UNPKG

@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

357 lines (356 loc) 20.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
export declare const AggregatorV2RegionLinkingMode: { readonly SpecifiedRegions: "SPECIFIED_REGIONS"; }; /** * Indicates to link a list of included Regions */ export type AggregatorV2RegionLinkingMode = (typeof AggregatorV2RegionLinkingMode)[keyof typeof AggregatorV2RegionLinkingMode]; export declare const AutomationRuleDateRangeUnit: { readonly Days: "DAYS"; }; /** * A date range unit for the date filter. */ export type AutomationRuleDateRangeUnit = (typeof AutomationRuleDateRangeUnit)[keyof typeof AutomationRuleDateRangeUnit]; export declare const AutomationRuleMapFilterComparison: { readonly Equals: "EQUALS"; readonly NotEquals: "NOT_EQUALS"; readonly Contains: "CONTAINS"; readonly NotContains: "NOT_CONTAINS"; }; /** * The condition to apply to the key value when filtering Security Hub findings with a map filter. * To search for values that have the filter value, use one of the following comparison operators: * + To search for values that include the filter value, use ``CONTAINS``. For example, for the ``ResourceTags`` field, the filter ``Department CONTAINS Security`` matches findings that include the value ``Security`` for the ``Department`` tag. In the same example, a finding with a value of ``Security team`` for the ``Department`` tag is a match. * + To search for values that exactly match the filter value, use ``EQUALS``. For example, for the ``ResourceTags`` field, the filter ``Department EQUALS Security`` matches findings that have the value ``Security`` for the ``Department`` tag. * * ``CONTAINS`` and ``EQUALS`` filters on the same field are joined by ``OR``. A finding matches if it matches any one of those filters. For example, the filters ``Department CONTAINS Security OR Department CONTAINS Finance`` match a finding that includes either ``Security``, ``Finance``, or both values. * To search for values that don't have the filter value, use one of the following comparison operators: * + To search for values that exclude the filter value, use ``NOT_CONTAINS``. For example, for the ``ResourceTags`` field, the filter ``Department NOT_CONTAINS Finance`` matches findings that exclude the value ``Finance`` for the ``Department`` tag. * + To search for values other than the filter value, use ``NOT_EQUALS``. For example, for the ``ResourceTags`` field, the filter ``Department NOT_EQUALS Finance`` matches findings that don’t have the value ``Finance`` for the ``Department`` tag. * * ``NOT_CONTAINS`` and ``NOT_EQUALS`` filters on the same field are joined by ``AND``. A finding matches only if it matches all of those filters. For example, the filters ``Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance`` match a finding that excludes both the ``Security`` and ``Finance`` values. * ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. * You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can’t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. * ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *User Guide*. */ export type AutomationRuleMapFilterComparison = (typeof AutomationRuleMapFilterComparison)[keyof typeof AutomationRuleMapFilterComparison]; export declare const AutomationRuleRuleStatus: { readonly Enabled: "ENABLED"; readonly Disabled: "DISABLED"; }; /** * Whether the rule is active after it is created. If this parameter is equal to ``ENABLED``, ASH applies the rule to findings and finding updates after the rule is created. */ export type AutomationRuleRuleStatus = (typeof AutomationRuleRuleStatus)[keyof typeof AutomationRuleRuleStatus]; export declare const AutomationRuleSeverityUpdateLabel: { readonly Informational: "INFORMATIONAL"; readonly Low: "LOW"; readonly Medium: "MEDIUM"; readonly High: "HIGH"; readonly Critical: "CRITICAL"; }; /** * The severity value of the finding. The allowed values are the following. * + ``INFORMATIONAL`` - No issue was found. * + ``LOW`` - The issue does not require action on its own. * + ``MEDIUM`` - The issue must be addressed but not urgently. * + ``HIGH`` - The issue must be addressed as a priority. * + ``CRITICAL`` - The issue must be remediated immediately to avoid it escalating. */ export type AutomationRuleSeverityUpdateLabel = (typeof AutomationRuleSeverityUpdateLabel)[keyof typeof AutomationRuleSeverityUpdateLabel]; export declare const AutomationRuleStringFilterComparison: { readonly Equals: "EQUALS"; readonly Prefix: "PREFIX"; readonly NotEquals: "NOT_EQUALS"; readonly PrefixNotEquals: "PREFIX_NOT_EQUALS"; readonly Contains: "CONTAINS"; readonly NotContains: "NOT_CONTAINS"; }; /** * The condition to apply to a string value when filtering Security Hub findings. */ export type AutomationRuleStringFilterComparison = (typeof AutomationRuleStringFilterComparison)[keyof typeof AutomationRuleStringFilterComparison]; export declare const AutomationRuleV2AllowedOperators: { readonly And: "AND"; readonly Or: "OR"; }; /** * The logical operator used to combine multiple conditions */ export type AutomationRuleV2AllowedOperators = (typeof AutomationRuleV2AllowedOperators)[keyof typeof AutomationRuleV2AllowedOperators]; export declare const AutomationRuleV2AutomationRulesActionV2Type: { readonly FindingFieldsUpdate: "FINDING_FIELDS_UPDATE"; readonly ExternalIntegration: "EXTERNAL_INTEGRATION"; }; /** * The category of action to be executed by the automation rule */ export type AutomationRuleV2AutomationRulesActionV2Type = (typeof AutomationRuleV2AutomationRulesActionV2Type)[keyof typeof AutomationRuleV2AutomationRulesActionV2Type]; export declare const AutomationRuleV2DateRangeUnit: { readonly Days: "DAYS"; }; /** * A date range unit for the date filter */ export type AutomationRuleV2DateRangeUnit = (typeof AutomationRuleV2DateRangeUnit)[keyof typeof AutomationRuleV2DateRangeUnit]; export declare const AutomationRuleV2MapFilterComparison: { readonly Equals: "EQUALS"; readonly NotEquals: "NOT_EQUALS"; }; /** * The condition to apply to the key value when filtering findings with a map filter */ export type AutomationRuleV2MapFilterComparison = (typeof AutomationRuleV2MapFilterComparison)[keyof typeof AutomationRuleV2MapFilterComparison]; export declare const AutomationRuleV2OcsfBooleanFilterFieldName: { readonly ComplianceAssessmentsMeetsCriteria: "compliance.assessments.meets_criteria"; readonly VulnerabilitiesIsExploitAvailable: "vulnerabilities.is_exploit_available"; readonly VulnerabilitiesIsFixAvailable: "vulnerabilities.is_fix_available"; }; /** * The name of the field */ export type AutomationRuleV2OcsfBooleanFilterFieldName = (typeof AutomationRuleV2OcsfBooleanFilterFieldName)[keyof typeof AutomationRuleV2OcsfBooleanFilterFieldName]; export declare const AutomationRuleV2OcsfDateFilterFieldName: { readonly FindingInfoCreatedTimeDt: "finding_info.created_time_dt"; readonly FindingInfoFirstSeenTimeDt: "finding_info.first_seen_time_dt"; readonly FindingInfoLastSeenTimeDt: "finding_info.last_seen_time_dt"; readonly FindingInfoModifiedTimeDt: "finding_info.modified_time_dt"; }; /** * The name of the field */ export type AutomationRuleV2OcsfDateFilterFieldName = (typeof AutomationRuleV2OcsfDateFilterFieldName)[keyof typeof AutomationRuleV2OcsfDateFilterFieldName]; export declare const AutomationRuleV2OcsfMapFilterFieldName: { readonly ResourcesTags: "resources.tags"; }; /** * The name of the field */ export type AutomationRuleV2OcsfMapFilterFieldName = (typeof AutomationRuleV2OcsfMapFilterFieldName)[keyof typeof AutomationRuleV2OcsfMapFilterFieldName]; export declare const AutomationRuleV2OcsfNumberFilterFieldName: { readonly ActivityId: "activity_id"; readonly ComplianceStatusId: "compliance.status_id"; readonly ConfidenceScore: "confidence_score"; readonly SeverityId: "severity_id"; readonly StatusId: "status_id"; readonly FindingInfoRelatedEventsCount: "finding_info.related_events_count"; }; /** * The name of the field */ export type AutomationRuleV2OcsfNumberFilterFieldName = (typeof AutomationRuleV2OcsfNumberFilterFieldName)[keyof typeof AutomationRuleV2OcsfNumberFilterFieldName]; export declare const AutomationRuleV2OcsfStringField: { readonly MetadataUid: "metadata.uid"; readonly ActivityName: "activity_name"; readonly CloudAccountName: "cloud.account.name"; readonly CloudAccountUid: "cloud.account.uid"; readonly CloudProvider: "cloud.provider"; readonly CloudRegion: "cloud.region"; readonly ComplianceAssessmentsCategory: "compliance.assessments.category"; readonly ComplianceAssessmentsName: "compliance.assessments.name"; readonly ComplianceControl: "compliance.control"; readonly ComplianceStatus: "compliance.status"; readonly ComplianceStandards: "compliance.standards"; readonly FindingInfoDesc: "finding_info.desc"; readonly FindingInfoSrcUrl: "finding_info.src_url"; readonly FindingInfoTitle: "finding_info.title"; readonly FindingInfoTypes: "finding_info.types"; readonly FindingInfoUid: "finding_info.uid"; readonly FindingInfoRelatedEventsUid: "finding_info.related_events.uid"; readonly FindingInfoRelatedEventsProductUid: "finding_info.related_events.product.uid"; readonly FindingInfoRelatedEventsTitle: "finding_info.related_events.title"; readonly MetadataProductFeatureUid: "metadata.product.feature.uid"; readonly MetadataProductName: "metadata.product.name"; readonly MetadataProductUid: "metadata.product.uid"; readonly MetadataProductVendorName: "metadata.product.vendor_name"; readonly RemediationDesc: "remediation.desc"; readonly RemediationReferences: "remediation.references"; readonly ResourcesCloudPartition: "resources.cloud_partition"; readonly ResourcesName: "resources.name"; readonly ResourcesRegion: "resources.region"; readonly ResourcesType: "resources.type"; readonly ResourcesUid: "resources.uid"; readonly Severity: "severity"; readonly Status: "status"; readonly Comment: "comment"; readonly VulnerabilitiesFixCoverage: "vulnerabilities.fix_coverage"; readonly ClassName: "class_name"; }; /** * The name of the field */ export type AutomationRuleV2OcsfStringField = (typeof AutomationRuleV2OcsfStringField)[keyof typeof AutomationRuleV2OcsfStringField]; export declare const AutomationRuleV2RuleStatus: { readonly Enabled: "ENABLED"; readonly Disabled: "DISABLED"; }; /** * The status of the automation rule */ export type AutomationRuleV2RuleStatus = (typeof AutomationRuleV2RuleStatus)[keyof typeof AutomationRuleV2RuleStatus]; export declare const AutomationRuleV2StringFilterComparison: { readonly Equals: "EQUALS"; readonly Prefix: "PREFIX"; readonly NotEquals: "NOT_EQUALS"; readonly PrefixNotEquals: "PREFIX_NOT_EQUALS"; readonly Contains: "CONTAINS"; }; /** * The condition to apply to a string value when filtering findings */ export type AutomationRuleV2StringFilterComparison = (typeof AutomationRuleV2StringFilterComparison)[keyof typeof AutomationRuleV2StringFilterComparison]; export declare const AutomationRuleWorkflowUpdateStatus: { readonly New: "NEW"; readonly Notified: "NOTIFIED"; readonly Resolved: "RESOLVED"; readonly Suppressed: "SUPPRESSED"; }; /** * The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to ``SUPPRESSED`` or ``RESOLVED`` does not prevent a new finding for the same issue. * The allowed values are the following. * + ``NEW`` - The initial state of a finding, before it is reviewed. * Security Hub also resets ``WorkFlowStatus`` from ``NOTIFIED`` or ``RESOLVED`` to ``NEW`` in the following cases: * + The record state changes from ``ARCHIVED`` to ``ACTIVE``. * + The compliance status changes from ``PASSED`` to either ``WARNING``, ``FAILED``, or ``NOT_AVAILABLE``. * * + ``NOTIFIED`` - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner. * + ``RESOLVED`` - The finding was reviewed and remediated and is now considered resolved. * + ``SUPPRESSED`` - Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated. */ export type AutomationRuleWorkflowUpdateStatus = (typeof AutomationRuleWorkflowUpdateStatus)[keyof typeof AutomationRuleWorkflowUpdateStatus]; export declare const AutomationRulesActionType: { readonly FindingFieldsUpdate: "FINDING_FIELDS_UPDATE"; }; /** * Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule. */ export type AutomationRulesActionType = (typeof AutomationRulesActionType)[keyof typeof AutomationRulesActionType]; export declare const AutomationRulesFindingFieldsUpdateVerificationState: { readonly Unknown: "UNKNOWN"; readonly TruePositive: "TRUE_POSITIVE"; readonly FalsePositive: "FALSE_POSITIVE"; readonly BenignPositive: "BENIGN_POSITIVE"; }; /** * The rule action updates the ``VerificationState`` field of a finding. */ export type AutomationRulesFindingFieldsUpdateVerificationState = (typeof AutomationRulesFindingFieldsUpdateVerificationState)[keyof typeof AutomationRulesFindingFieldsUpdateVerificationState]; export declare const ConfigurationPolicyParameterConfigurationValueType: { readonly Default: "DEFAULT"; readonly Custom: "CUSTOM"; }; /** * Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior. */ export type ConfigurationPolicyParameterConfigurationValueType = (typeof ConfigurationPolicyParameterConfigurationValueType)[keyof typeof ConfigurationPolicyParameterConfigurationValueType]; export declare const DelegatedAdminStatus: { readonly Enabled: "ENABLED"; readonly DisableInProgress: "DISABLE_IN_PROGRESS"; }; /** * Whether the delegated Security Hub administrator is set for the organization. */ export type DelegatedAdminStatus = (typeof DelegatedAdminStatus)[keyof typeof DelegatedAdminStatus]; export declare const FindingAggregatorRegionLinkingMode: { readonly AllRegions: "ALL_REGIONS"; readonly AllRegionsExceptSpecified: "ALL_REGIONS_EXCEPT_SPECIFIED"; readonly SpecifiedRegions: "SPECIFIED_REGIONS"; }; /** * Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them. * The selected option also determines how to use the Regions provided in the Regions list. * In CFN, the options for this property are as follows: * + ``ALL_REGIONS`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. * + ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. * + ``SPECIFIED_REGIONS`` - Indicates to aggregate findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions. */ export type FindingAggregatorRegionLinkingMode = (typeof FindingAggregatorRegionLinkingMode)[keyof typeof FindingAggregatorRegionLinkingMode]; export declare const InsightDateRangeUnit: { readonly Days: "DAYS"; }; /** * A date range unit for the date filter. */ export type InsightDateRangeUnit = (typeof InsightDateRangeUnit)[keyof typeof InsightDateRangeUnit]; export declare const InsightMapFilterComparison: { readonly Equals: "EQUALS"; readonly NotEquals: "NOT_EQUALS"; }; /** * The condition to apply to the key value when filtering Security Hub findings with a map filter. */ export type InsightMapFilterComparison = (typeof InsightMapFilterComparison)[keyof typeof InsightMapFilterComparison]; export declare const InsightStringFilterComparison: { readonly Equals: "EQUALS"; readonly Prefix: "PREFIX"; readonly NotEquals: "NOT_EQUALS"; readonly PrefixNotEquals: "PREFIX_NOT_EQUALS"; }; /** * The condition to apply to a string value when filtering Security Hub findings. */ export type InsightStringFilterComparison = (typeof InsightStringFilterComparison)[keyof typeof InsightStringFilterComparison]; export declare const OrganizationConfigurationAutoEnableStandards: { readonly Default: "DEFAULT"; readonly None: "NONE"; }; /** * Whether to automatically enable Security Hub default standards in new member accounts when they join the organization. */ export type OrganizationConfigurationAutoEnableStandards = (typeof OrganizationConfigurationAutoEnableStandards)[keyof typeof OrganizationConfigurationAutoEnableStandards]; export declare const OrganizationConfigurationConfigurationType: { readonly Central: "CENTRAL"; readonly Local: "LOCAL"; }; /** * Indicates whether the organization uses local or central configuration. */ export type OrganizationConfigurationConfigurationType = (typeof OrganizationConfigurationConfigurationType)[keyof typeof OrganizationConfigurationConfigurationType]; export declare const OrganizationConfigurationStatus: { readonly Pending: "PENDING"; readonly Enabled: "ENABLED"; readonly Failed: "FAILED"; }; /** * Describes whether central configuration could be enabled as the ConfigurationType for the organization. */ export type OrganizationConfigurationStatus = (typeof OrganizationConfigurationStatus)[keyof typeof OrganizationConfigurationStatus]; export declare const PolicyAssociationAssociationStatus: { readonly Success: "SUCCESS"; readonly Pending: "PENDING"; readonly Failed: "FAILED"; }; /** * The current status of the association between the specified target and the configuration */ export type PolicyAssociationAssociationStatus = (typeof PolicyAssociationAssociationStatus)[keyof typeof PolicyAssociationAssociationStatus]; export declare const PolicyAssociationAssociationType: { readonly Applied: "APPLIED"; readonly Inherited: "INHERITED"; }; /** * Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent */ export type PolicyAssociationAssociationType = (typeof PolicyAssociationAssociationType)[keyof typeof PolicyAssociationAssociationType]; export declare const PolicyAssociationTargetType: { readonly Account: "ACCOUNT"; readonly OrganizationalUnit: "ORGANIZATIONAL_UNIT"; readonly Root: "ROOT"; }; /** * Indicates whether the target is an AWS account, organizational unit, or the organization root */ export type PolicyAssociationTargetType = (typeof PolicyAssociationTargetType)[keyof typeof PolicyAssociationTargetType]; export declare const SecurityControlParameterConfigurationValueType: { readonly Default: "DEFAULT"; readonly Custom: "CUSTOM"; }; /** * Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior. * * When `ValueType` is set equal to `DEFAULT` , the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When `ValueType` is set equal to `DEFAULT` , Security Hub ignores user-provided input for the `Value` field. * * When `ValueType` is set equal to `CUSTOM` , the `Value` field can't be empty. */ export type SecurityControlParameterConfigurationValueType = (typeof SecurityControlParameterConfigurationValueType)[keyof typeof SecurityControlParameterConfigurationValueType];