ASFF attributes - AWS Security Hub

ASFF attributes

Listed below are the attributes and objects for the AWS Security Finding Format (ASFF). To see the details for an object's attributes and structure, choose the object name.

Required attributes

The following attributes are required for all findings.

AwsAccountId

Required

The AWS account ID that the finding applies to.

Type: String

Maximum length: 12 digits

Example

"AwsAccountId": "111111111111"
CreatedAt

Required

Indicates when the potential security issue captured by a finding was created.

The CreatedAt timestamp reflects the time when the finding record was created. Consequently, it can differ from the FirstObservedAt timestamp, which reflects the time when the event or vulnerability was first observed.

This timestamp must be provided on the first generation of the finding and can't be changed upon subsequent updates to the finding.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"CreatedAt": "2017-03-22T13:22:13.933Z"
Note

Findings are deleted 90 days after the most recent update or 90 days after the creation date if no update occurs. To store findings for longer than 90 days, you can configure a rule in Amazon EventBridge that routes findings to your S3 bucket.

Description

Required

A finding's description. This field can be nonspecific boilerplate text or details that are specific to the instance of the finding.

Type: String

Maximum length: 1,024

Example

"Description": "The version of openssl found on instance i-abcd1234 is known to contain a vulnerability."
GeneratorId

Required

The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various solutions from security findings products, this generator can be called a rule, a check, a detector, a plugin, and so on.

Type: String or ARN

Maximum length: 512

Example

"GeneratorId": "acme-vuln-9ab348"
Id

Required

The product-specific identifier for a finding.

Type: String or ARN

Maximum length: 512

The finding ID must comply with the following constraints:

  • The ID must be globally unique within the product. To enforce uniqueness, you can incorporate the public AWS Region name and account ID in the identifier.

  • You cannot recycle identifiers regardless of whether the previous finding no longer exists.

  • The ID must only contain characters from the unreserved characters set defined in section 2.3 of RFC-3986 Uniform Resource Identifier (URI): Generic Syntax.

  • For services outside of AWS, the ID cannot be prefixed with the literal string "arn:".

  • For AWS services, the ID must be the ARN of the finding if one is available. Otherwise, you can use any other unique identifier.

These constraints are expected to hold within a findings product, but are not required to hold across findings products.

Example

"Id": "us-west-2/111111111111/98aebb2207407c87f51e89943f12b1ef"
ProductArn

Required

The ARN generated by Security Hub that uniquely identifies a third-party findings product after the product is registered with Security Hub.

Type: ARN

The format of this field is arn:partition:securityhub:region:account-id:product/company-id/product-id.

  • For AWS services that are integrated with Security Hub, the company-id must be "aws", and the product-id must be the AWS public service name. Because AWS products and services aren't associated with an account, the account-id section of the ARN is empty. AWS services that are not yet integrated with Security Hub are considered third-party products.

  • For public products, the company-id and product-id must be the ID values specified at the time of registration.

  • For private products, the company-id must be the account ID. The product-id must be the reserved word "default" or the ID that was specified at the time of registration.

Example:

// Private ARN "ProductArn": "arn:aws:securityhub:us-east-1:111111111111:product/111111111111/default" // Public ARN "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty" "ProductArn": "arn:aws:securityhub:us-west-2:222222222222:product/generico/secure-pro"
Resources

Required

A set of resource data types that describe the resources that the finding refers to.

Type: Array of up to 32 resource objects

Example

"Resources": [ { "Type": "AwsEc2Instance", "Id": "i-cafebabe", "Partition": "aws", "Region": "us-west-2", "Tags": { "billingCode": "Lotus-1-2-3", "needsPatching": "true" }, "Details": { "AwsEc2Instance": { "Type": "i3.xlarge", "ImageId": "ami-abcd1234", "IpV4Addresses": [ "54.194.252.215", "192.168.1.88" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "IamInstanceProfileArn": "arn:aws:iam::111111111111:instance-profile/AdminRole", "VpcId": "vpc-11112222", "SubnetId": "subnet-56f5f633", "LaunchedAt": "2018-05-08T16:46:19.000Z" } } } ]
SchemaVersion

Required

The schema version that a finding is formatted for. The value of this field must be one of the officially published versions identified by AWS.

In the current release, the AWS Security Finding Format schema version is 2018-10-08.

Type: String

Maximum length: 10

Format: YYYY-MM-DD

Example

"SchemaVersion": "2018-10-08"
Severity

Required

A finding's severity.

The finding must have either Label or Normalized populated. Label is the preferred attribute. Normalized is no longer relevant. Security Hub populates Normalized but does not otherwise use it. If neither attribute is populated, then the finding is invalid.

Severity should only be updated by BatchUpdateFindings.

To provide severity information, finding providers should use the Severity object under FindingProviderFields. See Using FindingProviderFields.

Type: Object

Example

"Severity": { "Label": "CRITICAL", "Original": "8.3" }
Title

Required

A finding's title. This field can contain nonspecific boilerplate text or details that are specific to this instance of the finding.

Type: String

Maximum length: 256

Types

Required

One or more finding types in the format of namespace/category/classifier that classify a finding.

Types should only be updated using BatchUpdateFindings.

Finding providers who want to provide a value for Types should use the Types attribute under FindingProviderFields. See Using FindingProviderFields.

Type: Array of 50 strings maximum

  • namespace must be a value from the predefined set of namespace values.

    Valid values: Software and Configuration Checks | TTPs | Effects | Unusual Behaviors | Sensitive Data Identifications

  • category might be any value, but it is recommended that finding products use categories from the finding type taxonomy in Types taxonomy for ASFF.

  • classifier might be any value, but it is recommended that finding providers use the identifier verbatim defined by published standards whenever possible.

Namespaces are required for all finding types, but categories and classifiers are optional. If you specify a classifier, you must also specify a category.

The '/' character is reserved and must not be used in a category or classifier. Escaping the '/' character is not supported.

Example

"Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ]
UpdatedAt

Required

Indicates when the finding provider last updated the finding record.

This timestamp reflects the time when the finding record was last or most recently updated. Consequently, it can differ from the LastObservedAt timestamp, which reflects when the event or vulnerability was last or most recently observed.

When you update the finding record, you must update this timestamp to the current timestamp. Upon creation of a finding record, the CreatedAt and UpdatedAt timestamps must be the same timestamp. After an update to the finding record, the value of this field must be greater than all of the previous values that it contained.

Note that UpdatedAt is not updated by changes from BatchUpdateFindings. It is only updated by BatchImportFindings.

Findings are deleted 90 days after the most recent update or 90 days after the creation date if no update occurs. To store findings for longer than 90 days, you can configure a rule in CloudWatch Events that routes findings to your Amazon S3 bucket.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Other top-level attributes

Action

Optional

Provides details about an action that affects or that was taken on a resource.

Type: Object

Compliance

Optional

Finding details related to a control. Only returned for findings generated from a control.

Type: Object

Example

"Compliance": { "RelatedRequirements": ["Req1", "Req2"], "Status": "PASSED", "StatusReasons": [ { "ReasonCode": "CLOUDWATCH_ALARMS_NOT_PRESENT"; "Description": "CloudWatch alarms do not exist in the account" } ] }
Confidence

Optional

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Confidence should only be updated using BatchUpdateFindings.

Finding providers who want to provide a value for Confidence should use the Confidence attribute under FindingProviderFields. See Using FindingProviderFields.

Type: Integer (range 0–100)

Confidence is scored on a 0–100 basis using a ratio scale, where 0 means zero-percent confidence and 100 means 100-percent confidence.

However, a data exfiltration detection based on a statistical deviation of network traffic has a much lower confidence because an actual exfiltration hasn't been verified.

Example

"Confidence": 42
Criticality

Optional

The level of importance that is assigned to the resources that are associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Criticality should only be updated by BatchUpdateFindings. It should not be updated by BatchImportFindings.

Finding providers who want to provide a value for Criticality should use the Criticality attribute under FindingProviderFields. See Using FindingProviderFields.

Type: Integer (range 0–100)

Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

At a high level, when assessing criticality, you need to consider the following:

  • Which findings impact resources that are more critical than other resources?

  • How much more critical are those resources compared to other resources?

For each resource, consider the following:

  • Does the impacted resource contain sensitive data (for example, an S3 bucket with PII)?

  • Does the impacted resource enable an adversary to deepen their access or extend their capabilities to carry out additional malicious activity (for example, a compromised sysadmin account)?

  • Is the resource a business-critical asset (for example, a key business system that if compromised could have significant revenue impact)?

You can use the following guidelines:

  • A resource powering mission-critical systems or containing highly sensitive data can be scored in the 75–100 range.

  • A resource powering important (but not critical systems) or containing moderately important data can be scored in the 25–75 range.

  • A resource powering non-important systems or containing non-sensitive data should be scored in the 0–24 range.

Example

"Criticality": 99
FindingProviderFields

Optional

In BatchImportFindings requests, finding providers use FindingProviderFields to provide values for attributes that should only be updated by BatchUpdateFindings. FindingProviderFields includes the following attributes:

  • Confidence

  • Criticality

  • RelatedFindings

  • Severity

  • Types

FindingProviderFields can only be updated by BatchImportFindings. It cannot be updated by BatchUpdateFindings.

For details on how Security Hub handles updates from BatchImportFindings to FindingProviderFields and to the corresponding top-level attributes, see Using FindingProviderFields.

Type: Object

Example

"FindingProviderFields": { "Confidence": 42, "Criticality": 99, "RelatedFindings":[ { "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty", "Id": "123e4567-e89b-12d3-a456-426655440000" } ], "Severity": { "Label": "MEDIUM", "Original": "MEDIUM" }, "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ] }
FirstObservedAt

Optional

Indicates when the potential security issue captured by a finding was first observed.

This timestamp reflects the time of when the event or vulnerability was first observed. Consequently, it can differ from the CreatedAt timestamp, which reflects the time this finding record was created.

This timestamp should be immutable between updates of the finding record, but can be updated if a more accurate timestamp is determined.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"FirstObservedAt": "2017-03-22T13:22:13.933Z"
LastObservedAt

Optional

Indicates when the potential security issue captured by a finding was most recently observed by the security findings product.

This timestamp reflects the time of when the event or vulnerability was last or most recently observed. Consequently, it can differ from the UpdatedAt timestamp, which reflects when this finding record was last or most recently updated.

You can provide this timestamp, but it isn't required upon the first observation. If you provide the field in this case, the timestamp should be the same as the FirstObservedAt timestamp. You should update this field to reflect the last or most recently observed timestamp each time a finding is observed.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"LastObservedAt": "2017-03-23T13:22:13.933Z"
Malware

Optional

A list of malware related to a finding.

Type: Array of up to five malware objects

Example:

"Malware": [ { "Name": "Stringler", "Type": "COIN_MINER", "Path": "/usr/sbin/stringler", "State": "OBSERVED" } ]
Network

Optional

The details of network-related information about a finding.

Type: Object

Example

"Network": { "Direction": "IN", "OpenPortRange": { "Begin": 443, "End": 443 }, "Protocol": "TCP", "SourceIpV4": "1.2.3.4", "SourceIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C", "SourcePort": "42", "SourceDomain": "example1.com", "SourceMac": "00:0d:83:b1:c0:8e", "DestinationIpV4": "2.3.4.5", "DestinationIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C", "DestinationPort": "80", "DestinationDomain": "example2.com" }
NetworkPath

Optional

A network path that is related to the finding.

Each entry in NetworkPath represents a component of the path.

Type: Array of objects

Note

Optional

A user-defined note that is added to a finding.

A finding provider can provide an initial note for a finding, but cannot add notes after that.

A note can only be updated using BatchUpdateFindings.

Type: Object

Example

"Note": { "Text": "Don't forget to check under the mat.", "UpdatedBy": "jsmith", "UpdatedAt": "2018-08-31T00:15:09Z" }
PatchSummary

Optional

Provides a summary of patch compliance.

Type: Object

Process

Optional

The details of process-related information about a finding.

Type: Object

Example:

"Process": { "Name": "syslogd", "Path": "/usr/sbin/syslogd", "Pid": 12345, "ParentPid": 56789, "LaunchedAt": "2018-09-27T22:37:31Z", "TerminatedAt": "2018-09-27T23:37:31Z" }
ProductFields

Optional

A data type where security findings products can include additional solution-specific details that are not part of the defined AWS Security Finding Format.

For findings generated by Security Hub controls, ProductFields includes information about the control. See Control-related information in the ASFF.

Type: Map of up to 50 key-value pairs

This field should not contain redundant data and must not contain data that conflicts with AWS Security Finding Format fields.

The "aws/" prefix represents a reserved namespace for AWS products and services only and must not be submitted with findings from partner products.

Although not required, products should format field names as company-id/product-id/field-name, where the company-id and product-id match those supplied in the ProductArn of the finding.

Field names can include alphanumeric characters, white space, and the following symbols: _ . / = + \ - @

Example

"ProductFields": { "generico/secure-pro/Count": "6", "generico/secure-pro/Action.Type", "AWS_API_CALL", "API", "DeleteTrail", "Service_Name": "cloudtrail.amazonaws.com", "aws/inspector/AssessmentTemplateName": "My daily CVE assessment", "aws/inspector/AssessmentTargetName": "My prod env", "aws/inspector/RulesPackageName": "Common Vulnerabilities and Exposures" }
RecordState

Optional

The record state of a finding.

By default, when initially generated by a service, findings are considered ACTIVE.

The ARCHIVED state indicates that a finding should be hidden from view. Archived findings are not immediately deleted. You can search, review, and report against them.

Finding providers can update the record state. Security Hub also automatically archives control-based findings if the associated resource is deleted, the resource does not exist, or the control is disabled.

If the record state changes from ARCHIVED to ACTIVE, and the workflow status of the finding is either NOTIFIED or RESOLVED, then Security Hub automatically sets the workflow status to NEW.

Type: Enum

Valid values: ACTIVE | ARCHIVED

Example

"RecordState": "ACTIVE"
RelatedFindings

Optional

A list of related findings.

RelatedFindings should only be updated using BatchUpdateFindings. It should not be updated using BatchImportFindings.

To provide a list of related findings, finding providers should use the RelatedFindings object under FindingProviderFields. See Using FindingProviderFields.

Type: Array of up to 10 RelatedFinding objects

Example

"RelatedFindings": [ { "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty", "Id": "123e4567-e89b-12d3-a456-426655440000" }, { "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty", "Id": "AcmeNerfHerder-111111111111-x189dx7824" } ]
Remediation

Optional

The remediation options for a finding.

Type: Object

Example

"Remediation": { "Recommendation": { "Text": "Run sudo yum update and cross your fingers and toes.", "Url": "http://myfp.com/recommendations/dangerous_things_and_how_to_fix_them.html" } }
SourceUrl

Optional

A URL that links to a page about the current finding in the finding product.

Type: URL

ThreatIntelIndicators

Optional

Threat intelligence details that are related to a finding.

Type: Array of up to five threat intelligence indicator objects

Example

"ThreatIntelIndicators": [ { "Type": "IPV4_ADDRESS", "Value": "8.8.8.8", "Category": "BACKDOOR", "LastObservedAt": "2018-09-27T23:37:31Z", "Source": "Threat Intel Weekly", "SourceUrl": "http://threatintelweekly.org/backdoors/8888" } ]
UserDefinedFields

Optional

A list of name-value string pairs that are associated with the finding. These are custom, user-defined fields that are added to a finding. These fields can be generated automatically via your specific configuration.

Findings products must not use this field for data that the product generates. Instead, findings products can use the ProductFields field for data that does not map to any standard AWS Security Finding Format field.

These fields can only be updated using BatchUpdateFindings.

Type: Map of up to 50 key-value pairs

Format: The key name can only contain letters, numbers, and the following special characters: -_=+@./:

Example

"UserDefinedFields": { "reviewedByCio": "true", "comeBackToLater": "Check this again on Monday" }
VerificationState

Optional

The veracity of a finding. Findings products can provide the value of UNKNOWN for this field. A findings product should provide this value if there is a meaningful analog in the findings product's system. This field is typically populated by a user determination or action after they investigate a finding.

A finding provider can provide an initial value for this attribute, but cannot update it after that. This attribute can only be updated using BatchUpdateFindings.

Type: Enum

Valid values:

  • UNKNOWN – The default disposition of a security finding unless a user changes it

  • TRUE_POSITIVE – A user sets this value if the security finding has been confirmed

  • FALSE_POSITIVE – A user sets this value if the security finding has been determined to be a false alarm

  • BENIGN_POSITIVE – A user sets this value as a special case of TRUE_POSITIVE where the finding doesn't pose any threat, is expected, or both

Vulnerabilities

Optional

A list of vulnerabilities that apply to the finding.

Type: Array of objects

Workflow

Optional

Provides information about the status of the investigation into a finding.

The workflow status is not intended for finding providers. The workflow status can only be updated using BatchUpdateFindings. Customers can also update it from the console. See Setting the workflow status for findings.

Type: Object

Example

Workflow: { "Status": "NEW" }
WorkflowState (deprecated)

Optional

This field is being deprecated in favor of the Status field of the Workflow object.

The workflow state of a finding. Findings products can provide the value of NEW for this field. A findings product can provide a value for this field if there is a meaningful analog in the findings product's system.

Type: Enum

Valid values:

  • NEW – This can be associated with findings in the Active record state. This is the default workflow state for any new finding.

  • ASSIGNED – This can be associated with findings in the Active record state. The finding has been acknowledged and given to someone to review or address.

  • IN_PROGRESS – This can be associated with findings in the Active record state. Team members are actively working on the finding.

  • RESOLVED – This can be associated with findings in the Archived record state. This differs from DEFERRED findings in that if the finding were to occur again (be updated by the native service) or any new finding matching this, the finding appears to customers as an active, new finding.

  • DEFERRED – This can be associated with findings in the Archived record state, and it means that any additional findings that match this finding aren't shown for a set amount of time or indefinitely.

    Either the customer doesn't consider the finding to be applicable, or it's a known issue that they don't want to include in the active dataset.

  • DUPLICATE – This can be associated with findings in the Archived record state. It means that the finding is a duplicate of another finding.

Example

"WorkflowState": "NEW"

Action

The Action object provides details about an action that affects or that was taken on a resource. The action can be one of the following:

  • A remote IP address issued an AWS API call

  • A DNS request was received

  • A remote IP address attempted to connect to an EC2 instance

  • A remote IP address attempted a port probe on an EC2 instance

Example

"Action": { "ActionType": "PORT_PROBE", "PortProbeAction": { "PortProbeDetails": [ { "LocalPortDetails": { "Port": 80, "PortName": "HTTP" }, "LocalIpDetails": { "IpAddressV4": "192.0.2.0" }, "RemoteIpDetails": { "Country": { "CountryName": "Example Country" }, "City": { "CityName": "Example City" }, "GeoLocation": { "Lon": 0, "Lat": 0 }, "Organization": { "AsnOrg": "ExampleASO", "Org": "ExampleOrg", "Isp": "ExampleISP", "Asn": 64496 } } } ], "Blocked": false } }

Action can have the following attributes.

ActionType

Optional

The type of action that was detected. The action type determines which of the other objects is provided in the Action object.

Type: String

Valid values: NETWORK_CONNECTION | AWS_API_CALL | DNS_REQUEST | PORT_PROBE

AwsApiCallAction

Optional

Included if ActionType is AWS_API_CALL.

Provides details about the API call that was detected.

Type: Object

DnsRequestAction

Optional

Included if ActionType is DNS_REQUEST.

Provides details about the DNS request that was detected.

Type: Object

NetworkConnectionAction

Optional

Included if ActionType is NETWORK_CONNECTION.

Provides details about the network connection that was detected.

Type: Object

PortProbeAction

Optional

Included if ActionType is PORT_PROBE.

Provides details about the port probe that was detected.

Type: Object

AwsApiCallAction

AwsApiCallAction is provided if ActionType is AWS_API_CALL. It provides details about the API call that was detected.

AwsApiCallAction can have the following attributes.

AffectedResources

Optional

Identifies the resources that were affected by the API call.

Type: Map of key-value pairs

Api

Optional

The name of the API method that was issued.

Type: String

CallerType

Optional

Indicates whether the API call originated from a remote IP address or from a DNS domain.

Type: String

Valid values: domain | remoteIp

DomainDetails

Optional

Provided if CallerType is domain. Provides information about the DNS domain that the API call originated from.

Type: Object

FirstSeen

Optional

Indicates when the API call was first observed.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

LastSeen

Optional

Indicates when the API call was most recently observed.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

RemoteIpDetails

Optional

Provided if CallerType is remoteIp. Provides information about the remote IP address that the API call originated from.

Type: Object

ServiceName

Optional

The name of the AWS service that the API method belongs to.

Type: String

DomainDetails

DomainDetails is provided if AwsApiCallAction.CallerType is domain. It provides information about the DNS domain that issued the API call.

DomainDetails can have the following attributes.

Domain

Optional

The name of the DNS domain that issued the API call.

Type: String

DnsRequestAction

DnsRequestAction is provided if ActionType is DNS_REQUEST. It provides details about the DNS request that was detected.

DnsRequestAction can have the following attributes.

Blocked

Optional

Indicates whether the DNS request was blocked.

Type: Boolean

Domain

Optional

The DNS domain associated with the DNS request.

Type: String

Protocol

Optional

The protocol that was used for the DNS request.

Type: String

NetworkConnectionAction

NetworkConnectionAction is provided if ActionType is NETWORK_CONNECTION. It provides details about the attempted network connection that was detected.

NetworkConnectionAction can have the following attributes.

Blocked

Optional

Indicates whether the network connection attempt was blocked.

Type: Boolean

ConnectionDirection

Optional

The direction of the network connection request.

Type: String

Valid values: IN | OUT

LocalPortDetails

Optional

Information about the port on the EC2 instance.

Type: Object

Protocol

Optional

The protocol used to make the network connection request.

Type: String

RemoteIpDetails

Optional

Information about the remote IP address that issued the network connection request.

Type: Object

RemotePortDetails

Optional

Information about the port on the remote IP address.

Type: Object

RemotePortDetails

RemotePortDetails provides information about the remote port that was involved in the attempted network connection.

RemotePortDetails can have the following attributes

Port

Optional

The number of the port.

Type: Integer

PortName

Optional

The port name of the remote connection.

Type: String

PortProbeAction

PortProbeAction is provided if ActionType is PORT_PROBE. It provides details about the attempted port probe that was detected.

PortProbeAction can have the following attributes.

Blocked

Optional

Whether the port probe was blocked.

Type: Boolean

PortProbeDetails

Optional

Information about the ports affected by the port probe.

Type: Array of objects

PortProbeDetails

PortProbeDetails contains a list of port scans that were part of the port probe. For each scan, PortProbeDetails provides information about the local IP address and port that were scanned, and the remote IP address that the scan originated from.

PortProbeDetails can have the following attributes.

LocalIpDetails

Optional

Provides information about the IP address where the scanned port is located.

Type: Object

LocalPortDetails

Optional

Provides information about the port that was scanned.

Type: Object

RemoteIpDetails

Optional

Provides information about the remote IP address that performed the scan.

Type: Object

LocalIpDetails can have the following attributes.

IpAddressV4

Optional

The IP address.

Type: String

LocalPortDetails

For NetworkConnectionAction and PortProbeDetails, LocalPortDetails provides information about the local port that was involved in the action.

LocalPortDetails can have the following attributes.

Port

Optional

The number of the port.

Type: Integer

PortName

Optional

The port name of the local connection.

Type: String

RemoteIpDetails

In the details for AwsApiCallAction, NetworkConnectionAction, and PortProbeAction, the RemoteIpDetails object provides information about the remote IP address that was involved in the action.

RemoteIpDetails can have the following attributes.

City

Optional

The city where the remote IP address is located.

Type: Object

Country

Optional

The country where the remote IP address is located.

Type: Object

Geolocation

Optional

The coordinates of the location of the remote IP address.

Type: Object

IpAddressV4

Optional

The IP address.

Type: String

Organization

Optional

The internet service provider (ISP) organization associated with the remote IP address.

Type: Object

City

City contains information about the city where the remote IP address is located.

City can have the following attributes.

CityName

Optional

The name of the city where the remote IP address is located.

Type: String

Country

Country identifies the country where the remote IP address is located.

Country can have the following attributes.

CountryCode

Optional

The 2-letter ISO 3166 country code for the country where the remote IP address is located.

Type: String

CountryName

Optional

The name of the country where the remote IP address is located.

Type: String

Geolocation

Geolocation provides the latitude and longitude coordinates of the remote IP address location.

Geolocation can have the following attributes.

Lat

Optional

The latitude of the location of the remote IP address.

Type: Double

Lon

Optional

The longitude of the location of the remote IP address.

Type: Double

Organization

Organization identifies the ISP organization associated with the remote IP address.

Organization can have the following attributes.

Asn

Optional

The Autonomous System Number (ASN) of the internet provider of the remote IP address.

Type: String

AsnOrg

Optional

The name of the organization that registered the ASN.

Type: String

Isp

Optional

The ISP information for the internet provider.

Type: String

Org

Optional

The name of the internet provider.

Type: String

Compliance

Contains finding details related to a control. Only returned for findings that are generated as the result of a check that is run on a control.

Example

"Compliance": { "RelatedRequirements": ["Req1", "Req2"], "Status": "FAILED", "StatusReasons": [ { "ReasonCode": "CLOUDWATCH_ALARMS_NOT_PRESENT", "Description": "CloudWatch alarms do not exist in the account" } ] }

The Compliance object can have the following attributes.

RelatedRequirements

Optional

For a Security Hub control, the industry or regulatory framework requirements that are related to the control. The check for that control is aligned with those requirements.

You can provide up to 32 related requirements.

To identify a requirement, use its identifier.

Type: Array of strings

Status

Optional

The result of a security check.

Type: Enum

Valid values:

  • PASSED – Security check passed for all evaluated resources. If Compliance.Status is PASSED, then Security Hub automatically sets Workflow.Status to RESOLVED.

    If Compliance.Status for a finding changes from PASSED to either FAILED, WARNING, or NOT_AVAILABLE, and Workflow.Status was either NOTIFIED or RESOLVED, then Security Hub automatically sets Workflow.Status to NEW.

  • WARNING – Some information is missing, or this check is not supported given your configuration.

  • FAILED – Security check failed for at least one evaluated resource.

  • NOT_AVAILABLE – Check could not be performed due to a service outage or API error. The NOT_AVAILABLE status can also indicate that the result of the AWS Config evaluation was NOT_APPLICABLE. In that case, after 3 days, Security Hub automatically archives the finding.

Example

"Status": "PASSED"
StatusReasons

Optional

For findings generated from controls, a list of reasons behind the value of Compliance.Status.

For the list of status codes and their meanings, see Control-related information in the ASFF.

Type: String

Example:

"StatusReasons": [ { "Description": "CloudWatch alarms do not exist in the account", "ReasonCode": "CW_ALARMS_NOT_PRESENT" } ]

StatusReasons

For findings generated from controls, a list of reasons for the value of Compliance.Status.

"StatusReasons": [ { "Description": "CloudWatch alarms do not exist in the account", "ReasonCode": "CW_ALARMS_NOT_PRESENT" } ]

Each reason in the StatusReasons object can have the following attributes.

Description

Optional

The corresponding description for the reason.

Type: String

ReasonCode

Required

A code that represents a reason for the current control status.

Type: String

For the list of available status codes and their meanings, see Results of security checks.

FindingProviderFields

In a BatchImportFindings request, finding providers use FindingProviderFields to provide values for attributes that should only be updated by BatchUpdateFindings.

For details on how Security Hub handles updates from BatchImportFindings to FindingProviderFields and to the corresponding top-level attributes, see Using FindingProviderFields.

Example

"FindingProviderFields": { "Confidence": 42, "Criticality": 99, "RelatedFindings":[ { "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty", "Id": "123e4567-e89b-12d3-a456-426655440000" } ], "Severity": { "Label": "MEDIUM", "Original": "MEDIUM" }, "Types": [ "Software and Configuration Checks/Vulnerabilities/CVE" ] }

FindingProviderFields can contain the following attributes.

Confidence

Optional

A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

Type: Integer (range 0–100)

Confidence is scored on a 0–100 basis using a ratio scale, where 0 means zero-percent confidence and 100 means 100-percent confidence.

Criticality

Optional

The level of importance that is assigned to the resources that are associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

Type: Integer (range 0–100)

Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

RelatedFindings

Optional

A list of related findings.

Type: Array of up to 10 RelatedFinding objects

Severity

Required

Details about the severity of the finding.

Finding providers can use the Severity object in FindingProviderFields to provide values for Label and Origin.

For details on the available values for Label and Origin, and guidance on how to assess severity, see the information for the Severity object.

Type: Object

Types

Required

One or more finding types in the format of namespace/category/classifier that classify a finding.

Type: Array of 50 strings maximum

Malware

The Malware object provides a list of malware related to a finding. It is an array that can contain up to five malware objects.

Example

"Malware": [ { "Name": "Stringler", "Type": "COIN_MINER", "Path": "/usr/sbin/stringler", "State": "OBSERVED" } ]

Each malware object can have the following attributes.

Name

Required

The name of the malware that was observed.

Type: String

Maximum length: 64

Example

"Name": "Stringler"
Path

Optional

The filesystem path of the malware that was observed.

Type: String

Maximum length: 512

Example

"Path": "/usr/sbin/stringler"
State

Optional

The state of the malware that was observed.

Type: Enum

Valid values: OBSERVED | REMOVAL_FAILED | REMOVED

Example

"State": "OBSERVED"
Type

Optional

The type of the malware that was observed.

Type: Enum

Valid values: ADWARE | BLENDED_THREAT | BOTNET_AGENT | COIN_MINER | EXPLOIT_KIT | KEYLOGGER | MACRO | POTENTIALLY_UNWANTED | SPYWARE | RANSOMWARE | REMOTE_ACCESS | ROOTKIT | TROJAN | VIRUS | WORM

Example

"Type": "COIN_MINER"

Network

The details of network-related information about a finding.

Example

"Network": { "Direction": "IN", "OpenPortRange": { "Begin": 443, "End": 443 }, "Protocol": "TCP", "SourceIpV4": "1.2.3.4", "SourceIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C", "SourcePort": "42", "SourceDomain": "example1.com", "SourceMac": "00:0d:83:b1:c0:8e", "DestinationIpV4": "2.3.4.5", "DestinationIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C", "DestinationPort": "80", "DestinationDomain": "example2.com" }

The Network object can have the following attributes.

DestinationDomain

Optional

The destination domain of network-related information about a finding.

Type: String

Maximum length: 128

Example

"DestinationDomain": "there.com"
DestinationIpV4

Optional

The destination IPv4 address of network-related information about a finding.

Type: IPv4

Example

"DestinationIpV4": "2.3.4.5"
DestinationIpV6

Optional

The destination IPv6 address of network-related information about a finding.

Type: IPv6

Example

"DestinationIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C"
DestinationPort

Optional

The destination port of network-related information about a finding.

Type: Number

Valid values: Range of 0–65535

Example

"DestinationPort": "80"
Direction

Optional

The direction of network traffic that is associated with a finding.

Type: Enum

Valid values: IN | OUT

Example

"Direction": "IN"
OpenPortRange

Optional

The range of open ports that is present in the network.

Type: Object

Protocol

Optional

The protocol of network-related information about a finding.

Type: String

Maximum length: 16

The name should be the IANA registered name for the associated port except in the case where the finding product can determine a more accurate protocol.

Example

"Protocol": "TCP"
SourceDomain

Optional

The source domain of network-related information about a finding.

Type: String

Maximum length: 128

Example

"SourceDomain": "here.com"
SourceIpV4

Optional

The source IPv4 address of network-related information about a finding.

Type: IPv4

Example

"SourceIpV4": "1.2.3.4"
SourceIpV6

Optional

The source IPv6 address of network-related information about a finding.

Type: IPv6

Example

"SourceIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C"
SourceMac

Optional

The source media access control (MAC) address of network-related information about a finding.

Type: String

Format: Must match MM:MM:MM:SS:SS:SS

Example

"SourceMac": "00:0d:83:b1:c0:8e"
SourcePort

Optional

The source port of network-related information about a finding.

Type: Number

Valid values: Range of 0–65535

Example

"SourcePort": "80"

OpenPortRange

Provides the beginning and end ports of the open port range.

OpenPortRange can have the following attributes.

Begin

Optional

The first port in the port range.

Type: Integer

End

Optional

The last port in the port range.

Type: Integer

NetworkPath

The NetworkPath object provides information about a network path that is relevant to a finding. Each entry under NetworkPath represents a component of that path.

Example

"NetworkPath" : [ { "ComponentId": "abc-01a234bc56d8901ee", "ComponentType": "AWS::EC2::InternetGateway", "Egress": { "Destination": { "Address": [ "192.0.2.0/24" ], "PortRanges": [ { "Begin": 443, "End": 443 } ] }, "Protocol": "TCP", "Source": { "Address": ["203.0.113.0/24"] } }, "Ingress": { "Destination": { "Address": [ "198.51.100.0/24" ], "PortRanges": [ { "Begin": 443, "End": 443 } ] }, "Protocol": "TCP", "Source": { "Address": [ "203.0.113.0/24" ] } } } ]

Each component of the network path can have the following attributes.

ComponentId

Required

The identifier of a component in the network path.

Type: String

ComponentType

Required

The type of component.

Type: String

Egress

Optional

Information about the component that comes after the current component in the network path.

Type: Object

Ingress

Optional

Information about the component that comes before the current component in the network path.

Type: Object

Egress

The Egress object contains information about the component that comes after the current component in the network path. It can have the following attributes.

Destination

Optional

Information about the destination of the component.

Type: Object

Protocol

Optional

The protocol used for the component.

Type: String

Source

Optional

Information about the origin of the component.

Type: Object

Ingress

The Ingress object contains information about the previous component in the network path. It can have the following attributes.

Destination

Optional

Information about the destination for the previous component.

Type: Object

Protocol

Optional

The protocol used by the previous component.

Type: String

Source

Optional

Information about the origin of the previous component.

Type: Object

Destination

The Destination object in Egress or Ingress contains the destination information for the previous or next component. It can have the following attributes.

Address

Optional

IP addresses of the previous or next component.

Type: Array of strings

PortRanges

Optional

List of open port ranges for the destination of the previous or next component.

Type: Array of objects

PortRanges.Begin

Optional

For an open port range, the beginning of the range.

Type: Integer

PortRanges.End

Optional

For an open port range, the end of the range.

Type: Number

Source

The Source object under Egress or Ingress contains information about the origin of the previous or next component. It can have the following attributes.

Address

Optional

IP addresses for the origin of the previous or next component.

Type: Array of strings

PortRanges

Optional

List of open port ranges for the origin of the previous or next component.

Type: Array of objects

PortRanges.Begin

Optional

For an open port range, the beginning of the range.

Type: Integer

PortRanges.End

Optional

For an open port range, the end of the range.

Type: Number

Note

The Note object adds a user-defined note to the finding.

A finding provider can provide an initial note for a finding, but cannot add notes after that. A note can only be updated using BatchUpdateFindings.

Example

"Note": { "Text": "Don't forget to check under the mat.", "UpdatedBy": "jsmith", "UpdatedAt": "2018-08-31T00:15:09Z" }

The Note object can have the following attributes.

Text

Required

The text of a finding note.

Type: String

Maximum length: 512

Example

"Text": "Example text."
UpdatedAt

Required

Indicates when the note was updated.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"UpdatedAt": "2018-08-31T00:15:09Z"
UpdatedBy

Required

The principal that created a note.

Type: String or ARN

Maximum length: 512

Example

"UpdatedBy": "jsmith"

PatchSummary

The PatchSummary object provides an overview of the patch compliance status for an instance against a selected compliance standard.

Example

"PatchSummary" : { "Id" : "pb-123456789098" "InstalledCount" : "100", "MissingCount" : "100", "FailedCount" : "0", "InstalledOtherCount" : "1023", "InstalledRejectedCount" : "0", "InstalledPendingReboot" : "0", "OperationStartTime" : "2018-09-27T23:37:31Z", "OperationEndTime" : "2018-09-27T23:39:31Z", "RebootOption" : "RebootIfNeeded", "Operation" : "Install" }

The PatchSummary object can have the following attributes.

FailedCount

Optional

The number of patches from the compliance standard with installation failures.

Type: Number

Minimum value: 0

Maximum value: 100,000

Id

Required

The identifier of the compliance standard that was used to determine the patch compliance status.

Type: String

Minimum length: 20

Maximum length: 128

InstalledCount

Optional

The number of patches from the compliance standard that were installed successfully.

Type: Number

Minimum value: 0

Maximum value: 100,000

InstalledOtherCount

Optional

The number of installed patches that are not part of the compliance standard.

Type: Number

Minimum value: 0

Maximum value: 100,000

InstalledPendingReboot

Optional

The number of patches that were applied but that require the instance to be rebooted in order to be marked as installed.

Type: Number

Minimum value: 0

Maximum value: 100,000

InstalledRejectedCount

Optional

The number of patches that are installed but are also on a list of patches that the customer rejected.

Type: Number

Minimum value: 0

Maximum value: 100,000

MissingCount

Optional

The number of patches that are part of the compliance standard but are not installed. The count includes patches with installation failures.

Type: Number

Minimum value: 0

Maximum value: 100,000

Operation

Optional

The type of patch operation that was performed.

For Patch Manager, the values are SCAN and INSTALL.

Type: String

Maximum length: 256

OperationEndTime

Optional

Indicates when the operation was completed.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"OperationEndTime": "2020-06-22T17:40:12.322Z"
OperationStartTime

Optional

Indicates when the operation started.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"OperationStartTime": "2020-06-22T17:40:12.322Z"
RebootOption

Optional

The reboot option specified for the instance.

Type: String

Maximum length: 256

Valid values: NoReboot | RebootIfNeeded.

Process

The Process object provides process-related details about the finding.

Example

"Process": { "Name": "syslogd", "Path": "/usr/sbin/syslogd", "Pid": 12345, "ParentPid": 56789, "LaunchedAt": "2018-09-27T22:37:31Z", "TerminatedAt": "2018-09-27T23:37:31Z" }

The Process object can have the following attributes.

LaunchedAt

Optional

Indicates when the process was launched.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"LaunchedAt": "2018-09-27T22:37:31Z"
Name

Optional

The name of the process.

Type: String

Maximum length: 64

Example

"Name": "syslogd"
ParentPid

Optional

The parent process ID.

Type: Number

Example

"ParentPid": 56789
Path

Optional

The path to the process executable.

Type: String

Maximum length: 512

Example

"Path": "/usr/sbin/syslogd"
Pid

Optional

The process ID.

Type: Number

Example

"Pid": 12345
TerminatedAt

Optional

Indicates when the process was terminated.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"TerminatedAt": "2018-09-27T23:37:31Z"

RelatedFindings

The RelatedFindings object provides a list of findings that are related to the current finding.

For BatchImportFindings requests, finding providers should use the RelatedFindings object under FindingProviderFields.

Example

"RelatedFindings": [ { "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty", "Id": "123e4567-e89b-12d3-a456-426655440000" }, { "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty", "Id": "AcmeNerfHerder-111111111111-x189dx7824" } ]

Each related finding object can have the following attributes.

Id

Required

The product-generated identifier for a related finding.

Type: String or ARN

Maximum length: 512

Example

"Id": "123e4567-e89b-12d3-a456-426655440000"
ProductArn

Required

The ARN of the product that generated a related finding.

Type: ARN

Example

"ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty"

Remediation

The Remediation object provides information about recommended remediation steps to address the finding.

Example

"Remediation": { "Recommendation": { "Text": "Run sudo yum update and cross your fingers and toes.", "Url": "http://myfp.com/recommendations/dangerous_things_and_how_to_fix_them.html" } }

The Remediation object can have the following attributes.

Recommendation

Optional

A recommendation on how to remediate the issue identified within a finding.

The Recommendation field is meant to facilitate manual instructions or details to resolve a finding.

If the recommendation object is present, then either the Text or Url field must be present and populated. Both fields can be present and populated.

Type: Object

Example

"Recommendation": { "Text": "Example text.", "Url": "http://myfp.com/recommendations/dangerous_things_and_how_to_fix_them.html" }

Recommendation

The Recommendation object can have the following attributes.

Text

Optional

A free-form string that is the recommendation of what to do about the finding when presented to a user. This field can contain nonspecific boilerplate text or details that are specific to this instance of the finding.

Type: String

Maximum length: 512

Example

"Text": "Example text."
Url

Optional

A URL to link to general remediation information for the finding type of a finding.

This URL must not require credentials to access. It must be accessible from the public internet and must not expect any context or session.

Type: URL

Example

"Url": "http://myfp.com/recommendations/example_domain.html"

Resources

The Resources object provides information about the resources involved in a finding.

It contains an array of up to 32 resource objects.

Example

"Resources": [ { "Type": "AwsEc2Instance", "Id": "arn:aws:ec2:us-west-2:111122223333:instance/i-1234567890abcdef0", "Partition": "aws", "Region": "us-west-2", "ResourceRole": "TARGET", "Tags": { "billingCode": "Lotus-1-2-3", "needsPatching": "true" }, "Details": { "AwsEc2Instance": { "Type": "i3.xlarge", "ImageId": "ami-abcd1234", "IpV4Addresses": [ "54.194.252.215", "192.168.1.88" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "IamInstanceProfileArn": "arn:aws:iam::111111111111:instance-profile/AdminRole", "VpcId": "vpc-11112222", "SubnetId": "subnet-56f5f633", "LaunchedAt": "2018-05-08T16:46:19.000Z" } } } ]

Each resource object can have the following attributes.

DataClassification

Optional

Used to provide details about sensitive data that was detected on a resource.

Type: Object

Details

Optional

This field provides additional details about a single resource using the appropriate objects.

Note that if the finding size exceeds the maximum of 240 KB, then the Details object is removed from the finding. For findings for controls that use AWS Config rules, you can view the resource details on the AWS Config console.

Each resource must be provided in a separate resource object in the Resources object.

Security Hub provides a set of available objects for its supported resource types. These objects correspond to values of the resource Type. Use the provided types and objects whenever possible.

For example, if the resource is an S3 bucket, then set the resource Type to AwsS3Bucket, and provide the resource details in the AwsS3Bucket subfield.

The Other subfield allows you to provide custom fields and values. You use the Other subfield in the following cases.

  • The resource type (the value of the resource Type) does not have a corresponding subfield. To provide details for the resource, you use the Other details subfield.

  • The subfield for the resource type does not include all of the fields you want to populate. In this case, use the subfield for the resource type to populate the available fields. Use the Other subfield to populate the fields that are not in the type-specific subfield.

  • The resource type is not one of the provided types. In this case, set the resource Type to Other, and use the Other details subfield to populate the details.

Type: Object

Example

"Details": { "AwsEc2Instance": { "Type": "i3.xlarge", "ImageId": "ami-abcd1234", "IpV4Addresses": [ "54.194.252.215", "192.168.1.88" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "IamInstanceProfileArn": "arn:aws:iam::111111111111:instance-profile/AdminRole", "VpcId": "vpc-11112222", "SubnetId": "subnet-56f5f633", "LaunchedAt": "2018-05-08T16:46:19.000Z" }, "AwsS3Bucket": { "OwnerId": "da4d66eac431652a4d44d490a00500bded52c97d235b7b4752f9f688566fe6de", "OwnerName": "acmes3bucketowner" }, "Other": [ { "Key": "LightPen", "Value": "blinky" }, { "Key": "SerialNo", "Value": "1234abcd" } ] }
Id

Required

The canonical identifier for the given resource type.

For AWS resources that are identified by ARNs, this must be the ARN.

For all other AWS resource types that lack ARNs, this must be the identifier as defined by the AWS service that created the resource.

For non AWS resources, this should be a unique identifier that is associated with the resource.

Type: String or ARN

Maximum length: 512

Example

"Id": "arn:aws:s3:::example-bucket"
Partition

Optional

The canonical AWS partition name that the Region is assigned to.

Type: Enum

Valid values:

Partition

Description

aws

Commercial

aws-cn

China

aws-us-gov

AWS GovCloud (US)

Example

"Partition": "aws"
Region

Optional

The canonical AWS external Region name where this resource is located.

Type: String

Maximum length: 16

Example

"Region": "us-west-2"
ResourceRole

Optional

Identifies the role of the resource in the finding. A resource is either the target of the finding activity,

Type: String

Valid values: ACTOR | TARGET

Tags

Optional

A list of AWS tags that are associated with a resource at the time the finding was processed. Include the Tags attribute only for resources that have an associated tag. If a resource has no associated tag, don't include a Tags attribute in the finding.

Type: Map of tags

Maximum number of tags: 50

Maximum length per value: 256

The following basic restrictions apply to tags:

  • You can provide only tags that actually exist on an AWS resource in this field. To provide data for a resource type that isn't defined in the AWS Security Finding Format, use the Other details subfield.

  • Values are limited to alphanumeric characters, white space, +, -, =, ., _, :, /, and @.

  • Values are limited to the AWS tag value length of 256 characters max.

Example

"Tags": { "billingCode": "Lotus-1-2-3", "needsPatching": "true" }
Type

Required

The type of the resource that you are providing details for.

Whenever possible, use one of the provided resource types, such as AwsEc2Instance or AwsS3Bucket.

If the resource type does not match any of the provided resource types, then set the resource Type to Other, and use the Other details subfield to populate the details.

Type: String

Maximum length: 256

Supported values are as follows. If a type has a corresponding subfield, then to view the details for the subfield, choose the type name.

Example

"Type": "AwsS3Bucket"

DataClassification

The DataClassification object contains information about sensitive data that was detected on the resource.

Example

"DataClassification": { "DetailedResultsLocation": "Path_to_Folder_Or_File", "Result": { "MimeType": "text/plain", "SizeClassified": 2966026, "AdditionalOccurrences": false, "Status": { "Code": "COMPLETE", "Reason": "Unsupportedfield" }, "SensitiveData": [ { "Category": "PERSONAL_INFORMATION", "Detections": [ { "Count": 34, "Type": "GE_PERSONAL_ID", "Occurrences": { "LineRanges": [ { "Start": 1, "End": 10, "StartColumn": 20 } ], "Pages": [], "Records": [], "Cells": [] } }, { "Count": 59, "Type": "EMAIL_ADDRESS", "Occurrences": { "Pages": [ { "PageNumber": 1, "OffsetRange": { "Start": 1, "End": 100, "StartColumn": 10 }, "LineRange": { "Start": 1, "End": 100, "StartColumn": 10 } } ] } }, { "Count": 2229, "Type": "URL", "Occurrences": { "LineRanges": [ { "Start": 1, "End": 13 } ] } }, { "Count": 13826, "Type": "NameDetection", "Occurrences": { "Records": [ { "RecordIndex": 1, "JsonPath": "$.ssn.value" } ] } }, { "Count": 32, "Type": "AddressDetection" } ], "TotalCount": 32 } ], "CustomDataIdentifiers": { "Detections": [ { "Arn": "1712be25e7c7f53c731fe464f1c869b8", "Name": "1712be25e7c7f53c731fe464f1c869b8", "Count": 2, } ], "TotalCount": 2 } } }

DataClassification can contain the following attributes.

DetailedResultsLocation

Optional

The path to the folder or file that contains the sensitive data.

Type: String

Result

Optional

The details about the sensitive data that was detected on the resource.

Type: Object

Result

The Result object contains the details about the sensitive data that was detected on the resource.

Result can have the following attributes.

AdditionalOccurrences

Optional

Indicates whether there are additional occurrences of sensitive data that are not included in the finding. This occurs when the number of occurrences exceeds the maximum that can be included.

Type: Boolean

CustomDataIdentifiers

Optional

Provides details about sensitive data that was identified based on customer-defined configuration.

Type: Object

MimeType

Optional

The type of content that the finding applies to.

Type: String

Required format: Must be a MIME type.

Examples

  • application/gzip, for a GNU Gzip compressed archive file

  • application/pdf, for an Adobe Portable Document Format (PDF) file

SensitiveData

Optional

Provides details about sensitive data that was identified based on built-in configuration.

Type: Object

SizeClassified

Optional

The total size in bytes of the affected data.

Type: Long

Status

Optional

Provides details about the current status of the detection.

Type: Object

Status.Code

Optional

The code that represents the status of the sensitive data detection.

Type: String

Status.Reason

Optional

A longer description of the current status of the sensitive data detection.

Type: String

CustomDataIdentifiers

CustomDataIdentifiers contains instances of sensitive data that were detected by user-defined identifiers.

CustomDataIdentifiers can have the following attributes.

Detections

Optional

The list of detected instances of sensitive data.

Type: Array of objects

TotalCount

Optional

The total number of occurrences of sensitive data.

Type: Integer

SensitiveData

SensitiveData contains detected instances of sensitive data that are based on built-in identifiers.

Category

Optional

The category of sensitive data that was detected. For example, the category might indicate that the sensitive data involved credentials, financial information, or personal information.

Type: String

Detections

Optional

The list of detected instances of sensitive data.

Type: Array of objects

TotalCount

Optional

The total number of occurrences of sensitive data.

Type: Integer

Detections

Detections contains the details of the sensitive data that was detected.

Each instance of detected sensitive data can have the following attributes.

Arn

Optional

The ARN of the custom identifier that was used to detect the sensitive data.

Arn is only provided in Detections instances under CustomDataIdentifiers . Detections instances under SensitiveData do not have the Arn attribute.

Type: String

Count

Optional

The total number of occurrences of sensitive data that were detected.

Type: Integer

Name

Optional

The name of the custom identifier that detected the sensitive data.

Name is only provided in Detections instances under CustomDataIdentifiers. Detections instances under SensitiveData do not have the Name attribute.

Type: String

Occurrences

Optional

Details about the sensitive data that was detected. Occurrences can contain the following objects. Each of these objects contains an array of objects.

  • Cells – Contains occurrences of sensitive data detected in Microsoft Excel files, comma-separated value (CSV) files, or tab-separated value (TSV) files

  • LineRanges – Contains occurrences of sensitive data detected in non-binary text files or Microsoft Word files

  • OffsetRanges – Contains occurrences of sensitive data detected in binary text files

  • Pages – Contains occurrences of sensitive data detected in Adobe Portable Document Format (PDF) files

  • Records – Contains occurrences of sensitive data detected in an Apache Avro object container or an Apache Parquet file

Type: Object

Type

Optional

The type of sensitive data that was detected. For example, the type might indicate that the data is an email address.

Type is only provided in Detections instances under SensitiveData . Detections instances under CustomDataIdentifiers do not have the Type attribute.

Type: String

Cells

Cells contains occurrences of sensitive data detected in Microsoft Excel workbooks, comma-separated value (CSV) files, or tab-separated value (TSV) files.

For each occurrence, Cells identifies the cell that contains the sensitive data.

Each occurrence can contain the following attributes.

CellReference

Optional

For a Microsoft Excel workbook, provides the location of the cell, as an absolute cell reference, that contains the data. For example, Sheet2!C5 for cell C5 on Sheet2.

This attribute is null for CSV and TSV files.

Type: String

Column

Optional

The column number of the column that contains the data. For a Microsoft Excel workbook, the column number corresponds to the alphabetical column identifiers. For example, a value of 1 for Column corresponds to the A column in the workbook.

Type: Integer

ColumnName

Optional

The name of the column that contains the data.

Type: String

Row

Optional

The row number of the row that contains the data.

Type: Integer

LineRanges

LineRanges contains occurrences of sensitive data detected in a non-binary text file or a Microsoft Word file. Non-binary text files include files such as HTML, XML, JSON, and TXT files.

For each occurrence, LineRanges provides the location of the sensitive data. The location includes the line where the data is located and the position of the data on that line.

Each occurrence can have the following attributes.

End

Optional

The number of lines from the beginning of the file to the end of the sensitive data.

Type: Integer

Start

Optional

The number of lines from the beginning of the file to the end of the sensitive data.

Type: Integer

StartColumn

Optional

In the line where the sensitive data begins, the column within the line where the sensitive data starts.

Type: Integer

OffsetRanges

OffsetRanges contains occurrences of sensitive data detected in a binary text file.

For each occurrence, OffsetRanges provides the location of the sensitive data. The location is the number of characters relative to the beginning of the file.

Each occurrence can have the following attributes.

End

Optional

The number of characters from the beginning of the file to the end of the sensitive data.

Type: Integer

Start

Optional

The number of characters from the beginning of the file to the beginning of the sensitive data.

Type: Integer

StartColumn

Optional

The column where the sensitive data begins.

Type: Integer

Pages

Pages provides occurrences of sensitive data in an Adobe Portable Document Format (PDF) file.

For each occurrence, Pages identifies the page that contains the data, and provides the position of the data on the page. The position can be identified using either line numbers or numbers of characters.

Each occurrence can have the following attributes.

LineRange

Optional

Uses line numbers to identify the location of the sensitive data.

Type: Object

LineRange.End

Optional

The number of lines from the beginning of the file to the end of the sensitive data.

Type: Integer

LineRange.Start

Optional

The number of lines from the beginning of the file to the beginning of the sensitive data.

Type: Integer

LineRange.StartColumn

Optional

On the line where the sensitive data begins, the column number where the sensitive data begins.

Type: Integer

OffsetRange

Optional

Identifies the location of the sensitive data based on the number of characters.

Type: Object

OffsetRange.End

Optional

The number of characters from the beginning of the file to the end of the sensitive data.

Type: Integer

OffsetRange.Start

Optional

The number of characters from the beginning of the file to the beginning of the sensitive data.

Type: Integer

OffsetRange.StartColumn

Optional

On the line where the sensitive data starts, the column number where it starts.

Type: Integer

PageNumber

Optional

The page number of the page that contains the sensitive data.

Type: Integer

Records

Records identifies occurrences of sensitive data in an Apache Avro object container or an Apache Parquet file.

For each occurrence, Records specifies the record index and the path to the field that contains the sensitive data.

Each occurrence can have the following attributes.

JsonPath

Optional

The path, as a JSONPath expression, to the field in the record that contains the data. If the field name is longer than 20 characters, it is truncated. If the path is longer than 250 characters, it is truncated.

Type: String

RecordIndex

Optional

The record index, starting from 0, for the record that contains the data.

Type: Integer

AwsApiGatewayRestApi

The AwsApiGatewayRestApi object contains information about a REST API in version 1 of Amazon API Gateway.

Example

AwsApiGatewayRestApi: { "Id": "exampleapi", "Name": "Security Hub", "Description": "AWS Security Hub", "CreatedDate": "2018-11-18T10:20:05-08:00", "Version": "2018-10-26", "BinaryMediaTypes" : ["-'*~1*'"], "MinimumCompressionSize": 1024, "ApiKeySource": "AWS_ACCOUNT_ID", "EndpointConfiguration": { "Types": [ "REGIONAL" ] } }

AwsApiGatewayRestApi can have the following attributes.

ApiKeySource

Optional

The source of the API key for metering requests according to a usage plan.

HEADER indicates whether to read the API key from the X-API-Key header of a request.

AUTHORIZER indicates whether to read the API key from the UsageIdentifierKey from a custom authorizer.

Type: String

Valid values: HEADER | AUTHORIZER

BinaryMediaTypes

Optional

The list of binary media types supported by the REST API.

Type: Array of strings

CreatedDate

Optional

Indicates when the API was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example:

"CreatedDate": "2017-03-22T13:22:13.933Z"
Description

Optional

A description of the REST API.

Type: String

EndpointConfiguration

Optional

The endpoint configuration of the REST API.

Type: Object

Id

Optional

The identifier of the REST API.

Type: String

MinimumCompressionSize

Optional

The minimum size in bytes of a payload before compression is enabled.

If null, then compression is disabled.

If 0, then all payloads are compressed.

Type: Number

Minimum value: 0

Maximum value: 10.485,760

Name

Optional

The name of the REST API.

Type: String

Version

Optional

The version identifier for the REST API.

Type: String

EndpointConfiguration

The EndPointConfiguration object contains information about the endpoints for the API.

EndPointConfiguration can have the following attributes.

Types

Optional

A list of endpoint types for the REST API.

For an edge-optimized API, the endpoint type is EDGE. For a Regional API, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

Type: Array of strings

Valid values: EDGE | REGIONAL | PRIVATE

AwsApiGatewayStage

The AwsApiGatewayStage object provides information about a version 1 Amazon API Gateway stage.

Example

"AwsApiGatewayStage": { "DeploymentId": "n7hlmf", "ClientCertificateId": "a1b2c3", "StageName": "Prod", "Description" : "Stage Description", "CacheClusterEnabled": false, "CacheClusterSize" : "1.6", "CacheClusterStatus": "NOT_AVAILABLE", "MethodSettings": [ { "MetricsEnabled": true, "LoggingLevel": "INFO", "DataTraceEnabled": false, "ThrottlingBurstLimit": 100, "ThrottlingRateLimit": 5.0, "CachingEnabled": false, "CacheTtlInSeconds": 300, "CacheDataEncrypted": false, "RequireAuthorizationForCacheControl": true, "UnauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER", "HttpMethod": "POST", "ResourcePath": "/echo" } ], "Variables": {"test": "value"}, "DocumentationVersion": "2.0", "AccessLogSettings": { "Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }", "DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod" }, "CanarySettings": { "PercentTraffic": 0.0, "DeploymentId": "ul73s8", "StageVariableOverrides" : [ "String" : "String" ], "UseStageCache": false }, "TracingEnabled": false, "CreatedDate": "2018-07-11T10:55:18-07:00", "LastUpdatedDate": "2020-08-26T11:51:04-07:00", "WebAclArn" : "arn:aws:waf-regional:us-west-2:111122223333:webacl/cb606bd8-5b0b-4f0b-830a-dd304e48a822" }

AwsApiGatewayStage can have the following attributes.

AccessLogSettings

Optional

Settings for logging access for the stage.

Type: Object

CacheClusterEnabled

Optional

Indicates whether a cache cluster is enabled for the stage.

Type: Boolean

CacheClusterSize

Optional

If a cache cluster is enabled, the size of the cache cluster.

Type: String

CacheClusterStatus

Optional

If a cache cluster is enabled, the status of the cache cluster.

Type: String

CanarySettings

Optional

Information about settings for canary deployment in the stage.

Type: Object

ClientCertificateId

Optional

The identifier of the client certificate for the stage.

Type: String

CreatedDate

Optional

Indicates when the stage was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"CreatedDate": "2017-03-22T13:22:13.933Z"
DeploymentId

Optional

The identifier of the deployment that the stage points to.

Type: String

Description

Optional

A description of the stage.

Type: String

DocumentationVersion

Optional

The version of the API documentation that is associated with the stage.

Type: String

LastUpdatedDate

Optional

Indicates when the stage was most recently updated.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"LastUpdatedDate": "2017-03-22T13:22:13.933Z"
MethodSettings

Optional

Defines the method settings for the stage.

For each method, the key is the method path, which is defined as follows:

  • For an individual method override, the key is <resource_path>/<http_method>. For example, accounts/DELETE.

  • To override all of the methods in the stage, the key is /*/*.

Type: Array of objects

StageName

Optional

The name of the stage.

Type: String

TracingEnabled

Optional

Indicates whether active tracing with AWS X-Ray is enabled for the stage.

Type: Boolean

Variables

Optional

A map that defines the stage variables for the stage.

Variable names can have alphanumeric and underscore characters.

Variable values can contain the following characters:

  • Uppercase and lowercase letters

  • Numbers

  • Special characters -._~:/?#&=,

Type: Map of strings

WebAclArn

Optional

The ARN of the web ACL associated with the stage.

Type: String

AccessLogSettings

The AccessLogSettings object contains information about settings for logging access for the stage.

AccessLogSettings can have the following attributes.

DestinationArn

Optional

The ARN of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream that receives the access logs.

For a Kinesis Data Firehose delivery stream, the stream name always begins with amazon-apigateway-.

Type: String

Format

Optional

A single-line format of the access logs of data, as specified by selected $context variables. The format must include at least $context.requestId.

Type: String

CanarySettings

The CanarySettings object contains information about settings for canary deployment in the stage.

CanarySettings can have the following attributes.

DeploymentId

Optional

The deployment identifier for the canary deployment.

Type: String

PercentTraffic

Optional

The percentage of traffic that is diverted to a canary deployment.

Type: Number

Minimum value: 0

Maximum value: 100

StageVariableOverrides

Optional

Stage variables that are overridden in the canary release deployment. The variables include new stage variables that are introduced in the canary.

Each variable is represented as a string-to-string map between the stage variable name and the variable value.

"variableName" : "variableValue"

Type: Object

UseStageCache

Optional

Indicates whether the canary deployment uses the stage cache.

Type: Boolean

MethodSettings

The MethodSettings object defines the method settings for the stage.

Each method object in MethodSettings can have the following attributes.

CacheDataEncrypted

Optional

Indicates whether the cached responses are encrypted.

Type: Boolean

CachingEnabled

Optional

Indicates whether responses are cached and returned for requests. For responses to be cached, a cache cluster must be enabled on the stage.

Type: Boolean

CacheTtlInSeconds

Optional

Specifies the time to live (TTL), in seconds, for cached responses. The higher the TTL, the longer the response is cached.

Type: Number

DataTraceEnabled

Optional

Indicates whether data trace logging is enabled for the method. Data trace logging affects the log entries that are pushed to CloudWatch Logs.

Type: Boolean

HttpMethod

Optional

The HTTP method. You can use an asterisk (*) as a wildcard to apply method settings to multiple methods.

Type: String

LoggingLevel

Optional

The logging level for this method. The logging level affects the log entries that are pushed to CloudWatch Logs.

If the logging level is ERROR, then the logs only include error-level entries.

If the logging level is INFO, then the logs include both ERROR events and extra informational events.

Type: String

Valid values: OFF | ERROR | INFO

MetricsEnabled

Optional

Indicates whether CloudWatch metrics are enabled for the method.

Type: Boolean

RequireAuthorizationForCacheControl

Optional

Indicates whether authorization is required for a cache invalidation request.

Type: Boolean

ResourcePath

Optional

The resource path for this method. Forward slashes (/) are encoded as ~1 . The initial slash must include a forward slash.

For example, the path value /resource/subresource must be encoded as /~1resource~1subresource.

To specify the root path, use only a slash (/). You can use an asterisk (*) as a wildcard to apply method settings to multiple methods.

Type: String

ThrottlingBurstLimit

Optional

The throttling burst limit for the method.

Type: Number (Integer)

ThrottlingRateLimit

Optional

The throttling rate limit for the method.

Type: Number

UnauthorizedCacheControlHeaderStrategy

Optional

Indicates how to handle unauthorized requests for cache invalidation.

Type: String

Valid values: FAIL_WITH_403 | SUCCEED_WITH_RESPONSE_HEADER | SUCCEED_WITHOUT_RESPONSE_HEADER

AwsApiGatewayV2Api

The AwsApiGatewayV2Api object contains information about a version 2 API in Amazon API Gateway.

Example

"AwsApiGatewayV2Api": { "ApiEndpoint": "https://example.us-west-2.amazonaws.com", "ApiId": "a1b2c3d4", "ApiKeySelectionExpression": "$request.header.x-api-key", "CreatedDate": "2020-03-28T00:32:37Z", "Description": "ApiGatewayV2 Api", "Version": "string", "Name": "my-api", "ProtocolType": "HTTP", "RouteSelectionExpression": "$request.method $request.path", "CorsConfiguration": { "AllowOrigins": [ "*" ], "AllowCredentials": true, "ExposeHeaders": [ "string" ], "MaxAge": 3000, "AllowMethods": [ "GET", "PUT", "POST", "DELETE", "HEAD" ], "AllowHeaders": [ "*" ] } }

AwsApiGatewayV2Api can have the following attributes.

ApiEndpoint

Optional

The URI of the API.

Type: String

Format: <api-id>.execute-api.<region>.amazonaws.com

The stage name is typically appended to the URI to form a complete path to a deployed API stage.

ApiId

Optional

The identifier of the API.

Type: String

ApiKeySelectionExpression

Optional

An API key selection expression. Supported only for WebSocket APIs.

Type: String

CorsConfiguration

Optional

A cross-origin resource sharing (CORS) configuration. Supported only for HTTP APIs.

Type: Object

CreatedDate

Optional

Indicates when the API was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"CreatedDate": "2017-03-22T13:22:13.933Z"
Description

Optional

A description of the API.

Type: String

Name

Optional

The name of the API.

Type: String

ProtocolType

Optional

The API protocol for the API.

Type: String

Valid values: WEBSOCKET | HTTP

RouteSelectionExpression

Optional

The route selection expression for the API.

For HTTP APIs, must be ${request.method} ${request.path}. This is the default value for HTTP APIs.

For WebSocket APIs, there is no default value.

Type: String

Version

Optional

The version identifier for the API.

Type: String

CorsConfiguration

The CorsConfiguration object contains the cross-origin resource sharing (CORS) configuration for the API. CORS is only supported for HTTP APIs.

CorsConfiguration can have the following attributes.

AllowCredentials

Optional

Indicates whether the CORS request includes credentials.

Type: Boolean

AllowHeaders

Optional

The allowed headers for CORS requests.

Type: Array of strings

AllowMethods

Optional

The allowed methods for CORS requests.

Type: Array of strings

AllowOrigins

Optional

The allowed origins for CORS requests.

Type: Array of strings

ExposeHeaders

Optional

The exposed headers for CORS requests.

Type: Array of strings

MaxAge

Optional

The number of seconds for which the browser caches preflight request results.

Type: Number

AwsApiGatewayV2Stage

AwsApiGatewayV2Stage contains information about a version 2 stage for Amazon API Gateway.

Example

"AwsApiGatewayV2Stage": { "CreatedDate": "2020-04-08T00:36:05Z", "Description" : "ApiGatewayV2", "DefaultRouteSettings": { "DetailedMetricsEnabled": false, "LoggingLevel": "INFO", "DataTraceEnabled": true, "ThrottlingBurstLimit": 100, "ThrottlingRateLimit": 50 }, "DeploymentId": "x1zwyv", "LastUpdatedDate": "2020-04-08T00:36:13Z", "RouteSettings": { "DetailedMetricsEnabled": false, "LoggingLevel": "INFO", "DataTraceEnabled": true, "ThrottlingBurstLimit": 100, "ThrottlingRateLimit": 50 }, "StageName": "prod", "StageVariables": [ "function": "my-prod-function" ], "AccessLogSettings": { "Format": "{\"requestId\": \"$context.requestId\", \"extendedRequestId\": \"$context.extendedRequestId\", \"ownerAccountId\": \"$context.accountId\", \"requestAccountId\": \"$context.identity.accountId\", \"callerPrincipal\": \"$context.identity.caller\", \"httpMethod\": \"$context.httpMethod\", \"resourcePath\": \"$context.resourcePath\", \"status\": \"$context.status\", \"requestTime\": \"$context.requestTime\", \"responseLatencyMs\": \"$context.responseLatency\", \"errorMessage\": \"$context.error.message\", \"errorResponseType\": \"$context.error.responseType\", \"apiId\": \"$context.apiId\", \"awsEndpointRequestId\": \"$context.awsEndpointRequestId\", \"domainName\": \"$context.domainName\", \"stage\": \"$context.stage\", \"xrayTraceId\": \"$context.xrayTraceId\", \"sourceIp\": \"$context.identity.sourceIp\", \"user\": \"$context.identity.user\", \"userAgent\": \"$context.identity.userAgent\", \"userArn\": \"$context.identity.userArn\", \"integrationLatency\": \"$context.integrationLatency\", \"integrationStatus\": \"$context.integrationStatus\", \"authorizerIntegrationLatency\": \"$context.authorizer.integrationLatency\" }", "DestinationArn": "arn:aws:logs:us-west-2:111122223333:log-group:SecurityHubAPIAccessLog/Prod" }, "AutoDeploy": false, "LastDeploymentStatusMessage": "Message", "ApiGatewayManaged": true, }

AwsApiGatewayV2Stage can have the following attributes.

AccessLogSettings

Optional

Information about settings for logging access for the stage.

Type: Object

ApiGatewayManaged

Optional

Indicates whether the stage is managed by API Gateway.

Type: Boolean

AutoDeploy

Optional

Indicates whether updates to an API automatically trigger a new deployment.

Type: Boolean

CreatedDate

Optional

Indicates when the stage was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"CreatedDate": "2017-03-22T13:22:13.933Z"
DefaultRouteSettings

Optional

Default route settings for the stage.

Type: Object

DeploymentId

Optional

The identifier of the deployment that the stage is associated with.

Type: String

Description

Optional

The description of the stage.

Type: String

LastDeploymentStatusMessage

Optional

The status of the last deployment of a stage. Supported only if the stage has automatic deployment enabled.

Type: String

LastUpdatedDate

Optional

Indicates when the stage was most recently updated.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"LastUpdatedDate": "2017-03-22T13:22:13.933Z"
RouteSettings

Optional

The route settings for the stage.

Type: Object

StageName

Optional

The name of the stage.

Type: String

StageVariables

Optional

A map that defines the stage variables for the stage.

Variable names can have alphanumeric and underscore characters.

Variable values can contain the following characters:

  • Uppercase and lowercase letters

  • Numbers

  • Special characters -._~:/?#&=,

Type: Map of strings

AccessLogSettings

The AccessLogSettings object contains information about settings for logging access for the stage.

AccessLogSettings can have the following attributes.

DestinationArn

Optional

The ARN of the CloudWatch Logs log group that receives the access logs.

Type: String

Format

Optional

A single-line format of the access logs of data, as specified by selected $context variables. The format must include at least $context.requestId.

Type: String

DefaultRouteSettings and RouteSettings

The DefaultRouteSettings object contains the default route settings for the stage.

The RouteSettings object contains the route settings for the stage.

These objects can have the following attributes.

DataTraceEnabled

Optional

Indicates whether data trace logging is enabled. Data trace logging affects the log entries that are pushed to CloudWatch Logs. Supported only for WebSocket APIs.

Type: Boolean

DetailedMetricsEnabled

Optional

Indicates whether detailed metrics are enabled.

Type: Boolean

LoggingLevel

Optional

The logging level. The logging level affects the log entries that are pushed to CloudWatch Logs. Supported only for WebSocket APIs.

If the logging level is ERROR, then the logs only include error-level entries.

If the logging level is INFO, then the logs include both ERROR events and extra informational events.

Type: String

Valid values: OFF | ERROR | INFO

ThrottlingBurstLimit

Optional

The throttling burst limit.

Type: Number

ThrottlingRateLimit

Optional

The throttling rate limit.

Type: Number

AwsAutoScalingAutoScalingGroup

The AwsAutoScalingAutoScalingGroup object provides details about an automatic scaling group.

Example

"AwsAutoScalingAutoScalingGroup": { "CreatedTime": "2017-10-17T14:47:11Z", "HealthCheckGracePeriod": 300, "HealthCheckType": "EC2", "LaunchConfigurationName": "mylaunchconf", "LoadBalancerNames": [] }

The AwsAutoScalingAutoScalingGroup object can have the following attributes.

CreatedTime

Optional

Indicates when the automatic scaling group was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

HealthCheckGracePeriod

Optional

The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before it checks the health status of an EC2 instance that has come into service.

Type: Integer

HealthCheckType

Optional

The service to use for the health checks.

Type: String

Maximum length: 32

Valid values: EC2 | ELB

LaunchConfigurationName

Optional

The name of the launch configuration.

Type: String

Maximum length: 32

LoadBalancerNames

Optional

The list of load balancers that are associated with the group.

Type: Array of strings

Each load balancer name is limited to 255 characters.

AwsCertificateManagerCertificate

The AwsCertificateManagerCertificate object provides details about an AWS Certificate Manager (ACM) certificate.

Example

"AwsCertificateManagerCertificate": { "CertificateAuthorityArn": "arn:aws:acm:us-west-2:444455556666:certificate-authority/example", "CreatedAt": "2019-05-24T18:12:02.000Z", "DomainName": "example.amazondomains.com", "DomainValidationOptions": [ { "DomainName": "example.amazondomains.com", "ResourceRecord": { "Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com", "Type": "CNAME", "Value": "_example.acm-validations.aws." }, "ValidationDomain": "example.amazondomains.com"", "ValidationEmails": [], "ValidationMethod": "DNS", "ValidationStatus": "SUCCESS" } ], "ExtendedKeyUsages": [ { "Name": "TLS_WEB_SERVER_AUTHENTICATION", "OId": "1.3.6.1.5.5.7.3.1" }, { "Name": "TLS_WEB_CLIENT_AUTHENTICATION", "OId": "1.3.6.1.5.5.7.3.2" } ], "FailureReason": "", "ImportedAt": "2018-08-17T00:13:00.000Z", "InUseBy": ["arn:aws:amazondomains:us-west-2:444455556666:loadbalancer/example"], "IssuedAt": "2020-04-26T00:41:17.000Z", "Issuer": "Amazon", "KeyAlgorithm": "RSA-1024", "KeyUsages": [ { "Name": "DIGITAL_SIGNATURE", }, { "Name": "KEY_ENCIPHERMENT", } ], "NotAfter": "2021-05-26T12:00:00.000Z", "NotBefore": "2020-04-26T00:00:00.000Z", "Options": { "CertificateTransparencyLoggingPreference": "ENABLED", } "RenewalEligibility": "ELIGIBLE", "RenewalSummary": { "DomainValidationOptions": [ { "DomainName": "example.amazondomains.com", "ResourceRecord": { "Name": "_1bacb61828d3a1020c40a560ceed08f7.example.amazondomains.com", "Type": "CNAME", "Value": "_example.acm-validations.aws.com", }, "ValidationDomain": "example.amazondomains.com", "ValidationEmails": [], "ValidationMethod": "DNS", "ValidationStatus": "SUCCESS" } ], "RenewalStatus": "SUCCESS", "RenewalStatusReason": "", "UpdatedAt": "2020-04-26T00:41:35.000Z", }, "Serial": "02:ac:86:b6:07:2f:0a:61:0e:3a:ac:fd:d9:ab:17:1a", "SignatureAlgorithm": "SHA256WITHRSA", "Status": "ISSUED", "Subject": "CN=example.amazondomains.com"", "SubjectAlternativeNames": ["example.amazondomains.com"], "Type": "AMAZON_ISSUED" }

AwsCertificateManagerCertificate can have the following attributes.

CertificateAuthorityArn

Optional

The ARN of the private certificate authority (CA) that will be used to issue the certificate.

Type: String

CreatedAt

Optional

Indicates when the certificate was requested.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"CreatedAt": "2017-03-22T13:22:13.933Z"
DomainName

Optional

The fully qualified domain name (FQDN), such as www.example.com, that is secured by the certificate.

Type: String

Minimum length: 1

Maximum length: 253

DomainValidationOptions

Optional

Contains information about the initial validation of each domain name that occurs as a result of the RequestCertificate request.

Only provided if the certificate type is AMAZON_ISSUED.

Type: Array of objects

ExtendedKeyUsages

Optional

Contains a list of Extended Key Usage X.509 v3 extension objects. Each object specifies a purpose for which the certificate public key can be used and consists of a name and an object identifier (OID).

Type: Array of objects

FailureReason

Optional

For a failed certificate request, the reason for the failure.

Type: String

Valid values: NO_AVAILABLE_CONTACTS | ADDITIONAL_VERIFICATION_REQUIRED | DOMAIN_NOT_ALLOWED | INVALID_PUBLIC_DOMAIN | DOMAIN_VALIDATION_DENIED | CAA_ERROR | PCA_LIMIT_EXCEEDED | PCA_INVALID_ARN | PCA_INVALID_STATE | PCA_REQUEST_FAILED | PCA_NAME_CONSTRAINTS_VALIDATION | PCA_RESOURCE_NOT_FOUND | PCA_INVALID_ARGS | PCA_INVALID_DURATION | PCA_ACCESS_DENIED | SLR_NOT_FOUND | OTHER

ImportedAt

Optional

Indicates when the certificate was imported. Provided if the certificate type is IMPORTED.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"ImportedAt": "2017-03-22T13:22:13.933Z"
InUseBy

Optional

The list of ARNs for the AWS resources that use the certificate.

Type: Array of strings

IssuedAt

Optional

Indicates when the certificate was issued. Provided if the certificate type is AMAZON_ISSUED.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"IssuedAt": "2017-03-22T13:22:13.933Z"
Issuer

Optional

The name of the certificate authority that issued and signed the certificate.

Type: String

KeyAlgorithm

Optional

The algorithm that was used to generate the public-private key pair.

Type: String

Valid values: RSA_2048 | RSA_1024 | RSA_4096 | EC_prime256v1 | EC_secp384r1 | EC_secp521r1

KeyUsages

Optional

A list of key usage X.509 v3 extension objects.

Type: Array of objects

NotAfter

Optional

The time after which the certificate becomes invalid.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"NotAfter": "2017-03-22T13:22:13.933Z"
NotBefore

Optional

The time before which the certificate is not valid.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"NotBefore": "2017-03-22T13:22:13.933Z"
Options

Optional

Provides a value that specifies whether to add the certificate to a transparency log.

Type: Object

RenewalEligibility

Optional

Whether the certificate is eligible for renewal.

Type: String

Valid values: ELIGIBLE | INELIGIBLE

RenewalSummary

Optional

Information about the status of the ACM managed renewal for the certificate. Provided only when the certificate type is AMAZON_ISSUED.

Type: Object

Serial

Optional

The serial number of the certificate.

Type: String

SignatureAlgorithm

Optional

The algorithm that was used to sign the certificate.

Type: String

Status

Optional

The status of the certificate.

Type: String

Valid values: PENDING_VALIDATION | ISSUED | INACTIVE | EXPIRED | VALIDATION_TIMED_OUT | REVOKED | FAILED

Subject

Optional

The name of the entity that is associated with the public key contained in the certificate.

Type: String

SubjectAlternativeNames

Optional

One or more domain names (subject alternative names) included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate.

The subject alternative names include the canonical domain name (CN) of the certificate and additional domain names that can be used to connect to the website.

Type: Array of strings

Minimum number of items: 1

Maximum number of items: 100

Minimum length per item: 1

Maximum length per item: 253

Type

Optional

The source of the certificate. For certificates that ACM provides, Type is AMAZON_ISSUED. For certificates that are imported with ImportCertificate, Type is IMPORTED.

Type: String

Valid values: IMPORTED | AMAZON_ISSUED | PRIVATE

DomainValidationOptions

The DomainValidationOptions object contains information about one of the following:

  • The initial validation of each domain name that occurs as a result of the RequestCertificate request

  • The validation of each domain name in the certificate, as it pertains to ACM managed renewal

DomainValidationOptions can have the following attributes.

DomainName

Optional

A fully qualified domain name (FQDN) in the certificate.

Type: String

ResourceRecord

Optional

The CNAME record that is added to the DNS database for domain validation.

Type: Object

ValidationDomain

Optional

The domain name that ACM uses to send domain validation emails.

Type: String

ValidationEmails

Optional

A list of email addresses that ACM uses to send domain validation emails.

Type: Array of strings

ValidationMethod

Optional

The method used to validate the domain name.

Type: String

ValidationStatus

Optional

The validation status of the domain name.

Type: String

ResourceRecord provides the following details about the resource.

Name

Optional

The name of the resource.

Type: String

Type

Optional

The type of resource.

Type: String

Value

Optional

The value of the resource.

Type: String

ExtendedKeyUsages

ExtendedKeyUsages contains a list of extended key usage X.509 v3 extension objects.

Each extension object can have the following attributes.

Name

Optional

The name of an extension value. Indicates the purpose for which the certificate public key can be used.

Type: String

Oid

Optional

An object identifier (OID) for the extension value.

Type: String

Format: Numbers separated by periods

Example

"OId": "1.3.6.1.5.5.7.3.1"

KeyUsages

The KeyUsages object contains a list of key usage X.509 v3 extension objects.

Each extension object can have the following attributes.

Name

Optional

The key usage extension name.

Type: String

Options

The Options object contains other options for the certificate.

Currently, the only option indicates whether to add the certificate to a transparency log.

Options can have the following attributes.

CertificateTransparencyLoggingPreference

Optional

Whether to add the certificate to a transparency log.

Type: String

Valid values: DISABLED | ENABLED

RenewalSummary

The RenewalSummary object contains information about the ACM managed renewal for an AMAZON_ISSUED certificate.

RenewalSummary can have the following attributes.

DomainValidationOptions

Optional

Information about the validation of each domain name in the certificate, as it pertains to ACM managed renewal. Provided only when the certificate type is AMAZON_ISSUED.

Type: Array of objects

RenewalStatus

Optional

The status of the ACM managed renewal of the certificate.

Type: String

Valid values: PENDING_AUTO_RENEWAL | PENDING_VALIDATION | SUCCESS | FAILED

RenewalStatusReason

Optional

The reason that a renewal request was unsuccessful.

Type: String

Valid values: NO_AVAILABLE_CONTACTS | ADDITIONAL_VERIFICATION_REQUIRED | DOMAIN_NOT_ALLOWED | INVALID_PUBLIC_DOMAIN | DOMAIN_VALIDATION_DENIED | CAA_ERROR | PCA_LIMIT_EXCEEDED | PCA_INVALID_ARN | PCA_INVALID_STATE | PCA_REQUEST_FAILED | PCA_NAME_CONSTRAINTS_VALIDATION | PCA_RESOURCE_NOT_FOUND | PCA_INVALID_ARGS | PCA_INVALID_DURATION | PCA_ACCESS_DENIED | SLR_NOT_FOUND | OTHER

UpdatedAt

Optional

Indicates when the renewal summary was last updated.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"UpdatedAt": "2017-03-22T13:22:13.933Z"

AwsCloudFrontDistribution

The AwsCloudFrontDistribution object provides details about a distribution configuration.

It can have the following attributes.

CacheBehaviors

Optional

Provides information about the cache configuration for the distribution.

Type: Object

DefaultCacheBehavior

Optional

The default cache behavior for the configuration.

Type: Object

DefaultRootObject

Optional

The object that CloudFront sends in response to requests from the origin (for example, index.html) when a viewer requests the root URL for the distribution (http://www.example.com) instead of an object in your distribution (http://www.example.com/product-description.html).

Type: String

DomainName

Optional

The domain name that corresponds to the distribution.

Type: String

Etag

Optional

The entity tag is a hash of the object.

Type: String

LastModifiedTime

Optional

Indicates when the distribution was last modified.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Logging

Optional

A complex type that controls whether access logs are written for the distribution.

Type: Object

OriginGroups

Optional

Provides information about the origin groups in the distribution.

Type: Object

Origins

Optional

A complex type that contains information about origins and origin groups for this distribution.

Type: String

Status

Optional

Indicates the current status of the distribution.

Type: String

WebAclId

Optional

A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution.

Type: String

CacheBehaviors

The CacheBehaviors object provides information about caching for the distribution. The CacheBehaviors object contains an Items array of objects. The Items objects represent cache behaviors.

Each object in Items can have the following attributes.

ViewerProtocolPolicy

Optional

The protocol that viewers can use to access the files in an origin. You can specify the following options:

  • allow-all – Viewers can use HTTP or HTTPS.

  • redirect-to-https – CloudFront responds to HTTP requests with an HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The viewer then uses the new URL to resubmit.

  • https-only – CloudFront responds to HTTP request with an HTTP status code of 403 (Forbidden).

Type: String

Valid values: allow-all | https-only | redirect-to-https

DefaultCacheBehavior

The DefaultCacheBehavior object contains information about the default cache configuration for the distribution.

DefaultCacheBehavior can have the following attributes.

ViewerProtocolPolicy

Optional

The protocol that viewers can use to access the files in an origin. You can specify the following options:

  • allow-all – Viewers can use HTTP or HTTPS.

  • redirect-to-https – CloudFront responds to HTTP requests with an HTTP status code of 301 (Moved Permanently) and the HTTPS URL. The viewer then uses the new URL to resubmit.

  • https-only – CloudFront responds to HTTP request with an HTTP status code of 403 (Forbidden).

Type: String

Valid values: allow-all | https-only | redirect-to-https

Logging

The Logging object provides information about the logging for the distribution.

It can have the following attributes.

Bucket

Optional

The S3 bucket to store the access logs in.

Type: String

Enabled

Optional

With this field, you can enable or disable the selected distribution.

Type: Boolean

IncludeCookies

Optional

Specifies whether you want CloudFront to include cookies in access logs.

Type: Boolean

Prefix

Optional

An optional string that you want CloudFront to prefix to the access log file names for this distribution.

Type: String

OriginGroups

The OriginGroups object contains information about the origin groups for the distribution.

The structure is as follows:

"OriginGroups": { "Items": [ { "FailoverCriteria": { "StatusCodes": { "Items": [ number ], "Quantity": number } } } ] },

OriginGroups contains an Items array of objects. Each object represents an origin group.

Each Items object contains a FailoverCriteria object. The FailoverCriteria object provides information about when an origin group fails over.

The FailoverCriteria object contains a StatusCodes object. StatusCodes indicates the status codes that cause the failover.

Items

Optional

The list of status code values that can cause a failover to the next origin.

Type: Array of numbers.

Quantity

Optional

The number of status codes that can cause a failover.

Type: Number

Origins

The Origins object contains information about origins and origin groups for this distribution.

It can contain the following attributes.

Items

Optional

A complex type that contains origins or origin groups for this distribution.

Type: Array of objects

Each item can have the following attributes.

DomainName

Optional

Amazon S3 origins: The DNS name of the S3 bucket from which you want CloudFront to get objects for this origin.

Type: String

Id

Optional

A unique identifier for the origin or origin group.

Type: String

OriginPath

Optional

An optional element that causes CloudFront to request your content from a directory in your S3 bucket or your custom origin.

Type: String

S3OriginConfig

Optional

An origin that is an S3 bucket that is not configured with static website hosting.

Type: Object

S3OriginConfig can have the following attributes.

OriginAccessIdentity

Optional

The CloudFront origin access identity to associate with the origin.

Type: String

AwsCloudTrailTrail

The AwsCloudTrailTrail object provides details about a CloudTrail trail.

Example

"AwsCloudTrailTrail": { "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:CloudTrail/regression:*", "CloudWatchLogsRoleArn": "arn:aws:iam::866482105055:role/CloudTrail_CloudWatchLogs", "HasCustomEventSelectors": true, "HomeRegion": "us-west-2", "IncludeGlobalServiceEvents": true, "IsMultiRegionTrail": true, "IsOrganizationTrail": false, "KmsKeyId": "kmsKeyId", "LogFileValidationEnabled": true, "Name": "regression-trail", "S3BucketName": "cloudtrail-bucket", "S3KeyPrefix": "s3KeyPrefix", "SnsTopicArn": "arn:aws:sns:us-east-2:123456789012:MyTopic", "SnsTopicName": "snsTopicName", "TrailArn": "arn:aws:cloudtrail:us-west-2:123456789012:trail" }

AwsCloudTrailTrail can have the following attributes.

CloudWatchLogsLogGroupArn

Optional

The ARN of the log group that CloudTrail logs are delivered to.

Type: String

CloudWatchLogsRoleArn

Optional

The ARN of the role that the CloudWatch Logs endpoint assumes when it writes to the log group.

Type: String

HasCustomEventSelectors

Optional

Indicates whether the trail has custom event selectors.

Type: Boolean

HomeRegion

Optional

The Region where the trail was created.

Type: String

IncludeGlobalServiceEvents

Optional

Indicates whether the trail publishes events from global services such as IAM to the log files.

Type: Boolean

IsMultiRegionTrail

Optional

Indicates whether the trail applies only to the current Region or to all Regions.

Type: Boolean

IsOrganizationTrail

Optional

Whether the trail is created for all accounts in an organization in AWS Organizations, or only for the current AWS account.

Type: Boolean

KmsKeyId

Optional

The AWS KMS key ID to use to encrypt the logs.

Type: String

LogFileValidationEnabled

Optional

Indicates whether CloudTrail log file validation is enabled.

Type: Boolean

Name

Optional

The name of the trail.

Type: String

S3BucketName

Optional

The name of the S3 bucket where the log files are published.

Type: String

Minimum length: 3

Maximum length: 63

S3KeyPrefix

Optional

The S3 key prefix. The key prefix is added after the name of the S3 bucket where the log files are published.

Type: String

Maximum length: 200

SnsTopicArn

Optional

The ARN of the SNS topic that is used for notifications of log file delivery.

Type: String

SnsTopicName

Optional

The name of the SNS topic that is used for notifications of log file delivery.

Type: String

Maximum length: 255

TrailArn

Optional

The ARN of the trail.

Type: String

AwsCodeBuildProject

The AwsCodeBuildProject object provides information about an AWS CodeBuild project.

Example

"AwsCodeBuildProject": { "EncryptionKey": "my-symm-key", "Environment": { "Type": "LINUX_CONTAINER", "Certificate": "myX509", "ImagePullCredentialsType": "CODEBUILD", "RegistryCredential": { "Credential": "my_dockerhub_secret", "CredentialProvider": "SECRETS_MANAGER" } }, "Name": "my-cd-project", "Source": { "Type": "CODECOMMIT", "Location": "https://git-codecommit.us-east-2.amazonaws.com/v1/repos/MyDemoRepo", "GitCloneDepth": 1 }, "ServiceRole": "arn:aws:iam:myrole", "VpcConfig": { "VpcId": "vpc-1234456", "Subnets": ["sub-12344566"], "SecurityGroupIds": ["sg-123456789012"] } }

The AwsCodeBuildProject object can have the following attributes.

EncryptionKey

Optional

The AWS KMS customer master key (CMK) to be used for encrypting the build output artifacts.

Note

You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key.

You can specify either the ARN of the CMK or, if available, the CMK alias (using the format alias/alias-name).

Type: String

Minimum length: 1

Environment

Optional

Information about the build environment for this build project.

Type: Object

Name

Optional

The name of the build project.

Type: String

Minimum length: 2

Maximum length: 255

Pattern: [A-Za-z0-9][A-Za-z0-9\-_]{1,254}

ServiceRole

Optional

The ARN of the IAM role that enables CodeBuild to interact with dependent AWS services on behalf of the AWS account.

Type: String

Minimum length: 1

Source

Optional

Information about the build input source code for this build project.

Type: Object

VpcConfig

Optional

Information about the VPC configuration that CodeBuild accesses.

Type: Object

Environment

The Environment object provides information about the build environment for the build project.

It can have the following attributes.

Certificate

Optional

The certificate to use with this build project.

Type: String

ImagePullCredentialsType

Optional

The type of credentials CodeBuild uses to pull images in your build. There are two valid values:

CODEBUILD specifies that CodeBuild uses its own credentials. This requires that you modify your ECR repository policy to trust the CodeBuild service principal.

SERVICE_ROLE specifies that CodeBuild uses your build project's service role.

When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use a CodeBuild curated image, you must use CODEBUILD credentials.

Type: String

Valid values: CODEBUILD | SERVICE_ROLE

RegistryCredential

Optional

The credentials for access to a private registry.

Type: Object

Type

Required

The type of build environment to use for related builds.

Type: String

Valid values: WINDOWS_CONTAINER | LINUX_CONTAINER | LINUX_GPU_CONTAINER | ARM_CONTAINER

Each registry credential in the RegistryCredentials object has the following attributes.

Credential

Required

The ARN or name of credentials created using AWS Secrets Manager.

Note

The credential can use the name of the credentials only if they exist in your current AWS Region.

Type: String

Minimum length: 1

CredentialProvider

Required

The service that created the credentials to access a private Docker registry. The valid value, SECRETS_MANAGER, is for Secrets Manager.

Type: String

Valid values: SECRETS_MANAGER

Source

The Source object provides information about the build input source code for this build project.

It can have the following attributes.

GitCloneDepth

Optional

Information about the Git clone depth for the build project.

Type: Integer

Minimum value: 0

Location

Optional

Information about the location of the source code to be built.

Type: String

Valid values:

  • For source code settings that are specified in the source action of a pipeline in AWS CodePipeline, location should not be specified. If it is specified, CodePipeline ignores it. This is because CodePipeline uses the settings in a pipeline's source action instead of this value.

  • For source code in an AWS CodeCommit repository, the HTTPS clone URL to the repository that contains the source code and the build spec file (for example, https://git-codecommit.region-ID.amazonaws.com/v1/repos/repo-name ).

  • For source code in an S3 input bucket, one of the following.

    • The path to the ZIP file that contains the source code (for example, bucket-name/path/to/object-name.zip).

    • The path to the folder that contains the source code (for example, bucket-name/path/to/source-code/folder/).

  • For source code in a GitHub repository, the HTTPS clone URL to the repository that contains the source and the build spec file.

  • For source code in a Bitbucket repository, the HTTPS clone URL to the repository that contains the source and the build spec file.

Type

Required

The type of repository that contains the source code to be built.

Type: String

Valid values:

  • BITBUCKET ‐ The source code is in a Bitbucket repository.

    CODECOMMIT ‐ The source code is in a CodeCommit repository.

    CODEPIPELINE ‐ The source code settings are specified in the source action of a pipeline in CodePipeline.

    GITHUB ‐ The source code is in a GitHub repository.

    GITHUB_ENTERPRISE ‐ The source code is in a GitHub Enterprise repository.

    NO_SOURCE ‐ The project does not have input source code.

    S3 ‐ The source code is in an Amazon S3 input bucket.

VpcConfig

The VpcConfig object provides information about the VPC configuration that CodeBuild accesses.

It can have the following attributes.

SecurityGroupIds

Optional

A list of one or more security group IDs in your Amazon VPC.

Type: Array of strings

Array members: Maximum number of 5 items

Minimum length per item: 1

Subnets

Optional

A list of one or more subnet IDs in your Amazon VPC.

Type: Array of strings

Array members: Maximum number of 16 items

Minimum length per item: 1

VpcId

Optional

The ID of the VPC.

Type: String

Minimum length: 1

AwsDynamoDbTable

The AwsDynamoDbTable object provides details about a DynamoDB table.

Example

"AwsDynamoDbTable": { "AttributeDefinitions": [ { "AttributeName": "attribute1", "AttributeType": "value 1" }, { "AttributeName": "attribute2", "AttributeType": "value 2" }, { "AttributeName": "attribute3", "AttributeType": "value 3" } ], "BillingModeSummary": { "BillingMode": "PAY_PER_REQUEST", "LastUpdateToPayPerRequestDateTime": "2019-12-03T15:23:10.323Z" }, "CreationDateTime": "2019-12-03T15:23:10.248Z", "GlobalSecondaryIndexes": [ { "Backfilling": false, "IndexArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/index/exampleIndex", "IndexName": "standardsControlArnIndex", "IndexSizeBytes": 1862513, "IndexStatus": "ACTIVE", "ItemCount": 20, "KeySchema": [ { "AttributeName": "City", "KeyType": "HASH" }, { "AttributeName": "Date", "KeyType": "RANGE" } ], "Projection": { "NonKeyAttributes": ["predictorName"], "ProjectionType": "ALL" }, "ProvisionedThroughput": { "LastIncreaseDateTime": "2019-03-14T13:21:00.399Z", "LastDecreaseDateTime": "2019-03-14T12:47:35.193Z", "NumberOfDecreasesToday": 0, "ReadCapacityUnits": 100, "WriteCapacityUnits": 50 }, } ], "GlobalTableVersion": "V1", "ItemCount": 2705, "KeySchema": [ { "AttributeName": "zipcode", "KeyType": "HASH" } ], "LatestStreamArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/stream/2019-12-03T23:23:10.248", "LatestStreamLabel": "2019-12-03T23:23:10.248", "LocalSecondaryIndexes": [ { "IndexArn": "arn:aws:dynamodb:us-east-1:111122223333:table/exampleGroup/index/exampleId", "IndexName": "CITY_DATE_INDEX_NAME", "KeySchema": [ { "AttributeName": "zipcode", "KeyType": "HASH" } ], "Projection": { "NonKeyAttributes": ["predictorName"], "ProjectionType": "ALL" }, } ], "ProvisionedThroughput": { "LastIncreaseDateTime": "2019-03-14T13:21:00.399Z", "LastDecreaseDateTime": "2019-03-14T12:47:35.193Z", "NumberOfDecreasesToday": 0, "ReadCapacityUnits": 100, "WriteCapacityUnits": 50 }, "Replicas": [ { "GlobalSecondaryIndexes":[ { "IndexName": "CITY_DATE_INDEX_NAME", "ProvisionedThroughputOverride": { "ReadCapacityUnits": 10 } } ], "KmsMasterKeyId" : "KmsMasterKeyId" "ProvisionedThroughputOverride": { "ReadCapacityUnits": 10 }, "RegionName": "regionName", "ReplicaStatus": "CREATING", "ReplicaStatusDescription": "replicaStatusDescription" } ], "RestoreSummary" : { "SourceBackupArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/backup/backup1", "SourceTableArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable", "RestoreDateTime": "2020-06-22T17:40:12.322Z", "RestoreInProgress": true }, "SseDescription": { "InaccessibleEncryptionDateTime": "2018-01-26T23:50:05.000Z", "Status": "ENABLED", "SseType": "KMS", "KmsMasterKeyArn": "arn:aws:kms:us-east-1:111122223333:key/key1" }, "StreamSpecification" : { "StreamEnabled": true, "StreamViewType": "NEW_IMAGE" }, "TableId": "example-table-id-1", "TableName": "example-table", "TableSizeBytes": 1862513, "TableStatus": "ACTIVE" }

It can have the following attributes.

AttributeDefinitions

Optional

A list of attribute definitions for the table.

Type: Array of objects.

BillingModeSummary

Optional

Information about the billing for read/write capacity on the table.

Type: Object

CreationDateTime

Optional

Indicates when the table was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"CreationDateTime": "2020-06-22T17:40:12.322Z"
GlobalSecondaryIndexes

Optional

List of global secondary indexes for the table.

Type: Array of objects

GlobalTableVersion

Optional

The version of global tables being used.

Type: String

ItemCount

Optional

The number of items in the table.

Type: Number

KeySchema

Optional

The primary key structure for the table.

Type: Array of objects

LatestStreamArn

Optional

The ARN of the latest stream for the table.

Type: String

LatestStreamLabel

Optional

The label of the latest stream. The label is not a unique identifier.

Type: String

LocalSecondaryIndexes

Optional

The list of local secondary indexes for the table.

Type: Array of objects

ProvisionedThroughput

Optional

Information about the provisioned throughput for the table.

Type: Object

Replicas

Optional

The list of replicas of this table.

Type: Array of objects

RestoreSummary

Optional

Information about the restore for the table.

Type: Object

SseDescription

Optional

Information about the server-side encryption for the table.

Type: Object

StreamSpecification

Optional

The current DynamoDB Streams configuration for the table.

Type: Object

TableId

Optional

The identifier of the table.

Type: String

TableName

Optional

The name of the table.

Type: String

Minimum length: 3

Maximum length: 255

TableSizeBytes

Optional

The total size of the table in bytes.

Type: Integer

TableStatus

Optional

The current status of the table.

Type: String

Valid values: CREATING | UPDATING | DELETING | ACTIVE | INACCESSIBLE_ENCRYPTION_CREDENTIALS | ARCHIVING | ARCHIVED

AttributeDefinitions

The AttributeDefinitions object contains a list of attribute definitions for the table.

It can have the following attributes.

AttributeName

Optional

The name of the attribute.

Type: String

AttributeType

Optional

The type of the attribute.

Type: String

BillingModeSummary

The BillingModeSummary object provides information about the billing for read/write capacity on the table.

It can have the following attributes.

BillingMode

Optional

The method used to charge for read and write throughput and to manage capacity.

Type: String

Valid values: PROVISIONED | PAY_PER_REQUEST

LastUpdateToPayPerRequestDateTime

Optional

If the billing mode is PAY_PER_REQUEST, indicates when the billing mode was set to that value.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"LastUpdateToPayPerRequestDateTime": "2020-06-22T17:40:12.322Z"

GlobalSecondaryIndexes

The GlobalSecondaryIndexes object contains a list of global secondary indexes for the table.

It can have the following attributes.

Backfilling

Optional

Whether the index is currently backfilling.

Type: Boolean

IndexArn

Optional

The ARN of the index.

Type: String

IndexName

Optional

The name of the index.

Type: String

IndexSizeBytes

Optional

The total size in bytes of the index.

Type: Number

IndexStatus

Optional

The current status of the index.

Type: String

Valid values: CREATING | UPDATING | DELETING | ACTIVE

ItemCount

Optional

The number of items in the index.

Type: Number

KeySchema

Optional

The key schema for the index.

Type: Array of objects

Projection

Optional

Attributes that are copied from the table into an index.

Type: Object

ProvisionedThroughput

Optional

Information about the provisioned throughput settings for the indexes.

Type: Object

KeySchema

The KeySchema object contains the key schema for the table, a global secondary index, or a local secondary index.

Each component of the key schema can have the following attributes.

AttributeName

Optional

The name of the attribute.

Type: String

KeyType

Optional

The type of key used for the attribute.

Type: String

Valid values: HASH | RANGE

LocalSecondaryIndexes

LocalSecondaryIndexes can have the following attributes.

IndexArn

Optional

The ARN of the index.

Type: String

IndexName

Optional

The name of the index.

Type: String

Minimum length: 3

Maximum length: 255

KeySchema

Optional

The complete key schema for the index.

Type: Array of objects

Projection

Optional

Attributes that are copied from the table into the index. These are in addition to the primary key attributes and index key attributes, which are automatically projected.

Type: Object

Projection (for global and local secondary indexes)

For global and local secondary indexes, the Projection object identifies the attributes that are copied from the table into the index.

It can have the following attributes.

NonKeyAttributes

Optional

The nonkey attributes that are projected into the index. For each attribute, provide the attribute name.

Type: Array of strings

Maximum number of items: 20

Minimum length per attribute: 1

Maximum length per attribute: 225

ProjectionType

Optional

The types of attributes that are projected into the index.

Type: String

Valid values: ALL | KEYS_ONLY | INCLUDE

ProvisionedThroughput

The ProvisionedThroughput object contains information about the provisioned throughput for the table or for a global secondary index.

It can have the following attributes.

LastDecreaseDateTime

Optional

Indicates when the provisioned throughput was last decreased.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"LastDecreaseDateTime": "2020-06-22T17:40:12.322Z"
LastIncreaseDateTime

Optional

Indicates when the provisioned throughput was last increased.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"LastIncreaseDateTime": "2020-06-22T17:40:12.322Z"
NumberOfDecreasesToday

Optional

The number of times during the current UTC calendar day that the provisioned throughput was decreased.

Type: Number

ReadCapacityUnits

Optional

The maximum number of strongly consistent reads consumed per second before DynamoDB returns a ThrottlingException.

Type: Number

WriteCapacityUnits

Optional

The maximum number of writes consumed per second before DynamoDB returns a ThrottlingException.

Type: Number

Replicas

The Replicas object contains the list of replicas of this table.

Each replica can have the following attributes.

GlobalSecondaryIndexes

Optional

List of global secondary indexes for the replica.

Type: Array of objects

GlobalSecondaryIndexes.IndexName

Optional

The name of the index.

Type: String

GlobalSecondaryIndexes.ProvisionedThroughputOverride

Optional

Replica-specific configuration for the provisioned throughput for the index.

Type: Object

KmsMasterKeyID

Optional

The identifier of the AWS KMS customer master key (CMK) that will be used for AWS KMS encryption for the replica.

Type: String

ProvisionedThroughputOverride

Optional

Replica-specific configuration for the provisioned throughput.

Type: Object

RegionName

Optional

The name of the Region where the replica is located.

Type: String

ReplicaStatus

Optional

The current status of the replica.

Type: String

Valid values: CREATING | CREATION_FAILED | UPDATING | DELETING | ACTIVE

ReplicaStatusDescription

Optional

Detailed information about the replica status.

Type: String

The ProvisionedThroughputOverride object provides replica-specific configuration for the provisioned throughput for the table or the global secondary indexes.

It can have the following attributes.

ReadCapacityUnits

Optional

The read capacity units for the replica.

Type: Number

Minimum value: 1

RestoreSummary

The RestoreSummary object provides information about the restore for the table.

It can have the following attributes.

RestoreDateTime

Optional

Indicates the point in time that the table was restored to.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"RestoreDateTime": "2020-06-22T17:40:12.322Z"
RestoreInProgress

Optional

Whether a restore is currently in progress.

Type: Boolean

SourceBackupArn

Optional

The ARN of the source backup from which the table was restored.

Type: String

SourceTableArn

Optional

The ARN of the source table for the backup.

Type: String

SseDescription

The SseDescription object provides information about the server-side encryption for the table.

It can have the following attributes.

InaccessibleEncryptionDateTime

Optional

If the key is inaccessible, the date and time when DynamoDB detected that the key was inaccessible.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"InaccessibleEncryptionDateTime": "2020-06-22T17:40:12.322Z"
KmsMasterKeyArn

Optional

The ARN of the AWS KMS customer master key (CMK) that is used for the AWS KMS encryption.

Type: String

SseType

Optional

The type of server-side encryption.

Type: String

Valid values: KMS

Status

Optional

The status of the server-side encryption.

Type: String

Valid values: ENABLED | UPDATING

StreamSpecification

The StreamSpecification object contains the current DynamoDB Streams configuration for the table.

It can have the following attributes.

StreamEnabled

Optional

Indicates whether DynamoDB Streams is enabled on the table.

Type: Boolean

StreamViewType

Optional

Determines the information that is written to the table.

Type: String

Valid values: NEW_IMAGE | OLD_IMAGE | NEW_AND_OLD_IMAGES | KEYS_ONLY

AwsEc2Eip

The AwsEc2Eip object provides information about an Elastic IP address.

Example

"AwsEc2Eip": { "InstanceId": "instance1", "PublicIp": "192.0.2.04", "AllocationId": "eipalloc-example-id-1", "AssociationId": "eipassoc-example-id-1", "Domain": "vpc", "PublicIpv4Pool": "anycompany", "NetworkBorderGroup": "eu-central-1", "NetworkInterfaceId": "eni-example-id-1", "NetworkInterfaceOwnerId": "777788889999", "PrivateIpAddress": "192.0.2.03" }

The AwsEc2Eip object can have the following attributes.

AllocationId

Optional

The identifier that AWS assigns to represent the allocation of the Elastic IP address for use with Amazon VPC.

Type: String

AssociationId

Optional

The identifier that represents the association of the Elastic IP address with an EC2 instance.

Type: String

Domain

Optional

The domain in which to allocate the address.

If the address is for use with EC2 instances in a VPC, then Domain is vpc. Otherwise, Domain is standard.

Type: String

Valid values: standard | vpc

InstanceId

Optional

The identifier of the EC2 instance.

Type: String

NetworkBorderGroup

Optional

The name of the location from which the Elastic IP address is advertised.

Type: String

NetworkInterfaceId

Optional

The identifier of the network interface.

Type: String

NetworkInterfaceOwnerId

Optional

The AWS account ID of the owner of the network interface.

Type: String

Format: Must be a 12-digit number.

PrivateIpAddress

Optional

The private IP address that is associated with the Elastic IP address.

Type: IPv4

PublicIp

Optional

A public IP address that is associated with the EC2 instance.

Type: IPv4

PublicIpv4Pool

Optional

The identifier of an IP address pool. This parameter allows Amazon EC2 to select an IP address from the address pool.

Type: String

AwsEc2Instance

The details of an Amazon EC2 instance.

Type: Object

The AwsEc2Instance object can have the following attributes.

IamInstanceProfileArn

Optional

The IAM profile ARN of the instance.

Type: String

Format: Conforms to the AWS ARN format

ImageId

Optional

The Amazon Machine Image (AMI) ID of the instance.

Type: String

Maximum length: 64

IpV4Addresses

Optional

The IPv4 addresses that are associated with the instance.

Type: Array of up to 10 IPv4 addresses

IpV6Addresses

Optional

The IPv6 addresses that are associated with the instance.

Type: Array of up to 10 IPv6 addresses

KeyName

Optional

The key name that is associated with the instance.

Type: String

Maximum length: 128

LaunchedAt

Optional

Indicates when the instance was launched.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

SubnetId

Optional

The identifier of the subnet where the instance was launched.

Type: String

Maximum length: 32

Type

Optional

The instance type of the instance. This must be a valid EC2 instance type.

Type: String

Maximum length: 16

VpcId

Optional

The identifier of the VPC where the instance was launched.

Type: String

Maximum length: 32

AwsEc2NetworkInterface

The AwsEc2NetworkInterface object provides information about an Amazon EC2 network interface.

Example

"AwsEc2NetworkInterface": { "Attachment": { "AttachTime": "2019-01-01T03:03:21Z", "AttachmentId": "eni-attach-43348162", "DeleteOnTermination": true, "DeviceIndex": 123, "InstanceId": "i-1234567890abcdef0", "InstanceOwnerId": "123456789012", "Status": 'ATTACHED' }, "SecurityGroups": [ { "GroupName": "my-security-group", "GroupId": "sg-903004f8" }, ], "NetworkInterfaceId": 'eni-686ea200', "SourceDestCheck": false }

The AwsEc2NetworkInterface object can have the following attributes.

Attachment

Optional

Information about the network interface attachment.

Type: Object

Ipv6Addresses

Optional

The IPv6 addresses associated with the network interface.

Type: Array of objects

NetworkInterfaceId

Optional

The ID of the network interface.

Type: String

PrivateIpAddresses

Optional

The private IPv4 addresses associated with the network interface.

Type: Array of objects

PublicDnsName

Optional

The public DNS name of the network interface.

Type: String

PublicIp

Optional

The address of the Elastic IP address bound to the network interface.

Type: String

SecurityGroups

Optional

Security groups for the network interface.

Type: Array of group objects

SourceDestCheck

Optional

Indicates whether traffic to or from the instance is validated.

Type: Boolean

Attachment

The Attachment object provides information about the network interface attachment.

It can have the following attributes.

AttachmentId

Optional

The identifier of the network interface attachment

Type: String

AttachTime

Optional

Indicates when the attachment initiated.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

DeleteOnTermination

Optional

Indicates whether the network interface is deleted when the instance is terminated.

Type: Boolean

DeviceIndex

Optional

The device index of the network interface attachment on the instance.

Type: Integer

InstanceId

Optional

The ID of the instance.

Type: String

InstanceOwnerId

Optional

The AWS account ID of the owner of the instance.

Type: String

Status

Optional

The attachment state.

Type: String

Valid values: attaching | attached | detaching | detached

Ipv6Addresses

Ipv6Addresses lists the IPV6 addresses that are associated with the network interface. Each IPV6 address can have the following attributes.

Ipv6Address

Optional

The IPV6 address.

Type: String

PrivateIpAddresses

PrivateIpAddresses contains the list of private IPv4 addresses that are associated with the network interface.

Each private IPv4 address can have the following attributes.

PrivateDnsName

Optional

The private DNS name for the IP address.

Type: String

PrivateIpAddress

Optional

The IP address.

Type: String

SecurityGroups

The SecurityGroups object contains the list of security groups for the network interface.

Each security group can have the following attributes.

GroupId

Optional

The ID of the security group.

Type: String

GroupName

Optional

The name of the security group.

Type: String

AwsEc2SecurityGroup

The AwsEc2SecurityGroup object describes an Amazon EC2 security group.

Example

"AwsEc2SecurityGroup": { "GroupName": "MySecurityGroup", "GroupId": "sg-903004f8", "OwnerId": "123456789012", "VpcId": "vpc-1a2b3c4d", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "UserIdGroupPairs": [ { "UserId": "123456789012", "GroupId": "sg-903004f8" } ], "PrefixListIds": [ {"PrefixListId": "pl-63a5400a"} ] }, { "PrefixListIds": [], "FromPort": 22, "IpRanges": [ { "CidrIp": "203.0.113.0/24" } ], "ToPort": 22, "IpProtocol": "tcp", "UserIdGroupPairs": [] } ] }

The AwsEc2SecurityGroup object can have the following attributes.

GroupId

Optional

The ID of the security group.

Type: String

GroupName

Optional

The name of the security group.

Type: String

IpPermissions

Optional

The inbound rules that are associated with the security group.

Type: Array of IP permission objects

IpPermissionsEgress

Optional

[VPC only] The outbound rules that are associated with the security group.

Type: Array of IP permission objects

OwnerId

Optional

The AWS account ID of the owner of the security group.

Type: String

VpcId

Optional

[VPC only] The ID of the VPC for the security group.

Type: String

IP permission object

The IpPermissions and IpPermissionsEgress objects both contain an array of IP permission objects.

Each IP permission object can have the following attributes.

FromPort

Optional

The start of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number.

A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Type: Integer

IpProtocol

Optional

The IP protocol name (tcp, udp, icmp, icmpv6) or number (see the protocol numbers list).

[VPC only] Use -1 to specify all protocols.

When authorizing security group rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6 allows traffic on all ports, regardless of any port range you specify.

For tcp, udp, and icmp, you must specify a port range.

For icmpv6, the port range is optional. If you omit the port range, traffic for all types and codes is allowed.

Type: String

IpRanges

Optional

The ranges of IP addresses.

Type: Array of IP range objects

PrefixListIds

Optional

[VPC only] The prefix list IDs for an AWS service. With outbound rules, this is the AWS service to access through a VPC endpoint from instances that are associated with the security group.

Type: Array of prefix list ID objects

ToPort

Optional

The end of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.

A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

Type: Integer

UserIdGroupPairs

Optional

The security group and AWS account ID pairs.

Type: Array of user ID group pair objects

Each entry in the IpRanges array can have the following attributes.

CidrIp

Optional

A range of IP addresses.

You can either specify a CIDR range or a source security group, but not both.

To specify a single IPv4 address, use the /32 prefix length.

To specify a single IPv6 address, use the /128 prefix length.

Type: String

Each entry in the PrefixListIds array can have the following attributes.

PrefixListId

Optional

The ID of the prefix.

Type: String

Each entry in the UserIdGroupPairs array can have the following attributes.

GroupId

Optional

The ID of the security group.

Type: String

UserId

Optional

The ID of an AWS account.

For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.

[Amazon EC2-Classic] Required when adding or removing rules that reference a security group in another AWS account.

Type: String

AwsEc2Volume

The AwsEc2Volume object provides details about an EC2 volume.

Example

"AwsEc2Volume": { "Attachments": [ { "AttachTime": "2017-10-17T14:47:11Z", "DeleteOnTermination": true, "InstanceId": "i-123abc456def789g", "Status": "attached" } ], "CreateTime": "2020-02-24T15:54:30Z", "Encrypted": true, "KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Size": 80, "SnapshotId": "", "Status": "available" }

The AwsEc2Volume object can have the following attributes.

Attachments

Optional

The volume attachments.

Type: Array of objects

CreateTime

Optional

Indicates when the volume was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Encrypted

Optional

Whether the volume is encrypted.

Type: Boolean

KmsKeyId

Optional

The ARN of the AWS KMS customer master key (CMK) that was used to protect the volume encryption key for the volume.

Type: String

Size

Optional

The size of the volume, in GiBs.

Type: Integer

SnapshotId

Optional

The snapshot from which the volume was created.

Type: String

Status

Optional

The volume state.

Type: String

Valid values: creating | available | in-use | deleting | deleted | error

Attachments

The Attachments object contains the set of attachments for the EC2 volume. Each attachment can have the following attributes.

AttachTime

Optional

The date and time when the attachment initiated.

Type: String (timestamp)

Format: yyyy-MM-ddTHH:mm:ssZ

DeleteOnTermination

Optional

Whether the EBS volume is deleted when the EC2 instance is terminated.

Type: Boolean

InstanceId

Optional

The identifier of the EC2 instance.

Type: String

Status

Optional

The attachment state of the volume.

Type: String

Valid values: attaching | attached | detaching | detached | busy

AwsEc2Vpc

The AwsEc2Vpc object provides details about an EC2 virtual private cloud (VPC).

Example

"AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlock": "192.0.2.0/24", "CidrBlockState": "associated" } ], "DhcpOptionsId": "dopt-4e42ce28", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlockState": "associated", "Ipv6CidrBlock": "192.0.2.0/24" } ], "State": "available" }

The AwsEc2Vpc object can have the following attributes.

CidrBlockAssociationSet

Optional

Information about the IPv4 CIDR blocks that are associated with the VPC.

Type: Array of objects

DhcpOptionsId

Optional

The identifier of the set of Dynamic Host Configuration Protocol (DHCP) options that are associated with the VPC. If the default options are associated with the VPC, then this is default.

Type: String

Maximum length: 32

IpV6CidrBlockAssociationSet

Optional

Information about the IPv6 CIDR blocks that are associated with the VPC.

Type: Array of objects.

State

Optional

The current state of the VPC.

Type: String

Maximum length: 32

Valid values: pending | available

CidrBlockAssociationSet

The CidrBlockAssociationSet object provides a list of IPV4 CIDR block associations.

Each CIDR block association can contain the following attributes.

AssociationId

Optional

The association ID for the IPv4 CIDR block.

Type: String

Maximum length: 32

CidrBlock

Optional

The IPv4 CIDR block.

Type: CIDR IPV4

CidrBlockState

Optional

Information about the state of the CIDR block.

Type: String

Maximum length: 32

IpV6CidrBlockAssociationSet

The IPV6CidrBlockAssociationSet object provides a list of IPV6 CIDR block associations.

Each CIDR block association can contain the following attributes.

Associationid

Optional

The association ID for the IPv6 CIDR block.

Type: String

Maximum length: 32

CidrBlockState

Optional

Information about the state of the CIDR block.

Type: String

Maximum length: 32

IpV6CidrBlock

Optional

The IPv6 CIDR block.

Type: CIDR IPV6

AwsElasticSearchDomain

The AwsElasticSearchDomain object provides details about an Elasticsearch domain.

It can have the following attributes.

AccessPolicies

Optional

IAM policy document specifying the access policies for the new Amazon ES domain.

Type: String

DomainEndpointOptions

Optional

Additional options for the domain endpoint.

Type: Object

DomainStatus

Optional

Details about the domain status.

Type: Object

ElasticsearchVersion

Optional

Elasticsearch version.

Type: String

EncryptionAtRestOptions

Optional

Details about the configuration for encryption at rest.

Type: Object

NodeToNodeEncryptionOptions

Optional

Details about the configuration for node-to-node encryption.

Type: Object

VPCOptions

Optional

Information that Amazon ES derives based on VPCOptions for the domain.

Type: Object

DomainEndpointOptions

The DomainEndpointOptions object provides information about additional options for the domain endpoint.

It can have the following attributes.

EnforceHTTPS

Optional

Whether to require that all traffic to the domain arrive over HTTPS.

Type: Boolean

TLSSecurityPolicy

Optional

The TLS security policy to apply to the HTTPS endpoint of the Elasticsearch domain.

Type: String

Valid values:

  • Policy-Min-TLS-1-0-2019-07, which supports TLSv1.0 and higher

  • Policy-Min-TLS-1-2-2019-07, which only supports TLSv1.2

DomainStatus

The DomainStatus object provides details about the domain status.

It can have the following attributes.

DomainId

Optional

Unique identifier for an Amazon ES domain.

Type: String

DomainName

Optional

Name of an Amazon ES domain.

Domain names are unique across all domains owned by the same account within an AWS Region.

Domain names must start with a lowercase letter and must be between 3 and 28 characters.

Valid characters are a-z (lowercase only), 0-9, and – (hyphen).

Type: String

Endpoint

Optional

Domain-specific endpoint used to submit index, search, and data upload requests to an Amazon ES domain.

The endpoint is a service URL.

Type: String

Endpoints

Optional

The key-value pair that exists if the Amazon ES domain uses VPC endpoints.

Type: Map of key-value pairs

Example

"vpc": "<VPC_ENDPOINT>"

EncryptionAtRestOptions

The EncryptionAtRestOptions object provides details about the configuration for encryption at rest.

It can have the following attributes.

Enabled

Optional

Whether encryption at rest is enabled.

Type: Boolean

KmsKeyId

Optional

The AWS KMS key ID. Takes the form 1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a.

Type: String

NodeToNodeEncryptionOptions

The NodeToNodeEncryptionOptions object provides details about the configuration for node-to-node encryption.

It can have the following attributes.

Enabled

Optional

Whether node-to-node encryption is enabled.

Type: Boolean

VpcOptions

The VpcOptions object contains information that Amazon ES derives based on the VPCOptions for the domain.

It can have the following attributes.

AvailabilityZones

Optional

The list of Availability Zones that are associated with the VPC subnets.

Type: Array of strings

SecurityGroupIds

Optional

The list of security group IDs that are associated with the VPC endpoints for the domain

Type: Array of strings.

SubnetIds

Optional

A list of subnet IDs that are associated with the VPC endpoints for the domain.

Type: Array of strings

VPCId

Optional

ID for the VPC.

Type: String

AwsElbLoadBalancer

The AwsElbLoadBalancer object contains details about a Classic Load Balancer.

Example

"AwsElbLoadBalancer": { "AvailabilityZones": ["us-west-2a"], "BackendServerDescriptions": [ { "InstancePort": 80, "PolicyNames": ["doc-example-policy"] } ], "CanonicalHostedZoneName": "Z3DZXE0EXAMPLE", "CanonicalHostedZoneNameID": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com", "CreatedTime": "2020-08-03T19:22:44.637Z", "DnsName": "my-load-balancer-444455556666.us-west-2.elb.amazonaws.com", "HealthCheck": { "HealthyThreshold": 2, "Interval": 30, "Target": "HTTP:80/png", "Timeout": 3, "UnhealthyThreshold": 2 }, "Instances": [ { "InstanceId": "i-example" } ], "ListenerDescriptions": [ { "Listener": { "InstancePort": 443, "InstanceProtocol": "HTTPS", "LoadBalancerPort": 443, "Protocol": "HTTPS", "SslCertificateId": "arn:aws:iam::444455556666:server-certificate/my-server-cert" }, "PolicyNames": ["ELBSecurityPolicy-TLS-1-2-2017-01"] } ], "LoadBalancerAttributes": { "AccessLog": { "EmitInterval": 60, "Enabled": true, "S3BucketName": "doc-example-bucket", "S3BucketPrefix": "doc-example-prefix" }, "ConnectionDraining": { "Enabled": false, "Timeout": 300 }, "ConnectionSettings": { "IdleTimeout": 30 }, "CrossZoneLoadBalancing": { "Enabled": true } }, "LoadBalancerName": "example-load-balancer", "Policies": { "AppCookieStickinessPolicies": [ { "CookieName": "", "PolicyName": "" } ], "LbCookieStickinessPolicies": [ { "CookieExpirationPeriod": 60, "PolicyName": "my-example-cookie-policy" } ], "OtherPolicies": [ "my-PublicKey-policy", "my-authentication-policy", "my-SSLNegotiation-policy", "my-ProxyProtocol-policy", "ELBSecurityPolicy-2015-03" ] }, "Scheme": "internet-facing", "SecurityGroups": ["sg-example"], "SourceSecurityGroup": { "GroupName": "my-elb-example-group", "OwnerAlias": "444455556666" }, "Subnets": ["subnet-example"], "VpcId": "vpc-a01106c2" }

AwsElbLoadBalancer can have the following attributes.

AvailabilityZones

Optional

The list of Availability Zones for the load balancer.

Type: Array of strings

BackendServerDescriptions

Optional

Information about the configuration of the EC2 instances.

Type: Array of objects

CanonicalHostedZoneName

Optional

The name of the Amazon Route 53 hosted zone for the load balancer.

Type: String

CanonicalHostedZoneNameID

Optional

The ID of the Amazon Route 53 hosted zone for the load balancer.

Type: String

CreatedTime

Optional

Indicates when the load balancer was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"CreatedTime": "2017-03-22T13:22:13.933Z"
DnsName

Optional

The DNS name of the load balancer.

Type: String

HealthCheck

Optional

Information about the health checks that are conducted on the load balancer.

Type: Object

Instances

Optional

List of EC2 instances for the load balancer.

Type: Array of objects

ListenerDescriptions

Optional

The policies that are enabled for the load balancer listeners.

Type: Array of objects

LoadBalancerAttributes

Optional

The attributes for a load balancer.

Type: Object

LoadBalancerName

Optional

The name of the load balancer.

Type: String

Policies

Optional

The policies for a load balancer.

Type: Object

Scheme

Optional

The type of load balancer. Only provided if the load balancer is in a VPC.

If Scheme is internet-facing, the load balancer has a public DNS name that resolves to a public IP address.

If Scheme is internal, the load balancer has a public DNS name that resolves to a private IP address.

Type: String

Valid values: internet-facing | internal

SecurityGroups

Optional

The security groups for the load balancer. Only provided if the load balancer is in a VPC.

Type: Array of strings

SourceSecurityGroup

Optional

Information about the security group for the load balancer. This is the security group that is used for inbound rules.

Type: Object

Subnets

Optional

The list of subnet identifiers for the load balancer.

Type: Array of strings

VpcId

Optional

The identifier of the VPC for the load balancer.

Type: String

BackendServerDescriptions

The BackendServerDescriptions object provides information about the configuration of the EC2 instances for the load balancer.

For each EC2 instance, BackendServerDescriptions can have the following attributes.

InstancePort

Optional

The port on which the EC2 instance is listening.

Type: Number

PolicyNames

Optional

The names of the policies that are enabled for the EC2 instance.

Type: Array of strings

HealthCheck

The HealthCheck object contains information about the health checks that are conducted on the load balancer.

HealthCheck can have the following attributes.

HealthyThreshold

Optional

The number of consecutive health check successes required before the instance is moved to the Healthy state.

Type: Number

Minimum value: 2

Maximum value: 10

Interval

Optional

The approximate interval, in seconds, between health checks of an individual instance.

Type: number

Minimum value: 5

Maximum value: 300

Target

Optional

The instance that is being checked. The target specifies the protocol and port. The available protocols are TCP, SSL, HTTP, and HTTPS. The range of valid ports is 1 through 65535.

For the HTTP and HTTPS protocols, the target also specifies the ping path.

For the TCP protocol, the target is specified as TCP: <port>.

For the SSL protocol, the target is specified as SSL.<port>.

For the HTTP and HTTPS protocols, the target is specified as <protocol>:<port>/<path to ping>.

Type: String

Maximum length: 1,024

Example: HTTP:80/png

Timeout

Optional

The amount of time, in seconds, during which no response means a failed health check.

Type: Number

Minimum value: 2

Maximum value: 60

UnhealthyThreshold

Optional

The number of consecutive health check failures that must occur before the instance is moved to the Unhealthy state.

Type: Number

Minimum value: 2

Maximum value: 10

Instances

The Instances object contains the list of EC2 instances for the load balancer.

Each EC2 instance can have the following attributes.

InstanceId

Optional

The instance identifier.

Type: String

ListenerDescriptions

The ListenerDescriptions object lists the policies that are enabled for the load balancer listeners.

ListenerDescriptions can have the following attributes.

Listener

Optional

Information about the listener.

Type: Object

PolicyNames

Optional

The policies enabled for the listener.

Type: Array of strings

The Listener object contains information about the listener.

Listener can have the following attributes.

InstancePort

Optional

The port on which the instance is listening.

Type: Number

Minimum value: 1

Maximum value: 65,535

InstanceProtocol

Optional

The protocol to use to route traffic to instances.

Type: String

Valid values: HTTP | HTTPS | TCP | SSL

LoadBalancerPort

Optional

The port on which the load balancer is listening.

On EC2-VPC, you can specify any port from the range 1-65535.

On EC2-Classic, you can specify any port from the following list: 25, 80, 443, 465, 587, 1024-65535.

Type: Number

Protocol

Optional

The load balancer transport protocol to use for routing.

Type: String

Valid values: HTTP | HTTPS | TCP | SSL

SslCertificateId

Optional

The ARN of the server certificate.

Type: String

LoadBalancerAttributes

The LoadBalancerAttributes object contains attributes for the load balancer.

LoadBalancerAttributes can have the following attributes.

AccessLog

Optional

Information about the access log configuration for the load balancer.

If the access log is enabled, the load balancer captures detailed information about all requests. It delivers the information to a specified S3 bucket.

Type: Object

ConnectionDraining

Optional

Information about the connection draining configuration for the load balancer.

If connection draining is enabled, the load balancer allows existing requests to complete before it shifts traffic away from a deregistered or unhealthy instance.

Type: Object

ConnectionSettings

Optional

Connection settings for the load balancer.

If an idle timeout is configured, the load balancer allows connections to remain idle for the specified duration. When a connection is idle, no data is sent over the connection.

Type: Object

CrossZoneLoadBalancing

Optional

Cross-zone load balancing settings for the load balancer.

If cross-zone load balancing is enabled, the load balancer routes the request traffic evenly across all instances regardless of the Availability Zones.

Type: Object

The AccessLog object contains information about the access log configuration for the load balancer.

AccessLog can have the following attributes.

EmitInterval

Optional

The interval in minutes for publishing the access logs.

You can publish access logs either every 5 minutes or every 60 minutes.

Type: Number

Valid values: 5 | 60

Enabled

Optional

Indicates whether access logs are enabled for the load balancer.

Type: Boolean

S3BucketName

Optional

The name of the S3 bucket where the access logs are stored.

Type: String

S3BucketPrefix

Optional

The logical hierarchy that was created for the S3 bucket.

If a prefix is not provided, the log is placed at the root level of the bucket.

Type: String

The ConnectionDraining object contains information about the connection draining configuration for the load balancer.

ConnectionDraining can have the following attributes.

Enabled

Optional

Indicates whether connection draining is enabled for the load balancer.

Type: Boolean

Timeout

Optional

The maximum time, in seconds, to keep the existing connections open before deregistering the instances.

Type: Number

The ConnectionSettings object contains connection settings for the load balancer.

ConnectionSettings can have the following attributes.

IdleTimeout

Optional

The time, in seconds, that the connection can be idle (no data is sent over the connection) before it is closed by the load balancer.

Type: Number

The CrossZoneLoadBalancing object contains cross-zone load balancing settings for the load balancer.

CrossZoneLoadBalancing can have the following attributes.

Enabled

Optional

Indicates whether cross-zone load balancing is enabled for the load balancer.

Type: Boolean

Policies

The Policies object contains information about the policies for a load balancer.

Policies can have the following attributes.

AppCookieStickinessPolicies

Optional

The stickiness policies that are created using CreateAppCookieStickinessPolicy.

Type: Array of objects

LbCookieStickinessPolicies

Optional

The stickiness policies that are created using CreateLBCookieStickinessPolicy.

Type: Array of objects

OtherPolicies

Optional

The policies other than the stickiness policies.

Type: Array of strings

The AppCookieStickinessPolicies object contains information about stickiness policies that are created using CreateAppCookieStickinessPolicy.

Each policy can have the following attributes.

CookieName

Optional

The name of the application cookie used for stickiness.

Type: String

PolicyName

Optional

The mnemonic name for the policy being created. The name must be unique within the set of policies for the load balancer.

Type: String

The LbCookieStickinessPolicies object contains information about the stickiness policies that are created using CreateLBCookieStickinessPolicy.

Each policy can have the following attributes.

CookieExpirationPeriod

Optional

The amount of time, in seconds, after which the cookie is considered stale. If an expiration period is not specified, the stickiness session lasts for the duration of the browser session.

Type: Number

PolicyName

Optional

The name of the policy. The name must be unique within the set of policies for the load balancer.

Type: String

SourceSecurityGroup

The SourceSecurityGroup object contains information about the security group for the load balancer.

SourceSecurityGroup can have the following attributes.

GroupName

Optional

The name of the security group.

Type: String

OwnerAlias

Optional

The owner of the security group.

Type: String

AwsElbv2LoadBalancer

The AwsElbv2LoadBalancer object provides information about a load balancer.

It can have the following attributes.

AvailabilityZones

Optional

The Availability Zones for the load balancer.

Type: Object

CanonicalHostedZoneId

Optional

The ID of the Amazon Route 53 hosted zone that is associated with the load balancer.

Type: String

CreatedTime

Optional

Indicates when the load balancer was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

DNSName

Optional

The public DNS name of the load balancer.

Type: String

IpAddressType

Optional

The type of IP addresses used by the subnets for your load balancer.

The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).

Type: String

Scheme

Optional

The nodes of an Internet-facing load balancer have public IP addresses.

Type: String

SecurityGroups

Optional

The IDs of the security groups for the load balancer.

Type: Array of strings

State

Optional

The state of the load balancer.

Type: Object

Type

Optional

The type of load balancer.

Type: String

VpcId

Optional

The ID of the VPC for the load balancer.

Type: String

AvailabilityZones

Specifies the Availability Zones for the load balancer.

Each Availability Zone can have the following attributes.

SubnetId

Optional

The ID of the subnet.

Type: String

ZoneName

Optional

The name of the Availability Zone.

Type: String

State

Information about the state of the load balancer.

The State object can have the following attributes.

Code

Optional

The state code.

The initial state of the load balancer is provisioning.

After the load balancer is fully set up and ready to route traffic, its state is active.

If the load balancer could not be set up, its state is failed.

Type: String

Reason

Optional

A description of the state.

Type: String

AwsIamAccessKey

The AwsIamAccessKey object contains details about an IAM access key that is related to a finding.

The AwsIamAccessKey object can have the following attributes.

AccessKeyId

Optional

The identifier of the access key.

Type: String

Minimum length: 16

Maximum length: 128

AccountId

Optional

The AWS account ID of the account for the key.

Type: String

CreatedAt

Optional

Indicates when the related IAM access key was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

PrincipalId

Optional

The ID of the principal that is associated with an access key.

Type: String

PrincipalName

Optional

The name of the principal.

Type: String

PrincipalType

Optional

The type of principal.

Type: String

SessionContext

Optional

Information about the session that the key was used for.

Type: Object

Status

Optional

The status of the IAM access key that is related to a finding. Valid values are ACTIVE and INACTIVE.

Type: Enum

SessionContext

The SessionContext object provides information about the session that the key was used for.

SessionContext can have the following attributes.

Attributes

Optional

Attributes of the session that the key was used for.

Type: Object

SessionIssuer

Optional

Information about the entity that created the session.

Type: Object

The Attributes object can have the following attributes.

CreationDate

Optional

Indicates when the session was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"CreationDate": "2017-03-22T13:22:13.933Z"
MfaAuthenticated

Optional

Indicates whether the session used multi-factor authentication (MFA).

Type: Boolean

The SessionIssuer object can have the following attributes.

AccountId

Optional

The identifier of the AWS account that created the session.

Type: String

Arn

Optional

The ARN of the session.

Type: String

PrincipalId

Optional

The principal ID of the principal (user, role, or group) that created the session.

Type: String

Type

Optional

The type of principal (user, role, or group) that created the session.

Type: String

UserName

Optional

The name of the principal that created the session.

Type: String

AwsIamGroup

The AwsIamGroup object contains details about an IAM group.

Example

"AwsIamGroup": { "AttachedManagedPolicies": [ { "PolicyArn": "arn:aws:iam::aws:policy/ExampleManagedAccess", "PolicyName": "ExampleManagedAccess", } ], "CreateDate": "2020-04-28T14:08:37.000Z", "GroupId": "AGPA4TPS3VLP7QEXAMPLE", "GroupName": "Example_User_Group", "GroupPolicyList": [ { "PolicyName": "ExampleGroupPolicy" } ], "Path": "/" }

AwsIamGroup can have the following attributes.

AttachedManagedPolicies

Optional

A list of the managed policies that are attached to the IAM group.

Type: Array of objects

CreateDate

Optional

Indicates when the IAM group was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"CreateDate": "2017-03-22T13:22:13.933Z"
GroupId

Optional

The identifier of the IAM group.

Type: String

Minimum length: 16

Maximum length: 128

GroupName

Optional

The name of the IAM group.

Type: String

Minimum length: 1

Maximum length: 128

GroupPolicyList

Optional

The list of inline policies that are embedded in the group.

Type: Array of objects

Path

Optional

The path to the group.

Type: String

Minimum length: 1

Maximum length: 512

AttachedManagedPolicies

The AttachedManagedPolicies object contains the list of the managed policies that are attached to the IAM group.

Each policy can have the following attributes.

PolicyArn

Optional

The ARN of the policy.

Type: String

Minimum length: 20

Maximum length: 2,048

PolicyName

Optional

The name of the policy.

Type: String

Minimum length: 1

Maximum length: 128

GroupPolicyList

The GroupPolicyList object contains the list of inline policies that are embedded in the group.

Each policy can have the following attributes.

PolicyName

Optional

The name of the policy.

Type: String

Minimum length: 1

Maximum length: 128

AwsIamPolicy

The AwsIamPolicy object represents an IAM permissions policy.

Example

"AwsIamPolicy": { "AttachmentCount": 1, "CreateDate": "2017-09-14T08:17:29.000Z", "DefaultVersionId": "v1", "Description": "Example IAM policy", "IsAttachable": true, "Path": "/", "PermissionsBoundaryUsageCount": 5, "PolicyId": "ANPAJ2UCCR6DPCEXAMPLE", "PolicyName": "EXAMPLE-MANAGED-POLICY", "PolicyVersionList": [ { "VersionId": "v1", "IsDefaultVersion": true, "CreateDate": "2017-09-14T08:17:29.000Z" } ], "UpdateDate": "2017-09-14T08:17:29.000Z" }

It can have the following attributes.

AttachmentCount

Optional

The number of users, groups, and roles that the policy is attached to.

Type: Number

CreateDate

Optional

When the policy was created.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces.

Example

"CreateDate": "2020-06-22T17:40:12.322Z"
DefaultVersionId

Optional

The identifier of the default version of the policy.

Type: String

Description

Optional

A description of the policy.

Type: String

Maximum length: 1,000

IsAttachable

Optional

Whether the policy can be attached to a user, group, or role.

Type: Boolean

Path

Optional

The path to the policy.

Type: String

Minimum length: 1

Maximum length: 512

For more information about paths, see IAM Identifiers in the IAM User Guide.

PermissionsBoundaryUsageCount

Optional

The number of users and roles that use the policy to set the permissions boundary.

Type: Number

PolicyId

Optional

The unique identifier of the policy.

Type: String

Minimum length: 16

Maximum length: 128

PolicyName

Optional

The name of the policy.

Type: String

Minimum length: 1

Maximum length: 128

PolicyVersionList

Optional

List of versions of the policy.

Type: Array of objects

UpdateDate

Optional

When the policy was most recently updated.

Type: String

Format: Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format