AWS SecurityHub Update: Added support for cross-Region finding aggreg…

…ation, which replicates findings from linked Regions to a single aggregation Region. Added operations to view, enable, update, and delete the finding aggregation.
aws · Oct 20, 2021 · f12e5c4 · f12e5c4
1 parent d1949db
commit f12e5c4
Show file tree

Hide file tree

Showing 3 changed files with 272 additions and 1 deletion.
diff --git a/.changes/next-release/feature-AWSSecurityHub-ca90d73.json b/.changes/next-release/feature-AWSSecurityHub-ca90d73.json
@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AWS SecurityHub",
+    "contributor": "",
+    "description": "Added support for cross-Region finding aggregation, which replicates findings from linked Regions to a single aggregation Region. Added operations to view, enable, update, and delete the finding aggregation."
+}
diff --git a/services/securityhub/src/main/resources/codegen-resources/paginators-1.json b/services/securityhub/src/main/resources/codegen-resources/paginators-1.json
@@ -48,6 +48,12 @@
       "limit_key": "MaxResults",
       "result_key": "ProductSubscriptions"
     },
+    "ListFindingAggregators": {
+      "input_token": "NextToken",
+      "output_token": "NextToken",
+      "limit_key": "MaxResults",
+      "result_key": "FindingAggregators"
+    },
     "ListInvitations": {
       "input_token": "NextToken",
       "output_token": "NextToken",

diff --git a/services/securityhub/src/main/resources/codegen-resources/service-2.json b/services/securityhub/src/main/resources/codegen-resources/service-2.json
@@ -129,6 +129,23 @@
       ],
       "documentation":"<p>Creates a custom action target in Security Hub.</p> <p>You can use custom actions on findings and insights in Security Hub to trigger target actions in Amazon CloudWatch Events.</p>"
     },
+    "CreateFindingAggregator":{
+      "name":"CreateFindingAggregator",
+      "http":{
+        "method":"POST",
+        "requestUri":"/findingAggregator/create"
+      },
+      "input":{"shape":"CreateFindingAggregatorRequest"},
+      "output":{"shape":"CreateFindingAggregatorResponse"},
+      "errors":[
+        {"shape":"InternalException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"InvalidAccessException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidInputException"}
+      ],
+      "documentation":"<p>Used to enable finding aggregation. Must be called from the aggregation Region.</p> <p>For more details about cross-Region replication, see <a href=\"securityhub/latest/userguide/finding-aggregation.html\">Configuring finding aggregation</a> in the <i>Security Hub User Guide</i>. </p>"
+    },
     "CreateInsight":{
       "name":"CreateInsight",
       "http":{
@@ -195,6 +212,24 @@
       ],
       "documentation":"<p>Deletes a custom action target from Security Hub.</p> <p>Deleting a custom action target does not affect any findings or insights that were already sent to Amazon CloudWatch Events using the custom action.</p>"
     },
+    "DeleteFindingAggregator":{
+      "name":"DeleteFindingAggregator",
+      "http":{
+        "method":"DELETE",
+        "requestUri":"/findingAggregator/delete/{FindingAggregatorArn+}"
+      },
+      "input":{"shape":"DeleteFindingAggregatorRequest"},
+      "output":{"shape":"DeleteFindingAggregatorResponse"},
+      "errors":[
+        {"shape":"InternalException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"InvalidAccessException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Deletes a finding aggregator. When you delete the finding aggregator, you stop finding aggregation.</p> <p>When you stop finding aggregation, findings that were already aggregated to the aggregation Region are still visible from the aggregation Region. New findings and finding updates are not aggregated. </p>"
+    },
     "DeleteInsight":{
       "name":"DeleteInsight",
       "http":{
@@ -527,6 +562,24 @@
       ],
       "documentation":"<p>Returns a list of the standards that are currently enabled.</p>"
     },
+    "GetFindingAggregator":{
+      "name":"GetFindingAggregator",
+      "http":{
+        "method":"GET",
+        "requestUri":"/findingAggregator/get/{FindingAggregatorArn+}"
+      },
+      "input":{"shape":"GetFindingAggregatorRequest"},
+      "output":{"shape":"GetFindingAggregatorResponse"},
+      "errors":[
+        {"shape":"InternalException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"InvalidAccessException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Returns the current finding aggregation configuration.</p>"
+    },
     "GetFindings":{
       "name":"GetFindings",
       "http":{
@@ -541,7 +594,7 @@
         {"shape":"InvalidAccessException"},
         {"shape":"LimitExceededException"}
       ],
-      "documentation":"<p>Returns a list of findings that match the specified criteria.</p>"
+      "documentation":"<p>Returns a list of findings that match the specified criteria.</p> <p>If finding aggregation is enabled, then when you call <code>GetFindings</code> from the aggregation Region, the results include all of the matching findings from both the aggregation Region and the linked Regions.</p>"
     },
     "GetInsightResults":{
       "name":"GetInsightResults",
@@ -661,6 +714,23 @@
       ],
       "documentation":"<p>Lists all findings-generating solutions (products) that you are subscribed to receive findings from in Security Hub.</p>"
     },
+    "ListFindingAggregators":{
+      "name":"ListFindingAggregators",
+      "http":{
+        "method":"GET",
+        "requestUri":"/findingAggregator/list"
+      },
+      "input":{"shape":"ListFindingAggregatorsRequest"},
+      "output":{"shape":"ListFindingAggregatorsResponse"},
+      "errors":[
+        {"shape":"InternalException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"InvalidAccessException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidInputException"}
+      ],
+      "documentation":"<p>If finding aggregation is enabled, then <code>ListFindingAggregators</code> returns the ARN of the finding aggregator. You can run this operation from any Region.</p>"
+    },
     "ListInvitations":{
       "name":"ListInvitations",
       "http":{
@@ -771,6 +841,24 @@
       ],
       "documentation":"<p>Updates the name and description of a custom action target in Security Hub.</p>"
     },
+    "UpdateFindingAggregator":{
+      "name":"UpdateFindingAggregator",
+      "http":{
+        "method":"PATCH",
+        "requestUri":"/findingAggregator/update"
+      },
+      "input":{"shape":"UpdateFindingAggregatorRequest"},
+      "output":{"shape":"UpdateFindingAggregatorResponse"},
+      "errors":[
+        {"shape":"InternalException"},
+        {"shape":"LimitExceededException"},
+        {"shape":"InvalidAccessException"},
+        {"shape":"AccessDeniedException"},
+        {"shape":"InvalidInputException"},
+        {"shape":"ResourceNotFoundException"}
+      ],
+      "documentation":"<p>Updates the finding aggregation configuration. Used to update the Region linking mode and the list of included or excluded Regions. You cannot use <code>UpdateFindingAggregator</code> to change the aggregation Region.</p> <p>You must run <code>UpdateFindingAggregator</code> from the current aggregation Region. </p>"
+    },
     "UpdateFindings":{
       "name":"UpdateFindings",
       "http":{
@@ -10074,6 +10162,41 @@
         }
       }
     },
+    "CreateFindingAggregatorRequest":{
+      "type":"structure",
+      "required":["RegionLinkingMode"],
+      "members":{
+        "RegionLinkingMode":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.</p> <p>The selected option also determines how to use the Regions provided in the Regions list.</p> <p>The options are as follows:</p> <ul> <li> <p> <code>ALL_REGIONS</code> - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. </p> </li> <li> <p> <code>ALL_REGIONS_EXCEPT_SPECIFIED</code> - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the <code>Regions</code> parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. </p> </li> <li> <p> <code>SPECIFIED_REGIONS</code> - Indicates to aggregate findings only from the Regions listed in the <code>Regions</code> parameter. Security Hub does not automatically aggregate findings from new Regions. </p> </li> </ul>"
+        },
+        "Regions":{
+          "shape":"StringList",
+          "documentation":"<p>If <code>RegionLinkingMode</code> is <code>ALL_REGIONS_EXCEPT_SPECIFIED</code>, then this is a comma-separated list of Regions that do not aggregate findings to the aggregation Region.</p> <p>If <code>RegionLinkingMode</code> is <code>SPECIFIED_REGIONS</code>, then this is a comma-separated list of Regions that do aggregate findings to the aggregation Region. </p>"
+        }
+      }
+    },
+    "CreateFindingAggregatorResponse":{
+      "type":"structure",
+      "members":{
+        "FindingAggregatorArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop finding aggregation.</p>"
+        },
+        "FindingAggregationRegion":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The aggregation Region.</p>"
+        },
+        "RegionLinkingMode":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.</p>"
+        },
+        "Regions":{
+          "shape":"StringList",
+          "documentation":"<p>The list of excluded Regions or included Regions.</p>"
+        }
+      }
+    },
     "CreateInsightRequest":{
       "type":"structure",
       "required":[
@@ -10295,6 +10418,23 @@
         }
       }
     },
+    "DeleteFindingAggregatorRequest":{
+      "type":"structure",
+      "required":["FindingAggregatorArn"],
+      "members":{
+        "FindingAggregatorArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the finding aggregator to delete. To obtain the ARN, use <code>ListFindingAggregators</code>.</p>",
+          "location":"uri",
+          "locationName":"FindingAggregatorArn"
+        }
+      }
+    },
+    "DeleteFindingAggregatorResponse":{
+      "type":"structure",
+      "members":{
+      }
+    },
     "DeleteInsightRequest":{
       "type":"structure",
       "required":["InsightArn"],
@@ -10689,6 +10829,20 @@
       "key":{"shape":"NonEmptyString"},
       "value":{"shape":"NonEmptyString"}
     },
+    "FindingAggregator":{
+      "type":"structure",
+      "members":{
+        "FindingAggregatorArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and delete the finding aggregator.</p>"
+        }
+      },
+      "documentation":"<p>A finding aggregator. A finding aggregator contains the configuration for finding aggregation.</p>"
+    },
+    "FindingAggregatorList":{
+      "type":"list",
+      "member":{"shape":"FindingAggregator"}
+    },
     "FindingProviderFields":{
       "type":"structure",
       "members":{
@@ -10784,6 +10938,39 @@
         }
       }
     },
+    "GetFindingAggregatorRequest":{
+      "type":"structure",
+      "required":["FindingAggregatorArn"],
+      "members":{
+        "FindingAggregatorArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the finding aggregator to return details for. To obtain the ARN, use <code>ListFindingAggregators</code>.</p>",
+          "location":"uri",
+          "locationName":"FindingAggregatorArn"
+        }
+      }
+    },
+    "GetFindingAggregatorResponse":{
+      "type":"structure",
+      "members":{
+        "FindingAggregatorArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the finding aggregator.</p>"
+        },
+        "FindingAggregationRegion":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The aggregation Region.</p>"
+        },
+        "RegionLinkingMode":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.</p>"
+        },
+        "Regions":{
+          "shape":"StringList",
+          "documentation":"<p>The list of excluded Regions or included Regions.</p>"
+        }
+      }
+    },
     "GetFindingsRequest":{
       "type":"structure",
       "members":{
@@ -11245,6 +11432,36 @@
         }
       }
     },
+    "ListFindingAggregatorsRequest":{
+      "type":"structure",
+      "members":{
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>The token returned with the previous set of results. Identifies the next set of results to return.</p>",
+          "location":"querystring",
+          "locationName":"NextToken"
+        },
+        "MaxResults":{
+          "shape":"MaxResults",
+          "documentation":"<p>The maximum number of results to return. This operation currently only returns a single result.</p>",
+          "location":"querystring",
+          "locationName":"MaxResults"
+        }
+      }
+    },
+    "ListFindingAggregatorsResponse":{
+      "type":"structure",
+      "members":{
+        "FindingAggregators":{
+          "shape":"FindingAggregatorList",
+          "documentation":"<p>The list of finding aggregators. This operation currently only returns a single result.</p>"
+        },
+        "NextToken":{
+          "shape":"NextToken",
+          "documentation":"<p>If there are more results, this is the token to provide in the next call to <code>ListFindingAggregators</code>.</p> <p>This operation currently only returns a single result. </p>"
+        }
+      }
+    },
     "ListInvitationsRequest":{
       "type":"structure",
       "members":{
@@ -12953,6 +13170,48 @@
       "members":{
       }
     },
+    "UpdateFindingAggregatorRequest":{
+      "type":"structure",
+      "required":[
+        "FindingAggregatorArn",
+        "RegionLinkingMode"
+      ],
+      "members":{
+        "FindingAggregatorArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the finding aggregator. To obtain the ARN, use <code>ListFindingAggregators</code>.</p>"
+        },
+        "RegionLinkingMode":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.</p> <p>The selected option also determines how to use the Regions provided in the Regions list.</p> <p>The options are as follows:</p> <ul> <li> <p> <code>ALL_REGIONS</code> - Indicates to aggregate findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. </p> </li> <li> <p> <code>ALL_REGIONS_EXCEPT_SPECIFIED</code> - Indicates to aggregate findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the <code>Regions</code> parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. </p> </li> <li> <p> <code>SPECIFIED_REGIONS</code> - Indicates to aggregate findings only from the Regions listed in the <code>Regions</code> parameter. Security Hub does not automatically aggregate findings from new Regions. </p> </li> </ul>"
+        },
+        "Regions":{
+          "shape":"StringList",
+          "documentation":"<p>If <code>RegionLinkingMode</code> is <code>ALL_REGIONS_EXCEPT_SPECIFIED</code>, then this is a comma-separated list of Regions that do not aggregate findings to the aggregation Region.</p> <p>If <code>RegionLinkingMode</code> is <code>SPECIFIED_REGIONS</code>, then this is a comma-separated list of Regions that do aggregate findings to the aggregation Region.</p>"
+        }
+      }
+    },
+    "UpdateFindingAggregatorResponse":{
+      "type":"structure",
+      "members":{
+        "FindingAggregatorArn":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The ARN of the finding aggregator.</p>"
+        },
+        "FindingAggregationRegion":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>The aggregation Region.</p>"
+        },
+        "RegionLinkingMode":{
+          "shape":"NonEmptyString",
+          "documentation":"<p>Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.</p>"
+        },
+        "Regions":{
+          "shape":"StringList",
+          "documentation":"<p>The list of excluded Regions or included Regions.</p>"
+        }
+      }
+    },
     "UpdateFindingsRequest":{
       "type":"structure",
       "required":["Filters"],