{ + "type":"structure", + "members":{ + "PermissionConfiguration":{ + "shape":"PermissionConfiguration", + "locationName":"permissionConfiguration" + }, + "EffectivePermission":{ + "shape":"String", + "locationName":"effectivePermission" + } + } + }, "PublishingStatus":{ "type":"string", "enum":[ @@ -3179,6 +3300,10 @@ "shape":"AccessKeyDetails", "locationName":"accessKeyDetails" }, + "S3BucketDetails":{ + "shape":"S3BucketDetails", + "locationName":"s3BucketDetails" + }, "InstanceDetails":{ "shape":"InstanceDetails", "locationName":"instanceDetails" @@ -3189,6 +3314,47 @@ } } }, + "S3BucketDetail":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"String", + "locationName":"arn" + }, + "Name":{ + "shape":"String", + "locationName":"name" + }, + "Type":{ + "shape":"String", + "locationName":"type" + }, + "CreatedAt":{ + "shape":"Timestamp", + "locationName":"createdAt" + }, + "Owner":{ + "shape":"Owner", + "locationName":"owner" + }, + "Tags":{ + "shape":"Tags", + "locationName":"tags" + }, + "DefaultServerSideEncryption":{ + "shape":"DefaultServerSideEncryption", + "locationName":"defaultServerSideEncryption" + }, + "PublicAccess":{ + "shape":"PublicAccess", + "locationName":"publicAccess" + } + } + }, + "S3BucketDetails":{ + "type":"list", + "member":{"shape":"S3BucketDetail"} + }, "SecurityGroup":{ "type":"structure", "members":{ @@ -3438,6 +3604,7 @@ "type":"list", "member":{"shape":"String"} }, + "Timestamp":{"type":"timestamp"}, "UnarchiveFindingsRequest":{ "type":"structure", "required":[ diff --git a/models/apis/guardduty/2017-11-28/docs-2.json b/models/apis/guardduty/2017-11-28/docs-2.json index 1e3c5fdc578..75fe8249c45 100644 --- a/models/apis/guardduty/2017-11-28/docs-2.json +++ b/models/apis/guardduty/2017-11-28/docs-2.json @@ -40,7 +40,7 @@ "ListFindings": "

Lists Amazon GuardDuty findings for the specified detector ID.

", "ListIPSets": "

Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated master account.

", "ListInvitations": "

Lists all GuardDuty membership invitations that were sent to the current AWS account.

", - "ListMembers": "

Lists details about associated member accounts for the current GuardDuty master account.

", + "ListMembers": "

Lists details about all member accounts for the current GuardDuty master account.

", "ListOrganizationAdminAccounts": "

Lists the accounts configured as GuardDuty delegated administrators.

", "ListPublishingDestinations": "

Returns a list of publishing destinations associated with the specified dectectorId.

", "ListTagsForResource": "

Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, and threat intel sets, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.

", @@ -69,6 +69,12 @@ "refs": { } }, + "AccessControlList": { + "base": "

Contains information on the current access control policies for the bucket.

", + "refs": { + "BucketLevelPermissions$AccessControlList": "

Contains information on how Access Control Policies are applied to the bucket.

" + } + }, "AccessKeyDetails": { "base": "

Contains information about the access keys.

", "refs": { @@ -111,6 +117,12 @@ "StopMonitoringMembersRequest$AccountIds": "

A list of account IDs for the member accounts to stop monitoring.

" } }, + "AccountLevelPermissions": { + "base": "

Contains information about the account level permissions on the S3 bucket.

", + "refs": { + "PermissionConfiguration$AccountLevelPermissions": "

Contains information about the account level permissions on the S3 bucket.

" + } + }, "Action": { "base": "

Contains information about actions.

", "refs": { @@ -156,9 +168,24 @@ "refs": { } }, + "BlockPublicAccess": { + "base": "

Contains information on how the bucker owner's S3 Block Public Access settings are being applied to the S3 bucket. See S3 Block Public Access for more information.

", + "refs": { + "AccountLevelPermissions$BlockPublicAccess": "

Describes the S3 Block Public Access settings of the bucket's parent account.

", + "BucketLevelPermissions$BlockPublicAccess": "

Contains information on which account level S3 Block Public Access settings are applied to the S3 bucket.

" + } + }, "Boolean": { "base": null, "refs": { + "AccessControlList$AllowsPublicReadAccess": "

A value that indicates whether public read access for the bucket is enabled through an Access Control List (ACL).

", + "AccessControlList$AllowsPublicWriteAccess": "

A value that indicates whether public write access for the bucket is enabled through an Access Control List (ACL).

", + "BlockPublicAccess$IgnorePublicAcls": "

Indicates if S3 Block Public Access is set to IgnorePublicAcls.

", + "BlockPublicAccess$RestrictPublicBuckets": "

Indicates if S3 Block Public Access is set to RestrictPublicBuckets.

", + "BlockPublicAccess$BlockPublicAcls": "

Indicates if S3 Block Public Access is set to BlockPublicAcls.

", + "BlockPublicAccess$BlockPublicPolicy": "

Indicates if S3 Block Public Access is set to BlockPublicPolicy.

", + "BucketPolicy$AllowsPublicReadAccess": "

A value that indicates whether public read access for the bucket is enabled through a bucket policy.

", + "BucketPolicy$AllowsPublicWriteAccess": "

A value that indicates whether public write access for the bucket is enabled through a bucket policy.

", "CreateDetectorRequest$Enable": "

A Boolean value that specifies whether the detector is to be enabled.

", "CreateIPSetRequest$Activate": "

A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.

", "CreateThreatIntelSetRequest$Activate": "

A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

", @@ -174,6 +201,18 @@ "UpdateThreatIntelSetRequest$Activate": "

The updated Boolean value that specifies whether the ThreateIntelSet is active or not.

" } }, + "BucketLevelPermissions": { + "base": "

Contains information about the bucket level permissions for the S3 bucket.

", + "refs": { + "PermissionConfiguration$BucketLevelPermissions": "

Contains information about the bucket level permissions for the S3 bucket.

" + } + }, + "BucketPolicy": { + "base": "

Contains information on the current bucket policies for the S3 bucket.

", + "refs": { + "BucketLevelPermissions$BucketPolicy": "

Contains information on the bucket policies for the S3 bucket.

" + } + }, "City": { "base": "

Contains information about the city associated with the IP address.

", "refs": { @@ -294,6 +333,12 @@ "refs": { } }, + "DefaultServerSideEncryption": { + "base": "

Contains information on the server side encryption method used in the S3 bucket. See S3 Server-Side Encryption for more information.

", + "refs": { + "S3BucketDetail$DefaultServerSideEncryption": "

Describes the server side encryption method used in the S3 bucket.

" + } + }, "DeleteDetectorRequest": { "base": null, "refs": { @@ -620,7 +665,7 @@ "CreateFilterRequest$FindingCriteria": "

Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

", "GetFilterResponse$FindingCriteria": "

Represents the criteria to be used in the filter for querying findings.

", "GetFindingsStatisticsRequest$FindingCriteria": "

Represents the criteria that is used for querying findings.

", - "ListFindingsRequest$FindingCriteria": "

Represents the criteria used for querying findings. Valid values include:

", + "ListFindingsRequest$FindingCriteria": "

Represents the criteria used for querying findings. Valid values include:

", "UpdateFilterRequest$FindingCriteria": "

Represents the criteria to be used in the filter for querying findings.

" } }, @@ -984,12 +1029,12 @@ "Location": { "base": null, "refs": { - "CreateIPSetRequest$Location": "

The URI of the file that contains the IPSet.

", - "CreateThreatIntelSetRequest$Location": "

The URI of the file that contains the ThreatIntelSet.

", - "GetIPSetResponse$Location": "

The URI of the file that contains the IPSet.

", - "GetThreatIntelSetResponse$Location": "

The URI of the file that contains the ThreatIntelSet.

", - "UpdateIPSetRequest$Location": "

The updated URI of the file that contains the IPSet.

", - "UpdateThreatIntelSetRequest$Location": "

The updated URI of the file that contains the ThreateIntelSet.

" + "CreateIPSetRequest$Location": "

The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.

", + "CreateThreatIntelSetRequest$Location": "

The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.

", + "GetIPSetResponse$Location": "

The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.

", + "GetThreatIntelSetResponse$Location": "

The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.

", + "UpdateIPSetRequest$Location": "

The updated URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.

", + "UpdateThreatIntelSetRequest$Location": "

The updated URI of the file that contains the ThreateIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.

" } }, "Long": { @@ -1088,6 +1133,18 @@ "RemoteIpDetails$Organization": "

The ISP organization information of the remote IP address.

" } }, + "Owner": { + "base": "

Contains information on the owner of the bucket.

", + "refs": { + "S3BucketDetail$Owner": "

The owner of the S3 bucket.

" + } + }, + "PermissionConfiguration": { + "base": "

Contains information about how permissions are configured for the S3 bucket.

", + "refs": { + "PublicAccess$PermissionConfiguration": "

Contains information about how permissions are configured for the S3 bucket.

" + } + }, "PortProbeAction": { "base": "

Contains information about the PORT_PROBE action described in the finding.

", "refs": { @@ -1130,6 +1187,12 @@ "InstanceDetails$ProductCodes": "

The product code of the EC2 instance.

" } }, + "PublicAccess": { + "base": "

Describes the public access policies that apply to the S3 bucket.

", + "refs": { + "S3BucketDetail$PublicAccess": "

Describes the public access policies that apply to the S3 bucket.

" + } + }, "PublishingStatus": { "base": null, "refs": { @@ -1157,6 +1220,18 @@ "Finding$Resource": null } }, + "S3BucketDetail": { + "base": null, + "refs": { + "S3BucketDetails$member": null + } + }, + "S3BucketDetails": { + "base": "

Contains information on the S3 bucket.

", + "refs": { + "Resource$S3BucketDetails": "

Contains information on the S3 bucket.

" + } + }, "SecurityGroup": { "base": "

Contains information about the security groups associated with the EC2 instance.

", "refs": { @@ -1226,6 +1301,8 @@ "CreatePublishingDestinationResponse$DestinationId": "

The ID of the publishing destination that is created.

", "CreateThreatIntelSetResponse$ThreatIntelSetId": "

The ID of the ThreatIntelSet resource.

", "Criterion$key": null, + "DefaultServerSideEncryption$EncryptionType": "

The type of encryption used for objects within the S3 bucket.

", + "DefaultServerSideEncryption$KmsMasterKeyArn": "

The Amazon Resource Name (ARN) of the KMS encryption key. Only available if the bucket EncryptionType is aws:kms.

", "DeleteFilterRequest$FilterName": "

The name of the filter that you want to delete.

", "DeleteIPSetRequest$IpSetId": "

The unique ID of the IPSet to delete.

", "DeletePublishingDestinationRequest$DestinationId": "

The ID of the publishing destination to delete.

", @@ -1287,7 +1364,7 @@ "ListInvitationsRequest$NextToken": "

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

", "ListInvitationsResponse$NextToken": "

The pagination parameter to be used on the next list operation to retrieve more items.

", "ListMembersRequest$NextToken": "

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

", - "ListMembersRequest$OnlyAssociated": "

Specifies what member accounts the response includes based on their relationship status with the master account. The default value is \"true\". If set to \"false\" the response includes all existing member accounts (including members who haven't been invited yet or have been disassociated).

", + "ListMembersRequest$OnlyAssociated": "

Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated).

", "ListMembersResponse$NextToken": "

The pagination parameter to be used on the next list operation to retrieve more items.

", "ListOrganizationAdminAccountsRequest$NextToken": "

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

", "ListOrganizationAdminAccountsResponse$NextToken": "

The pagination parameter to be used on the next list operation to retrieve more items.

", @@ -1319,13 +1396,18 @@ "Organization$AsnOrg": "

The organization that registered this ASN.

", "Organization$Isp": "

The ISP information for the internet provider.

", "Organization$Org": "

The name of the internet provider.

", + "Owner$Id": "

The canonical user ID of the bucket owner. For information about locating your canonical user ID see Finding Your Account Canonical User ID.

", "PrivateIpAddressDetails$PrivateDnsName": "

The private DNS name of the EC2 instance.

", "PrivateIpAddressDetails$PrivateIpAddress": "

The private IP address of the EC2 instance.

", "ProductCode$Code": "

The product code information.

", "ProductCode$ProductType": "

The product code type.

", + "PublicAccess$EffectivePermission": "

Describes the effective permission on this bucket after factoring all attached policies.

", "RemoteIpDetails$IpAddressV4": "

The IPv4 remote address of the connection.

", "RemotePortDetails$PortName": "

The port name of the remote connection.

", "Resource$ResourceType": "

The type of AWS resource.

", + "S3BucketDetail$Arn": "

The Amazon Resource Name (ARN) of the S3 bucket.

", + "S3BucketDetail$Name": "

The name of the S3 bucket.

", + "S3BucketDetail$Type": "

Describes whether the bucket is a source or destination bucket.

", "SecurityGroup$GroupId": "

The security group ID of the EC2 instance.

", "SecurityGroup$GroupName": "

The security group name of the EC2 instance.

", "Service$EventFirstSeen": "

The first-seen timestamp of the activity that prompted GuardDuty to generate this finding.

", @@ -1400,7 +1482,8 @@ "Tags": { "base": null, "refs": { - "InstanceDetails$Tags": "

The tags of the EC2 instance.

" + "InstanceDetails$Tags": "

The tags of the EC2 instance.

", + "S3BucketDetail$Tags": "

All tags attached to the S3 bucket

" } }, "ThreatIntelSetFormat": { @@ -1440,6 +1523,12 @@ "ThreatIntelligenceDetail$ThreatNames": "

A list of names of the threats in the threat intelligence list that triggered the finding.

" } }, + "Timestamp": { + "base": null, + "refs": { + "S3BucketDetail$CreatedAt": "

The date and time the bucket was created at.

" + } + }, "UnarchiveFindingsRequest": { "base": null, "refs": { diff --git a/service/guardduty/api.go b/service/guardduty/api.go index a4156437305..e1f8ce0b2aa 100644 --- a/service/guardduty/api.go +++ b/service/guardduty/api.go @@ -4,6 +4,7 @@ package guardduty import ( "fmt" + "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awsutil" @@ -3514,8 +3515,8 @@ func (c *GuardDuty) ListMembersRequest(input *ListMembersInput) (req *request.Re // ListMembers API operation for Amazon GuardDuty. // -// Lists details about associated member accounts for the current GuardDuty -// master account. +// Lists details about all member accounts for the current GuardDuty master +// account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5191,6 +5192,41 @@ func (s AcceptInvitationOutput) GoString() string { return s.String() } +// Contains information on the current access control policies for the bucket. +type AccessControlList struct { + _ struct{} `type:"structure"` + + // A value that indicates whether public read access for the bucket is enabled + // through an Access Control List (ACL). + AllowsPublicReadAccess *bool `locationName:"allowsPublicReadAccess" type:"boolean"` + + // A value that indicates whether public write access for the bucket is enabled + // through an Access Control List (ACL). + AllowsPublicWriteAccess *bool `locationName:"allowsPublicWriteAccess" type:"boolean"` +} + +// String returns the string representation +func (s AccessControlList) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AccessControlList) GoString() string { + return s.String() +} + +// SetAllowsPublicReadAccess sets the AllowsPublicReadAccess field's value. +func (s *AccessControlList) SetAllowsPublicReadAccess(v bool) *AccessControlList { + s.AllowsPublicReadAccess = &v + return s +} + +// SetAllowsPublicWriteAccess sets the AllowsPublicWriteAccess field's value. +func (s *AccessControlList) SetAllowsPublicWriteAccess(v bool) *AccessControlList { + s.AllowsPublicWriteAccess = &v + return s +} + // Contains information about the access keys. type AccessKeyDetails struct { _ struct{} `type:"structure"` @@ -5301,6 +5337,30 @@ func (s *AccountDetail) SetEmail(v string) *AccountDetail { return s } +// Contains information about the account level permissions on the S3 bucket. +type AccountLevelPermissions struct { + _ struct{} `type:"structure"` + + // Describes the S3 Block Public Access settings of the bucket's parent account. + BlockPublicAccess *BlockPublicAccess `locationName:"blockPublicAccess" type:"structure"` +} + +// String returns the string representation +func (s AccountLevelPermissions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AccountLevelPermissions) GoString() string { + return s.String() +} + +// SetBlockPublicAccess sets the BlockPublicAccess field's value. +func (s *AccountLevelPermissions) SetBlockPublicAccess(v *BlockPublicAccess) *AccountLevelPermissions { + s.BlockPublicAccess = v + return s +} + // Contains information about actions. type Action struct { _ struct{} `type:"structure"` @@ -5585,6 +5645,137 @@ func (s *BadRequestException) RequestID() string { return s.RespMetadata.RequestID } +// Contains information on how the bucker owner's S3 Block Public Access settings +// are being applied to the S3 bucket. See S3 Block Public Access (https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html) +// for more information. +type BlockPublicAccess struct { + _ struct{} `type:"structure"` + + // Indicates if S3 Block Public Access is set to BlockPublicAcls. + BlockPublicAcls *bool `locationName:"blockPublicAcls" type:"boolean"` + + // Indicates if S3 Block Public Access is set to BlockPublicPolicy. + BlockPublicPolicy *bool `locationName:"blockPublicPolicy" type:"boolean"` + + // Indicates if S3 Block Public Access is set to IgnorePublicAcls. + IgnorePublicAcls *bool `locationName:"ignorePublicAcls" type:"boolean"` + + // Indicates if S3 Block Public Access is set to RestrictPublicBuckets. + RestrictPublicBuckets *bool `locationName:"restrictPublicBuckets" type:"boolean"` +} + +// String returns the string representation +func (s BlockPublicAccess) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s BlockPublicAccess) GoString() string { + return s.String() +} + +// SetBlockPublicAcls sets the BlockPublicAcls field's value. +func (s *BlockPublicAccess) SetBlockPublicAcls(v bool) *BlockPublicAccess { + s.BlockPublicAcls = &v + return s +} + +// SetBlockPublicPolicy sets the BlockPublicPolicy field's value. +func (s *BlockPublicAccess) SetBlockPublicPolicy(v bool) *BlockPublicAccess { + s.BlockPublicPolicy = &v + return s +} + +// SetIgnorePublicAcls sets the IgnorePublicAcls field's value. +func (s *BlockPublicAccess) SetIgnorePublicAcls(v bool) *BlockPublicAccess { + s.IgnorePublicAcls = &v + return s +} + +// SetRestrictPublicBuckets sets the RestrictPublicBuckets field's value. +func (s *BlockPublicAccess) SetRestrictPublicBuckets(v bool) *BlockPublicAccess { + s.RestrictPublicBuckets = &v + return s +} + +// Contains information about the bucket level permissions for the S3 bucket. +type BucketLevelPermissions struct { + _ struct{} `type:"structure"` + + // Contains information on how Access Control Policies are applied to the bucket. + AccessControlList *AccessControlList `locationName:"accessControlList" type:"structure"` + + // Contains information on which account level S3 Block Public Access settings + // are applied to the S3 bucket. + BlockPublicAccess *BlockPublicAccess `locationName:"blockPublicAccess" type:"structure"` + + // Contains information on the bucket policies for the S3 bucket. + BucketPolicy *BucketPolicy `locationName:"bucketPolicy" type:"structure"` +} + +// String returns the string representation +func (s BucketLevelPermissions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s BucketLevelPermissions) GoString() string { + return s.String() +} + +// SetAccessControlList sets the AccessControlList field's value. +func (s *BucketLevelPermissions) SetAccessControlList(v *AccessControlList) *BucketLevelPermissions { + s.AccessControlList = v + return s +} + +// SetBlockPublicAccess sets the BlockPublicAccess field's value. +func (s *BucketLevelPermissions) SetBlockPublicAccess(v *BlockPublicAccess) *BucketLevelPermissions { + s.BlockPublicAccess = v + return s +} + +// SetBucketPolicy sets the BucketPolicy field's value. +func (s *BucketLevelPermissions) SetBucketPolicy(v *BucketPolicy) *BucketLevelPermissions { + s.BucketPolicy = v + return s +} + +// Contains information on the current bucket policies for the S3 bucket. +type BucketPolicy struct { + _ struct{} `type:"structure"` + + // A value that indicates whether public read access for the bucket is enabled + // through a bucket policy. + AllowsPublicReadAccess *bool `locationName:"allowsPublicReadAccess" type:"boolean"` + + // A value that indicates whether public write access for the bucket is enabled + // through a bucket policy. + AllowsPublicWriteAccess *bool `locationName:"allowsPublicWriteAccess" type:"boolean"` +} + +// String returns the string representation +func (s BucketPolicy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s BucketPolicy) GoString() string { + return s.String() +} + +// SetAllowsPublicReadAccess sets the AllowsPublicReadAccess field's value. +func (s *BucketPolicy) SetAllowsPublicReadAccess(v bool) *BucketPolicy { + s.AllowsPublicReadAccess = &v + return s +} + +// SetAllowsPublicWriteAccess sets the AllowsPublicWriteAccess field's value. +func (s *BucketPolicy) SetAllowsPublicWriteAccess(v bool) *BucketPolicy { + s.AllowsPublicWriteAccess = &v + return s +} + // Contains information about the city associated with the IP address. type City struct { _ struct{} `type:"structure"` @@ -6162,7 +6353,7 @@ type CreateIPSetInput struct { // Format is a required field Format *string `locationName:"format" min:"1" type:"string" required:"true" enum:"IpSetFormat"` - // The URI of the file that contains the IPSet. + // The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. // // Location is a required field Location *string `locationName:"location" min:"1" type:"string" required:"true"` @@ -6587,7 +6778,7 @@ type CreateThreatIntelSetInput struct { // Format is a required field Format *string `locationName:"format" min:"1" type:"string" required:"true" enum:"ThreatIntelSetFormat"` - // The URI of the file that contains the ThreatIntelSet. + // The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. // // Location is a required field Location *string `locationName:"location" min:"1" type:"string" required:"true"` @@ -6787,6 +6978,42 @@ func (s *DeclineInvitationsOutput) SetUnprocessedAccounts(v []*UnprocessedAccoun return s } +// Contains information on the server side encryption method used in the S3 +// bucket. See S3 Server-Side Encryption (https://docs.aws.amazon.com/AmazonS3/atest/dev/serv-side-encryption.html) +// for more information. +type DefaultServerSideEncryption struct { + _ struct{} `type:"structure"` + + // The type of encryption used for objects within the S3 bucket. + EncryptionType *string `locationName:"encryptionType" type:"string"` + + // The Amazon Resource Name (ARN) of the KMS encryption key. Only available + // if the bucket EncryptionType is aws:kms. + KmsMasterKeyArn *string `locationName:"kmsMasterKeyArn" type:"string"` +} + +// String returns the string representation +func (s DefaultServerSideEncryption) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DefaultServerSideEncryption) GoString() string { + return s.String() +} + +// SetEncryptionType sets the EncryptionType field's value. +func (s *DefaultServerSideEncryption) SetEncryptionType(v string) *DefaultServerSideEncryption { + s.EncryptionType = &v + return s +} + +// SetKmsMasterKeyArn sets the KmsMasterKeyArn field's value. +func (s *DefaultServerSideEncryption) SetKmsMasterKeyArn(v string) *DefaultServerSideEncryption { + s.KmsMasterKeyArn = &v + return s +} + type DeleteDetectorInput struct { _ struct{} `type:"structure"` @@ -8644,7 +8871,7 @@ type GetIPSetOutput struct { // Format is a required field Format *string `locationName:"format" min:"1" type:"string" required:"true" enum:"IpSetFormat"` - // The URI of the file that contains the IPSet. + // The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. // // Location is a required field Location *string `locationName:"location" min:"1" type:"string" required:"true"` @@ -8968,7 +9195,7 @@ type GetThreatIntelSetOutput struct { // Format is a required field Format *string `locationName:"format" min:"1" type:"string" required:"true" enum:"ThreatIntelSetFormat"` - // The URI of the file that contains the ThreatIntelSet. + // The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. // // Location is a required field Location *string `locationName:"location" min:"1" type:"string" required:"true"` @@ -9632,8 +9859,6 @@ type ListFindingsInput struct { // // * resource.instanceDetails.instanceId // - // * resource.instanceDetails.outpostArn - // // * resource.instanceDetails.networkInterfaces.ipv6Addresses // // * resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress @@ -9684,8 +9909,6 @@ type ListFindingsInput struct { // // * service.action.networkConnectionAction.protocol // - // * service.action.networkConnectionAction.localIpDetails.ipAddressV4 - // // * service.action.networkConnectionAction.remoteIpDetails.city.cityName // // * service.action.networkConnectionAction.remoteIpDetails.country.countryName @@ -10023,10 +10246,8 @@ type ListMembersInput struct { // from the previous response to continue listing data. NextToken *string `location:"querystring" locationName:"nextToken" type:"string"` - // Specifies what member accounts the response includes based on their relationship - // status with the master account. The default value is "true". If set to "false" - // the response includes all existing member accounts (including members who - // haven't been invited yet or have been disassociated). + // Specifies whether to only return associated members or to return all members + // (including members who haven't been invited yet or have been disassociated). OnlyAssociated *string `location:"querystring" locationName:"onlyAssociated" type:"string"` } @@ -10898,6 +11119,64 @@ func (s *Organization) SetOrg(v string) *Organization { return s } +// Contains information on the owner of the bucket. +type Owner struct { + _ struct{} `type:"structure"` + + // The canonical user ID of the bucket owner. For information about locating + // your canonical user ID see Finding Your Account Canonical User ID. (https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId) + Id *string `locationName:"id" type:"string"` +} + +// String returns the string representation +func (s Owner) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Owner) GoString() string { + return s.String() +} + +// SetId sets the Id field's value. +func (s *Owner) SetId(v string) *Owner { + s.Id = &v + return s +} + +// Contains information about how permissions are configured for the S3 bucket. +type PermissionConfiguration struct { + _ struct{} `type:"structure"` + + // Contains information about the account level permissions on the S3 bucket. + AccountLevelPermissions *AccountLevelPermissions `locationName:"accountLevelPermissions" type:"structure"` + + // Contains information about the bucket level permissions for the S3 bucket. + BucketLevelPermissions *BucketLevelPermissions `locationName:"bucketLevelPermissions" type:"structure"` +} + +// String returns the string representation +func (s PermissionConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PermissionConfiguration) GoString() string { + return s.String() +} + +// SetAccountLevelPermissions sets the AccountLevelPermissions field's value. +func (s *PermissionConfiguration) SetAccountLevelPermissions(v *AccountLevelPermissions) *PermissionConfiguration { + s.AccountLevelPermissions = v + return s +} + +// SetBucketLevelPermissions sets the BucketLevelPermissions field's value. +func (s *PermissionConfiguration) SetBucketLevelPermissions(v *BucketLevelPermissions) *PermissionConfiguration { + s.BucketLevelPermissions = v + return s +} + // Contains information about the PORT_PROBE action described in the finding. type PortProbeAction struct { _ struct{} `type:"structure"` @@ -11040,6 +11319,40 @@ func (s *ProductCode) SetProductType(v string) *ProductCode { return s } +// Describes the public access policies that apply to the S3 bucket. +type PublicAccess struct { + _ struct{} `type:"structure"` + + // Describes the effective permission on this bucket after factoring all attached + // policies. + EffectivePermission *string `locationName:"effectivePermission" type:"string"` + + // Contains information about how permissions are configured for the S3 bucket. + PermissionConfiguration *PermissionConfiguration `locationName:"permissionConfiguration" type:"structure"` +} + +// String returns the string representation +func (s PublicAccess) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PublicAccess) GoString() string { + return s.String() +} + +// SetEffectivePermission sets the EffectivePermission field's value. +func (s *PublicAccess) SetEffectivePermission(v string) *PublicAccess { + s.EffectivePermission = &v + return s +} + +// SetPermissionConfiguration sets the PermissionConfiguration field's value. +func (s *PublicAccess) SetPermissionConfiguration(v *PermissionConfiguration) *PublicAccess { + s.PermissionConfiguration = v + return s +} + // Contains information about the remote IP address of the connection. type RemoteIpDetails struct { _ struct{} `type:"structure"` @@ -11148,6 +11461,9 @@ type Resource struct { // The type of AWS resource. ResourceType *string `locationName:"resourceType" type:"string"` + + // Contains information on the S3 bucket. + S3BucketDetails []*S3BucketDetail `locationName:"s3BucketDetails" type:"list"` } // String returns the string representation @@ -11178,6 +11494,98 @@ func (s *Resource) SetResourceType(v string) *Resource { return s } +// SetS3BucketDetails sets the S3BucketDetails field's value. +func (s *Resource) SetS3BucketDetails(v []*S3BucketDetail) *Resource { + s.S3BucketDetails = v + return s +} + +type S3BucketDetail struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the S3 bucket. + Arn *string `locationName:"arn" type:"string"` + + // The date and time the bucket was created at. + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"` + + // Describes the server side encryption method used in the S3 bucket. + DefaultServerSideEncryption *DefaultServerSideEncryption `locationName:"defaultServerSideEncryption" type:"structure"` + + // The name of the S3 bucket. + Name *string `locationName:"name" type:"string"` + + // The owner of the S3 bucket. + Owner *Owner `locationName:"owner" type:"structure"` + + // Describes the public access policies that apply to the S3 bucket. + PublicAccess *PublicAccess `locationName:"publicAccess" type:"structure"` + + // All tags attached to the S3 bucket + Tags []*Tag `locationName:"tags" type:"list"` + + // Describes whether the bucket is a source or destination bucket. + Type *string `locationName:"type" type:"string"` +} + +// String returns the string representation +func (s S3BucketDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s S3BucketDetail) GoString() string { + return s.String() +} + +// SetArn sets the Arn field's value. +func (s *S3BucketDetail) SetArn(v string) *S3BucketDetail { + s.Arn = &v + return s +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *S3BucketDetail) SetCreatedAt(v time.Time) *S3BucketDetail { + s.CreatedAt = &v + return s +} + +// SetDefaultServerSideEncryption sets the DefaultServerSideEncryption field's value. +func (s *S3BucketDetail) SetDefaultServerSideEncryption(v *DefaultServerSideEncryption) *S3BucketDetail { + s.DefaultServerSideEncryption = v + return s +} + +// SetName sets the Name field's value. +func (s *S3BucketDetail) SetName(v string) *S3BucketDetail { + s.Name = &v + return s +} + +// SetOwner sets the Owner field's value. +func (s *S3BucketDetail) SetOwner(v *Owner) *S3BucketDetail { + s.Owner = v + return s +} + +// SetPublicAccess sets the PublicAccess field's value. +func (s *S3BucketDetail) SetPublicAccess(v *PublicAccess) *S3BucketDetail { + s.PublicAccess = v + return s +} + +// SetTags sets the Tags field's value. +func (s *S3BucketDetail) SetTags(v []*Tag) *S3BucketDetail { + s.Tags = v + return s +} + +// SetType sets the Type field's value. +func (s *S3BucketDetail) SetType(v string) *S3BucketDetail { + s.Type = &v + return s +} + // Contains information about the security groups associated with the EC2 instance. type SecurityGroup struct { _ struct{} `type:"structure"` @@ -12153,7 +12561,7 @@ type UpdateIPSetInput struct { // IpSetId is a required field IpSetId *string `location:"uri" locationName:"ipSetId" type:"string" required:"true"` - // The updated URI of the file that contains the IPSet. + // The updated URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. Location *string `locationName:"location" min:"1" type:"string"` // The unique ID that specifies the IPSet that you want to update. @@ -12406,7 +12814,8 @@ type UpdateThreatIntelSetInput struct { // DetectorId is a required field DetectorId *string `location:"uri" locationName:"detectorId" min:"1" type:"string" required:"true"` - // The updated URI of the file that contains the ThreateIntelSet. + // The updated URI of the file that contains the ThreateIntelSet. For example: + // https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key. Location *string `locationName:"location" min:"1" type:"string"` // The unique ID that specifies the ThreatIntelSet that you want to update.