AWS Security Finding Format (ASFF)
AWS Security Hub consumes, aggregates, organizes, and prioritizes findings from AWS security services and from the third-party product integrations. Security Hub processes these findings using a standard findings format called the AWS Security Finding Format (ASFF), which eliminates the need for time-consuming data conversion efforts. Then it correlates ingested findings across products to prioritize the most important ones.
Contents
- ASFF syntax
- ASFF attributes
- Compliance
- Malware
- Network
- NetworkPath
- Note
- PatchSummary
- Process
- RelatedFindings
- Remediation
- Resources
- AwsAutoScalingAutoScalingGroup
- AwsCloudFrontDistribution
- AwsCodeBuildProject
- AwsDynamoDbTable
- AwsEc2Eip
- AwsEc2Instance
- AwsEc2NetworkInterface
- AwsEc2SecurityGroup
- AwsEc2Volume
- AwsEc2Vpc
- AwsElasticSearchDomain
- AwsElbv2LoadBalancer
- AwsIamAccessKey
- AwsIamPolicy
- AwsIamRole
- AwsIamUser
- AwsKmsKey
- AwsLambdaFunction
- AwsLambdaLayerVersion
- AwsRdsDbCluster
- AwsRdsDbClusterSnapshot
- AwsRdsDbInstance
- AwsRdsDbSnapshot
- AwsS3Bucket
- AwsS3Object
- AwsSecretsManagerSecret
- AwsSnsTopic
- AwsSqsQueue
- AwsWafWebAcl
- Container
- Other
- Severity
- ThreatIntelIndicators
- Vulnerabilities
- Workflow
- Types taxonomy for ASFF
ASFF syntax
The following is the syntax of the complete finding JSON in the ASFF.
"Findings": [ { "AwsAccountId": "string", "Compliance": { "RelatedRequirements": ["string"], "Status": "string", "StatusReasons": [ { "Description": "string", "ReasonCode": "string" } ] }, "Confidence": number, "CreatedAt": "string", "Criticality": number, "Description": "string", "FirstObservedAt": "string", "GeneratorId": "string", "Id": "string", "LastObservedAt": "string", "Malware": [ { "Name": "string", "Path": "string", "State": "string", "Type": "string" } ], "Network": { "DestinationDomain": "string", "DestinationIpV4": "string", "DestinationIpV6": "string", "DestinationPort": number, "Direction": "string", "OpenPortRange": { "Begin": integer, "End": integer }, "Protocol": "string", "SourceDomain": "string", "SourceIpV4": "string", "SourceIpV6": "string", "SourceMac": "string", "SourcePort": number }, "NetworkPath" : [ { "ComponentId": "string", "ComponentType": "string", "Egress": { "Destination": { "Address": ["string"], "PortRanges": [ { "Begin": integer, "End": integer } ] }, "Protocol": "string", "Source": { "Address": ["string"], "PortRanges": [ { "Begin": integer, "End": integer } ] } }, "Ingress": { "Destination": { "Address": ["string"], "PortRanges": [ { "Begin": integer, "End": integer } ] }, "Protocol": "string", "Source": { "Address": ["string"], "PortRanges": [ { "Begin": integer, "End": integer } ] } } } ], "Note": { "Text": "string", "UpdatedAt": "string", "UpdatedBy": "string" }, "PatchSummary" : { "FailedCount" : number, "Id" : "string", "InstalledCount" : number, "InstalledOtherCount" : number, "InstalledPendingReboot" : number, "InstalledRejectedCount" : number, "MissingCount" : number, "Operation" : "string", "OperationEndTime" : "string", "OperationStartTime" : "string", "RebootOption" : "string" }, "Process": { "LaunchedAt": "string", "Name": "string", "ParentPid": number, "Path": "string", "Pid": number, "TerminatedAt": "string" }, "ProductArn": "string", "ProductFields": { "string" : "string" }, "RecordState": "string", "RelatedFindings": [ { "Id": "string", "ProductArn": "string" } ], "Remediation": { "Recommendation": { "Text": "string", "Url": "string" } }, "Resources": [ { "Details": { "AwsAutoScalingAutoScalingGroup": { "CreatedTime": "string", "HealthCheckGracePeriod": integer, "HealthCheckType": "string", "LaunchConfigurationName": "string", "LoadBalancerNames": ["string"] }, "AwsCloudFrontDistribution": { "DomainName": "string", "Etag": "string", "LastModifiedTime": "string", "Logging": { "Bucket": "string", "Enabled": boolean, "IncludeCookies": boolean, "Prefix": "string" }, "Origins": { "Items": [ { "DomainName": "string", "Id": "string", "OriginPath": "string" } ] }, "Status": "string", "WebAclId": "string" }, "AwsCodeBuildProject": { "EncryptionKey": "string", "Environment": { "Type": "string", "Certificate": "string", "ImagePullCredentialsType": "string", "RegistryCredential": { "Credential": "string", "CredentialProvider": "string" } }, "Name": "string", "ServiceRole": "string", "Source": { "Type": "string", "Location": "string", "GitCloneDepth": integer }, "VpcConfig": { "VpcId": "string", "Subnets": ["string"], "SecurityGroupIds": ["string"] } }, "AwsDynamoDbTable": { "AttributeDefinitions": [ { "AttributeName": "string", "AttributeType": "string" } ], "BillingModeSummary" { "BillingMode": "string", "LastUpdateToPayPerRequestDateTime": "string" }, "CreationDateTime": "string", "GlobalSecondaryIndexes": [ { "Backfilling": boolean, "IndexArn": "string", "IndexName": "string", "IndexSizeBytes": number, "IndexStatus": "string", "ItemCount": number, "KeySchema": [ { "AttributeName": "string", "KeyType": "string" } ], "Projection": { "NonKeyAttributes": [ "string" ], "ProjectionType": "string" }, "ProvisionedThroughput": { "LastDecreaseDateTime": "string", "LastIncreaseDateTime": "string", "NumberOfDecreasesToday": number, "ReadCapacityUnits": number, "WriteCapacityUnits": number }, } ], "GlobalTableVersion": "string", "ItemCount": number, "KeySchema": [ { "AttributeName": "string", "KeyType": "string" } ], "LatestStreamArn": "string", "LatestStreamLabel": "string", "LocalSecondaryIndexes": [ { "IndexArn": "string", "IndexName": "string", "KeySchema": [ { "AttributeName": "string", "KeyType": "string" } ], "Projection": { "NonKeyAttributes": [ "string" ], "ProjectionType": "string" } } ], "ProvisionedThroughput": { "LastDecreaseDateTime": "string", "LastIncreaseDateTime": "string", "NumberOfDecreasesToday": number, "ReadCapacityUnits": number, "WriteCapacityUnits": number }, "Replicas": [ { "GlobalSecondaryIndexes":[ { "IndexName": "string", "ProvisionedThroughputOverride": { "ReadCapacityUnits": number } ], "KmsMasterKeyId" : "string" "ProvisionedThroughputOverride": { "ReadCapacityUnits": number }, "RegionName": "string" "ReplicaStatus": "string" "ReplicaStatusDescription": "string" } ], "RestoreSummary": { "RestoreDateTime": "string", "RestoreInProgress": boolean, "SourceBackupArn": "string", "SourceTableArn": "string" }, "SseDescription": { "InaccessibleEncryptionDateTime": "string", "KmsMasterKeyArn": "string", "SseType": "string", "Status": "string" }, "StreamSpecification": { "StreamEnabled": boolean, "StreamViewType": "string" }, "TableId": "string", "TableName": "string", "TableSizeBytes": number, "TableStatus": "string" }, "AwsEc2Eip": { "AllocationId": "string", "AssociationId": "string", "Domain": "string", "InstanceId": "string", "NetworkBorderGroup": "string", "NetworkInterfaceId": "string", "NetworkInterfaceOwnerId": "string", "PrivateIpAddress": "string", "PublicIp": "string", "PublicIpv4Pool": "string" }, "AwsEc2Instance": { "IamInstanceProfileArn": "string", "ImageId": "string", "IpV4Addresses": [ "string" ], "IpV6Addresses": [ "string" ], "KeyName": "string", "LaunchedAt": "string", "SubnetId": "string", "Type": "string", "VpcId": "string" }, "AwsEc2NetworkInterface": { "Attachment": { "AttachmentId": "string", "AttachTime": "string", "DeleteOnTermination": boolean, "DeviceIndex": number, "InstanceId": "string" "InstanceOwnerId": "string", "Status": "string" }, "SecurityGroups": [ { "GroupId": "string", "GroupName": "string" } ], "NetworkInterfaceId": "string", "SourceDestCheck": boolean }, "AwsEc2SecurityGroup": { "GroupId": "string", "GroupName": "string", "IpPermissions": [ { "FromPort": number, "IpProtocol": "string", "IpRanges": [ { "CidrIp": "string" } ], "PrefixListIds": [ {"PrefixListId": "string"} ], "ToPort": number, "UserIdGroupPairs": [ { "UserId": "string", "GroupId": "string" } ] } ], "IpPermissionsEgress": [ { "FromPort": number, "IpProtocol": "string", "IpRanges": [ { "CidrIp": "string" } ], "PrefixListIds": [ {"PrefixListId": "string"} ], "ToPort": number, "UserIdGroupPairs": [ { "UserId": "string", "GroupId": "string" } ] } ], "OwnerId": "string", "VpcId": "string" }, "AwsEc2Volume": { "Attachments": [ { "AttachTime": "string", "DeleteOnTermination": Boolean, "InstanceId": "string", "Status": "string" } ], "CreateTime": "string", "Encrypted": Boolean, "KmsKeyId": "string", "Size": number, "SnapshotId": "string", "Status": "string" }, "AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "string", "CidrBlock": "string", "CidrBlockState": "string" } ], "DhcpOptionsId": "string", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "string", "CidrBlockState": "string", "Ipv6CidrBlock": "string" } ], "State": "string" }, "AwsElasticSearchDomain": { "AccessPolicies": "string", "DomainStatus": { "DomainId": "string", "DomainName": "string", "Endpoint": "string", "Endpoints": { "string": "string" } }, "DomainEndpointOptions": { "EnforceHTTPS": boolean, "TLSSecurityPolicy": "string" }, "ElasticsearchVersion": "string", "EncryptionAtRestOptions": { "Enabled": boolean, "KmsKeyId": "string" }, "NodeToNodeEncryptionOptions": { "Enabled": boolean }, "VPCOptions": { "AvailabilityZones": [ "string" ], "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ], "VPCId": "string" } }, "AwsElbv2LoadBalancer": { "AvailabilityZones": { "SubnetId": "string", "ZoneName": "string" }, "CanonicalHostedZoneId": "string", "CreatedTime": "string", "DNSName": "string", "IpAddressType": "string", "Scheme": "string", "SecurityGroups": [ "string" ], "State": { "Code": "string", "Reason": "string" }, "Type": "string", "VpcId": "string" }, "AwsIamAccessKey": { "CreatedAt": "string", "PrincipalId": "string", "PrincipalName": "string", "PrincipalType": "string", "Status": "string" }, "AwsIamPolicy": { "AttachmentCount": number, "CreateDate": "string", "DefaultVersionId": "string", "Description": "string", "IsAttachable": boolean, "Path": "string", "PermissionsBoundaryUsageCount": number, "PolicyId": "string", "PolicyName": "string", "PolicyVersionList": [ { "CreateDate": "string", "IsDefaultVersion": boolean, "VersionId": "string" } , "UpdateDate": "string" }, "AwsIamRole": { "AssumeRolePolicyDocument": "string", "CreateDate": "string", "MaxSessionDuration": number, "Path": "string", "RoleId": "string", "RoleName": "string" }, "AwsIamUser": { "AttachedManagedPolicies": [ { "PolicyArn": "string", "PolicyName": "string" } ], "CreateDate": "string", "GroupList": [ "string" ], "Path": "string", "PermissionsBoundary" : { "PermissionsBoundaryArn" : "string", "PermissionsBoundaryType" : "string" }. "UserId": "string", "UserName": "string", "UserPolicyList": [ { "PolicyName": "string" } ] }, "AwsKmsKey": { "AWSAccountId": "string", "CreationDate": "string", "Description": string, "KeyId": "string", "KeyManager": "string", "KeyState": "string", "Origin": "string" }, "AwsLambdaFunction": { "Code" { "S3Bucket": "string", "S3Key": "string", "S3ObjectVersion": "string", "ZipFile": "string" }, "CodeSha256": "string", "DeadLetterConfig": { "TargetArn": "string", }, "Environment": { "Variables": { "string": "string" }, "Error": { "ErrorCode": "string", "Message": "string" } }, "FunctionName": "string", "Handler": "string", "KmsKeyArn": "string", "LastModified": "string", "Layers": { "Arn": "string", "CodeSize": number }, "RevisionId": "string", "Role": "string", "Runtime": "string", "Timeout": "integer", "TracingConfig": { "TracingConfig.Mode": "string" }, "Version": "string", "VpcConfig": { "SecurityGroupIds": [ "string" ], "SubnetIds": [ "string" ] }, "MasterArn": "string", "MemorySize": number }, "AwsLambdaLayerVersion": { "CompatibleRuntimes": [ "string" ], "CreatedDate": "string", "Version": number }, "AwsRdsDbCluster": { "ActivityStreamStatus": "string", "AllocatedStorage": number, "AssociatedRoles": [ { "RoleArn": "string", "Status": "string" } ], "AvailabilityZones": [ "string" ], "BackupRetentionPeriod": integer, "ClusterCreateTime": "string", "CopyTagsToSnapshot": boolean, "CrossAccountClone": boolean, "CustomEndpoints": [ "string" ], "DatabaseName": "string", "DbClusterIdentifier": "string", "DbClusterMembers": [ { "DbClusterParameterGroupStatus": "string", "DbInstanceIdentifier": "string", "IsClusterWriter": boolean, "PromotionTier": integer } ], "DbClusterOptionGroupMemberships": [ { "DbClusterOptionGroupName": "string", "Status": "string" } ], "DbClusterParameterGroup": "string", "DbClusterResourceId": "string", "DbSubnetGroup": "string", "DeletionProtection": boolean, "DomainMemberships": [ { "Domain": "string", "Fqdn": "string", "IamRoleName": "string", "Status": "string" } ], "EnabledCloudwatchLogsExports": [ "string" ], "Endpoint": "string", "Engine": "string", "EngineMode": "string", "EngineVersion": "string", "HostedZoneId": "string", "HttpEndpointEnabled": boolean, "IamDatabaseAuthenticationEnabled": boolean "KmsKeyId": "string", "MasterUsername": "string", "MultiAz": boolean, "Port": integer, "PreferredBackupWindow": "string", "PreferredMaintenanceWindow": "string", "ReaderEndpoint": "string", "ReadReplicaIdentifiers": [ "string" ], "Status": "string", "StorageEncrypted": boolean, "VpcSecurityGroups": [ { "Status": "string", "VpcSecurityGroupId": "string" } ] }, "AwsRdsDbClusterSnapshot": { "AllocatedStorage": integer, "AvailabilityZones": [ "string" ], "ClusterCreateTime": "string", "DbClusterIdentifier": "string", "DbClusterSnapshotIdentifier": "string", "Engine": "string", "EngineVersion": "string", "IamDatabaseAuthenticationEnabled": boolean, "KmsKeyId": "string", "LicenseModel": "string", "MasterUsername": "string", "PercentProgress": integer, "Port": integer, "SnapshotCreateTime": "string", "SnapshotType": "string", "Status": "string", "StorageEncrypted": boolean, "VpcId": "string" }, "AwsRdsDbInstance": { "AllocatedStorage": number, "AssociatedRoles": [ { "RoleArn": "string", "FeatureName": "string", "Status": "string" } ], "AutoMinorVersionUpgrade": boolean, "AvailabilityZone": "string", "BackupRetentionPeriod": number, "CACertificateIdentifier": "string", "CharacterSetName": "string", "CopyTagsToSnapshot": boolean, "DBClusterIdentifier": "string", "DBInstanceClass": "string", "DBInstanceIdentifier": "string", "DbInstancePort": number, "DbInstanceStatus": "string", "DbiResourceId": "string", "DBName": "string", "DbParameterGroups": [ { "DbParameterGroupName": "string", "ParameterApplyStatus": "string" } ], "DbSecurityGroups": [ "string" ], "DbSubnetGroup": { "DbSubnetGroupArn": "string", "DbSubnetGroupDescription": "string", "DbSubnetGroupName": "string", "SubnetGroupStatus": "string", "Subnets": [ { "SubnetAvailabilityZone": { "Name": "string" }, "SubnetIdentifier": "string", "SubnetStatus": "string" } ], "VpcId": "string", }, "DeletionProtection": boolean, "Endpoint": { "Address": "string", "Port": number, "HostedZoneId": "string" }, "DomainMemberships": [ { "Domain": "string", "Fqdn": "string", "IamRoleName": "string", "Status": "string" } ], "EnabledCloudwatchLogsExports": [ "string" ], "Engine": "string", "EngineVersion": "string", "EnhancedMonitoringResourceArn": "string", "IAMDatabaseAuthenticationEnabled": boolean, "InstanceCreateTime": "string", "Iops": number, "KmsKeyId": "string", "LatestRestorableTime": "string", "LicenseModel": "string", "ListenerEndpoint": { "Address": "string", "HostedZoneId": "string", "Port": number }, "MasterUsername": "admin", "MaxAllocatedStorage": number. "MonitoringInterval": number, "MonitoringRoleArn": "string", "MultiAz": boolean, "OptionGroupMemberships": [ { "OptionGroupName": "string", "Status": "string" } ], "PendingModifiedValues": { "AllocatedStorage": number, "BackupRetentionPeriod": number, "CaCertificateIdentifier": "string", "DbInstanceClass": "string", "DbInstanceIdentifier": "string", "DbSubnetGroupName": "string", "EngineVersion": "string", "Iops": number, "LicenseModel": "string", "MasterUserPassword": "string", "MultiAZ": boolean, "PendingCloudWatchLogsExports": { "LogTypesToDisable": [ "string" ], "LogTypesToEnable": [ "string" ] }, "Port": number, "ProcessorFeatures": [ { "Name": "string", "Value": "string" } ], "StorageType": "string" }, "PerformanceInsightsEnabled": boolean, "PerformanceInsightsKmsKeyId": "string", "PerformanceInsightsRetentionPeriod": number, "PreferredBackupWindow": "string", "PreferredMaintenanceWindow": "string", "ProcessorFeatures": [ { "Name": "string", "Value": "string" } ], "PromotionTier": number, "PubliclyAccessible": boolean, "ReadReplicaDBClusterIdentifiers": [ "string" ], "ReadReplicaDBInstanceIdentifiers": [ "string" ], "ReadReplicaSourceDBInstanceIdentifier": "string", "SecondaryAvailabilityZone": "string", "StatusInfos": [ { "Message": "string" "Normal": boolean, "Status": "string", "StatusType": "string" } ], "StorageEncrypted": boolean, "TdeCredentialArn": "string", "Timezone": "string", "VpcSecurityGroups": [ { "VpcSecurityGroupId": "string", "Status": "string" } ] }, "AwsRdsDbSnapshot": { "AllocatedStorage": integer, "AvailabilityZone": "string", "DbInstanceIdentifier": "string", "DbiResourceId": "string", "DbSnapshotIdentifier": "string", Encrypted": boolean, "Engine": "string", "EngineVersion": "string", "IamDatabaseAuthenticationEnabled": boolean, "InstanceCreateTime": "string", "Iops": number, "KmsKeyId": "string", "LicenseModel": "string", "MasterUsername": "string", "OptionGroupName": "string", "PercentProgress": integer, "Port": integer, "ProcessorFeatures": [], "SnapshotCreateTime": "string", "SnapshotType": "string", "SourceDbSnapshotIdentifier": "string", "SourceRegion": "string", "Status": "string", "StorageType": "string", TdeCredentialArn": "string", "Timezone": "string", "VpcId": "string" }, "AwsS3Bucket": { "CreatedAt": "string", "OwnerId": "string", "OwnerName": "string" "ServerSideEncryptionConfiguration": { "Rules": [ { "ApplyServerSideEncryptionByDefault": { "KMSMasterKeyID": "string", "SSEAlgorithm": "string" } } ] } }, "AwsS3Object": { "ContentType": "string", "ETag": "string", "LastModified": "string", "ServerSideEncryption": "string", "SSEKMSKeyId": "string", "VersionId": "string" }, "AwsSecretsManagerSecret": { "Deleted": Boolean, "Description": "string", "KmsKeyId": "string", "Name": "string", "RotationEnabled": boolean, "RotationLambdaArn": "string", "RotationOccurredWithinFrequency": boolean, "RotationRules": { "AutomaticallyAfterDays": integer } }, "AwsSnsTopic": { "KmsMasterKeyId": "string", "Owner": "string", "Subscription": { "Endpoint": "string", "Protocol": "string" }, "TopicName": "string" }, "AwsSqsQueue": { "DeadLetterTargetArn": "string", "KmsDataKeyReusePeriodSeconds": number, "KmsMasterKeyId": "string", "QueueName": "string" }, "AwsWafWebAcl": { "DefaultAction": "string", "Name": "string", "Rules": [ { "Action": { "Type": "string" }, "ExcludedRules": [ { "RuleId": "string" } ], "OverrideAction": { "Type": "string" }, "Priority": number, "RuleId": "string", "Type": "string" } ], "WebAclId": "string" }, "Container": { "ImageId": "string", "ImageName": "string", "LaunchedAt": "string", "Name": "string" }, "Other": { "string" : "string" } }, "Id": "string", "Partition": "string", "Region": "string", "Tags": { "string" : "string" }, "Type": "string" } ], "SchemaVersion": "string", "Severity": { "Label": "string", "Normalized": number, "Original": "string", "Product": number }, "SourceUrl": "string", "ThreatIntelIndicators": [ { "Category": "string", "LastObservedAt": "string", "Source": "string", "SourceUrl": "string", "Type": "string", "Value": "string" } ], "Title": "string", "Types": [ "string" ], "UpdatedAt": "string", "UserDefinedFields": { "string" : "string" }, "VerificationState": "string", "Workflow": { "Status": "string" }, "WorkflowState": "string" }, "Vulnerabilities" : [ { "Cvss": [ { "BaseScore": number, "BaseVector": "string", "Version": "string" }, ], "Id": "string", "ReferenceUrls":["string"], "RelatedVulnerabilities": ["string"], "Vendor": { "Name": "string", "Url":"string", "VendorCreatedAt":"string", "VendorSeverity":"string", "VendorUpdatedAt":"string" }, "VulnerablePackages": [ { "Architecture": "string", "Epoch": "string", "Name": "string", "Release": "string", "Version": "string" } ] } ] ]
ASFF attributes
The following table lists the top-level attributes and objects for the ASFF. For objects, to see the details for the object attributes and subfields, choose the object name.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
Yes |
The AWS account ID that the finding applies to. Type: String (12 digits max) Example:
|
|
No |
Finding details related to a control. Only returned for findings generated from a control. Type: Object Example:
|
|
|
|
No |
A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. A finding provider can provide an initial value for this attribute, but cannot update
it after that. This attribute can only be updated using Type: Integer (range 0–100) Confidence is scored on a 0–100 basis using a ratio scale, where 0 means zero-percent confidence and 100 means 100-percent confidence. However, a data exfiltration detection based on a statistical deviation of network traffic has a much lower confidence because an actual exfiltration hasn't been verified. Example:
|
|
|
Yes |
Indicates when the potential security issue captured by a finding was created. The This timestamp must be provided on the first generation of the finding and can't be changed upon subsequent updates to the finding. Type: String Format: Uses the Example:
Findings are deleted 90 days after the most recent update or 90 days after the creation date if no update occurs. To store findings for longer than 90 days, you can configure a rule in CloudWatch Events that routes findings to your Amazon S3 bucket. |
|
|
No |
The level of importance that is assigned to the resources that are associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. A finding provider can provide an initial value for this attribute, but cannot update
it after that. This attribute can only be updated using Type: Integer (range 0–100) Criticality is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. At a high level, when assessing criticality, you need to consider the following:
For each resource, consider the following:
You can use the following guidelines:
Example:
|
|
|
Yes |
A finding's description. This field can be nonspecific boilerplate text or details that are specific to the instance of the finding. Type: String (1,024 characters max) Example:
|
|
|
No |
Indicates when the potential security issue captured by a finding was first observed. This timestamp reflects the time of when the event or vulnerability was first observed.
Consequently, it can differ from the This timestamp should be immutable between updates of the finding record, but can be updated if a more accurate timestamp is determined. Type: String Format: Uses the Example:
|
|
|
Yes |
The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. In various solutions from security findings products, this generator can be called a rule, a check, a detector, a plugin, and so on. Type: String (512 characters max) or Amazon Resource Name (ARN) Example:
|
|
|
Yes |
The product-specific identifier for a finding. Type: String (512 characters max) or ARN The finding ID must comply with the following constraints:
These constraints are expected to hold within a findings product, but are not required to hold across findings products. Example:
|
|
|
No |
Indicates when the potential security issue captured by a finding was most recently observed by the security findings product. This timestamp reflects the time of when the event or vulnerability was last or most
recently observed. Consequently, it can differ from the
You can provide this timestamp, but it isn't required upon the
first observation. If you provide the field in this case, the
timestamp should be the same as the Type: String Format: Uses the Example:
|
|
No |
A list of malware related to a finding. Type: Array of up to five malware objects Example:
|
|
|
No |
The details of network-related information about a finding. Type: Object Example:
|
|
|
No |
A network path that is related to the finding. Each entry in Type: Array of objects |
|
|
No |
A user-defined note that is added to a finding. A finding provider can provide an initial note for a finding, but cannot add notes after that. A note can only be updated using Type: Object Example:
|
|
|
No |
Provides a summary of patch compliance. Type: Object |
|
|
No |
The details of process-related information about a finding. Type: Object Example:
|
|
|
|
Yes |
The ARN generated by Security Hub that uniquely identifies a third-party findings product after the product is registered with Security Hub. Type: ARN The format of this field is
Example:
|
|
|
No |
A data type where security findings products can include additional solution-specific details that aren't part of the defined AWS Security Finding Format. Type: Map of up to 50 key-value pairs This field should not contain redundant data and must not contain data that conflicts with AWS Security Finding Format fields. The " Although not required, products should format field names as
Field names can include alphanumeric characters, white space, and the following symbols: _ . / = + \ - @ Example:
|
|
|
No |
The record state of a finding. By default, when initially generated by a service, findings are considered
The Finding providers can update the record state. Security Hub also automatically archives control-based findings if the associated resource is deleted, the resource does not exist, or the control is disabled. Type: Enum Valid values: Example:
|
|
No |
A list of related findings. A finding provider can provide an initial list of related findings, but cannot update
the list after that. The list of related findings can only be
updated using Type: Array of up to 10 Example:
|
|
|
No |
The remediation options for a finding. Type: Object Example:
|
|
|
Yes |
A set of resource data types that describe the resources that the finding refers to. Type: Array of up to 32 resource objects Example:
|
|
|
|
Yes |
The schema version that a finding is formatted for. The value of this field must be one of the officially published versions identified by AWS. In the current release, the AWS Security Finding Format schema
version is Type: String (10 characters max, conforms to Example:
|
|
Yes |
A finding's severity. The finding must have either A finding provider can provide initial severity information for a finding, but cannot
update it after that. The severity information can only be updated
using Type: Object Example:
|
|
|
|
No |
A URL that links to a page about the current finding in the finding product. Type: URL |
|
No |
Threat intelligence details that are related to a finding. Type: Array of up to five threat intelligence indicator objects Example:
|
|
|
|
Yes |
A finding's title. This field can contain nonspecific boilerplate text or details that are specific to this instance of the finding. Type: String (256 characters max) |
|
|
Yes |
One or more finding types in the format of
Type: Array of 50 strings max
Namespaces are required for all finding types, but categories and classifiers are optional. If you specify a classifier, you must also specify a category. The ' Example:
|
|
|
Yes |
Indicates when the finding provider last updated the finding record. This timestamp reflects the time when the finding record was last
or most recently updated. Consequently, it can differ from the
When you update the finding record, you must update this timestamp
to the current timestamp. Upon creation of a finding record, the
Note that Findings are deleted 90 days after the most recent update or 90 days after the creation date if no update occurs. To store findings for longer than 90 days, you can configure a rule in CloudWatch Events that routes findings to your Amazon S3 bucket. Type: String Format: Uses the |
|
|
No |
A list of name-value string pairs that are associated with the finding. These are
custom,
user-defined fields that are added to a finding. These fields can be
generated automatically via your specific configuration. Findings
products must not use this field
for data that the product generates. Instead, findings products can
use the These fields can only be updated using Type: map of up to 50 key-value pairs Format: The key name can only contain letters, numbers, and the following special characters: -_=+@./: Example:
|
|
|
No |
The veracity of a finding. Findings products can provide the value of A finding provider can provide an initial value for this attribute, but cannot update
it after that. This attribute can only be updated using Type: Enum Valid values:
|
|
No |
A list of vulnerabilities that apply to the finding. Type: Array of objects |
|
|
No |
Provides information about the status of the investigation into a finding. The workflow status is not intended for finding providers. The workflow status can
only
be updated using Type: Object Example:
|
|
|
|
No |
This field is being deprecated in favor of the The workflow state of a finding. Findings products can provide
the value of Type: Enum Valid values:
Example:
|
Compliance
Contains finding details related to a control. Only returned for findings that are generated as the result of a check that is run on a control.
Example
"Compliance": { "RelatedRequirements": ["Req1", "Req2"], "Status": "FAILED", "StatusReasons": [ { "ReasonCode": "CLOUDWATCH_ALARMS_NOT_PRESENT", "Description": "CloudWatch alarms do not exist in the account" } ] }
The Compliance object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
For a Security Hub control, the industry or regulatory framework requirements that are related to the control. The check for that control is aligned with those requirements. You can provide up to 32 related requirements. To identify a requirement, use its identifier. Type: Array of strings |
|
|
No |
The result of a security check. Type: Enum Valid values:
Example:
|
|
No |
For findings generated from controls, a list of reasons behind
the value of For the list of status codes and their meanings, see Control-related information in the ASFF. Type: String Example:
|
StatusReasons
For findings generated from controls, a list of reasons for the value of
Compliance.Status.
"StatusReasons": [ { "Description": "CloudWatch alarms do not exist in the account", "ReasonCode": "CW_ALARMS_NOT_PRESENT" } ]
Each reason in the StatusReasons object can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The corresponding description for the reason. Type: String |
|
|
Yes |
A code that represents a reason for the current control status. Type: String For the list of available status codes and their meanings, see Results of security checks. |
Malware
The Malware object provides a list of malware related to a finding. It is an
array that can contain up to five malware objects.
Example
"Malware": [ { "Name": "Stringler", "Type": "COIN_MINER", "Path": "/usr/sbin/stringler", "State": "OBSERVED" } ]
Each malware object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
Yes |
The name of the malware that was observed. Type: String (64 characters max) Example:
|
|
|
No |
The filesystem path of the malware that was observed. Type: String (512 characters max) Example:
|
|
|
No |
The state of the malware that was observed. Type: Enum Valid values: Example:
|
|
|
No |
The type of the malware that was observed. Type: Enum Valid values: Example:
|
Network
The details of network-related information about a finding.
Type: Object
Example
"Network": { "Direction": "IN", "OpenPortRange": { "Begin": 443, "End": 443 }, "Protocol": "TCP", "SourceIpV4": "1.2.3.4", "SourceIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C", "SourcePort": "42", "SourceDomain": "example1.com", "SourceMac": "00:0d:83:b1:c0:8e", "DestinationIpV4": "2.3.4.5", "DestinationIpV6": "FE80:CD00:0000:0CDE:1257:0000:211E:729C", "DestinationPort": "80", "DestinationDomain": "example2.com" }
The Network object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The destination domain of network-related information about a finding. Type: String (128 characters max) Example:
|
|
|
No |
The destination IPv4 address of network-related information about a finding. Type: IPv4 Example:
|
|
|
No |
The destination IPv6 address of network-related information about a finding. Type: IPv6 Example:
|
|
|
No |
The destination port of network-related information about a finding. Type: Number (range of 0–65535) Example:
|
|
|
No |
The direction of network traffic that is associated with a finding. Type: Enum Valid values: Example:
|
|
The range of open ports that is present in the network. Type: Object |
||
|
|
No |
The protocol of network-related information about a finding. Type: String (16 characters max) The name should be the IANA registered name Example:
|
|
|
No |
The source domain of network-related information about a finding. Type: String (128 characters max) Example:
|
|
|
No |
The source IPv4 address of network-related information about a finding. Type: IPv4 Example:
|
|
|
No |
The source IPv6 address of network-related information about a finding. Type: IPv6 Example:
|
|
|
No |
The source media access control (MAC) address of network-related information about a finding. Type: String (must match Example:
|
|
|
No |
The source port of network-related information about a finding. Type: Number (range of 0–65535) Example:
|
OpenPortRange
Provides the beginning and end ports of the open port range.
OpenPortRange can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The first port in the port range. Type: Integer |
|
End |
No |
The last port in the port range. Type: Integer |
NetworkPath
The NetworkPath object provides information about a network path that
is relevant to a finding. Each entry under NetworkPath represents a
component of that path.
Example
"NetworkPath" : [ { "ComponentId": "abc-01a234bc56d8901ee", "ComponentType": "AWS::EC2::InternetGateway", "Egress": { "Destination": { "Address": [ "192.0.2.0/24" ], "PortRanges": [ { "Begin": 443, "End": 443 } ] }, "Protocol": "TCP", "Source": { Address": ["203.0.113.0/24"] } }, "Ingress": { "Destination": { "Address": [ "198.51.100.0/24" ], "PortRanges": [ { "Begin": 443, "End": 443 } ] }, "Protocol": "TCP", "Source": { "Address": [ "203.0.113.0/24" ] } } } ]
Each component of the network path can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
Yes |
The identifier of a component in the network path. Type: String |
|
|
Yes |
The type of component. Type: String |
|
No |
Information about the component that comes after the current component in the network path. Type: Object |
|
|
No |
Information about the component that comes before the current component in the network path. Type: Object |
Egress
The Egress object contains information about the component that
comes after the current component in the network path. It can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
No |
Information about the destination of the component. Type: Object |
|
|
|
No |
The protocol used for the component. Type: String |
|
No |
Information about the origin of the component. Type: Object |
Ingress
The Ingress object contains information about the previous
component in the network path. It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
No |
Information about the destination for the previous component. Type: Object |
|
|
|
No |
The protocol used by the previous component. Type: String |
|
No |
Information about the origin of the previous component. Type: Object |
Destination
The Destination object in Egress or
Ingress contains the destination information for the previous
or next component. It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
IP addresses of the previous or next component. Type: Array of strings |
|
|
No |
List of open port ranges for the destination of the previous or next component. Type: Array of objects |
|
|
No |
For an open port range, the beginning of the range. Type: Integer |
|
|
No |
For an open port range, the end of the range. Type: Number |
Source
The Source object under Egress or
Ingress contains information about the origin of the previous
or next component. It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
IP addresses for the origin of the previous or next component. Type: Array of strings |
|
|
No |
List of open port ranges for the origin of the previous or next component. Type: Array of objects |
|
|
No |
For an open port range, the beginning of the range. Type: Integer |
|
|
No |
For an open port range, the end of the range. Type: Number |
Note
The Note object adds a user-defined note to the finding.
A finding provider can provide an initial note for a finding, but cannot add notes
after
that. A note can only be updated using BatchUpdateFindings.
Example
"Note": { "Text": "Don't forget to check under the mat.", "UpdatedBy": "jsmith", "UpdatedAt": "2018-08-31T00:15:09Z" }
The Note object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
Yes |
The text of a finding note. Type: String (512 characters max) Example:
|
|
|
Yes |
Indicates when the note was updated. Type: String Format: Uses the Example:
|
|
|
Yes |
The principal that created a note. Type: String (512 characters max) or ARN Example:
|
PatchSummary
The PatchSummary object provides an overview of the patch compliance
status for an instance against a selected compliance standard.
Example
"PatchSummary" : { "Id" : "pb-123456789098" "InstalledCount" : "100", "MissingCount" : "100", "FailedCount" : "0", "InstalledOtherCount" : "1023", "InstalledRejectedCount" : "0", "InstalledPendingReboot" : "0", "OperationStartTime" : "2018-09-27T23:37:31Z", "OperationEndTime" : "2018-09-27T23:39:31Z", "RebootOption" : "RebootIfNeeded", "Operation" : "Install" }
The PatchSummary object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The number of patches from the compliance standard with installation failures. Type: Number Minimum value: 0 Maximum value: 100,000 |
|
|
Yes |
The identifier of the compliance standard that was used to determine the patch compliance status. Type: String Minimum length: 20 Maximum length: 128 |
|
|
No |
The number of patches from the compliance standard that were installed successfully. Type: Number Minimum value: 0 Maximum value: 100,000 |
|
|
No |
The number of installed patches that are not part of the compliance standard. Type: Number Minimum value: 0 Maximum value: 100,000 |
|
|
No |
The number of patches that were applied but that require the instance to be rebooted in order to be marked as installed. Type: Number Minimum value: 0 Maximum value: 100,000 |
|
|
No |
The number of patches that are installed but are also on a list of patches that the customer rejected. Type: Number Minimum value: 0 Maximum value: 100,000 |
|
|
No |
The number of patches that are part of the compliance standard but are not installed. The count includes patches with installation failures. Type: Number Minimum value: 0 Maximum value: 100,000 |
|
|
No |
The type of patch operation that was performed. For Patch Manager, the values are Type: String Maximum length: 256 |
|
OperationEndTime |
No |
Indicates when the operation was completed. Type: String Format: Uses the Example:
|
|
|
No |
Indicates when the operation started. Type: String Format: Uses the Example:
|
|
|
No |
The reboot option specified for the instance. Type: String Maximum length: 256 Valid values: |
Process
The Process object provides process-related details about the
finding.
Example
"Process": { "Name": "syslogd", "Path": "/usr/sbin/syslogd", "Pid": 12345, "ParentPid": 56789, "LaunchedAt": "2018-09-27T22:37:31Z", "TerminatedAt": "2018-09-27T23:37:31Z" }
The Process object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Indicates when the process was launched. Type: String Format: Uses the Example:
|
|
|
No |
The name of the process. Type: String (64 characters max) Example:
|
|
|
No |
The parent process ID. Type: Number Example:
|
|
|
No |
The path to the process executable. Type: String (512 characters max) Example:
|
|
|
No |
The process ID. Type: Number Example:
|
|
|
No |
Indicates when the process was terminated. Type: String Format: Uses the Example:
|
RelatedFindings
The RelatedFindings object provides a list of findings that are related to the
current finding.
A finding provider can provide an initial list of related findings, but cannot update
it
after that. RelatedFindings can only be updated using BatchUpdateFindings.
Example
"RelatedFindings": [ { "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty", "Id": "123e4567-e89b-12d3-a456-426655440000" }, { "ProductArn": "arn:aws:securityhub:us-west-2::product/aws/guardduty", "Id": "AcmeNerfHerder-111111111111-x189dx7824" } ]
Each related finding object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
Yes |
The product-generated identifier for a related finding. Type: String (512 characters max) or ARN Example:
|
|
|
Yes |
The ARN of the product that generated a related finding. Type: ARN Example:
|
Remediation
The Remediation object provides information about recommended
remediation steps to address the finding.
Example
"Remediation": { "Recommendation": { "Text": "Run sudo yum update and cross your fingers and toes.", "Url": "http://myfp.com/recommendations/dangerous_things_and_how_to_fix_them.html" } }
The Remediation object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
No |
A recommendation on how to remediate the issue identified within a finding. The If the recommendation object is present, then either the Type: Object Example:
|
Recommendation
The Recommendation object can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
A free-form string that is the recommendation of what to do about the finding when presented to a user. This field can contain nonspecific boilerplate text or details that are specific to this instance of the finding. Type: String (512 characters max) Example:
|
|
|
No |
A URL to link to general remediation information for the finding type of a finding. This URL must not require credentials to access. It must be accessible from the public internet and must not expect any context or session. Type: URL Example:
|
Resources
The Resources object provides information about the resources
involved in a finding.
Type: Array of up to 32 resource objects
Example
"Resources": [ { "Type": "AwsEc2Instance", "Id": "i-cafebabe", "Partition": "aws", "Region": "us-west-2", "Tags": { "billingCode": "Lotus-1-2-3", "needsPatching": "true" }, "Details": { "AwsEc2Instance": { "Type": "i3.xlarge", "ImageId": "ami-abcd1234", "IpV4Addresses": [ "54.194.252.215", "192.168.1.88" ], "IpV6Addresses": [ "2001:db8:1234:1a2b::123" ], "KeyName": "my_keypair", "IamInstanceProfileArn": "arn:aws:iam::111111111111:instance-profile/AdminRole", "VpcId": "vpc-11112222", "SubnetId": "subnet-56f5f633", "LaunchedAt": "2018-05-08T16:46:19.000Z" } } } ]
Each resource object can have the following attributes.
|
Attribute |
Required |
Description |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
|
No |
This field provides additional details about a single resource using the appropriate subfields. Each resource must be provided in a separate resource object in the
Security Hub provides a set of available subfields for its supported resource types.
These
subfields correspond to values of the resource
For example, if the resource is an S3 bucket, then set the resource The Other subfield
allows you to provide custom fields and values. You use the
Type: Object Example:
|
||||||||
|
|
Yes |
The canonical identifier for the given resource type. For AWS resources that are identified by ARNs, this must be the ARN. For all other AWS resource types that lack ARNs, this must be the identifier as defined by the AWS service that created the resource. For non AWS resources, this should be a unique identifier that is associated with the resource. Type: String (512 characters max) or ARN Example:
|
||||||||
|
|
No |
The canonical AWS partition name that the Region is assigned to. Type: Enum Valid values:
Example:
|
||||||||
|
|
No |
The canonical AWS external Region name where this resource is located. Type: String (16 characters max) Example:
|
||||||||
|
|
No |
A list of AWS tags that are associated with a resource at the time the finding was
processed. Include the Type: Map of up to 50 tags (values are limited to 256 characters max) The following basic restrictions apply to tags:
Example:
|
||||||||
|
|
Yes |
The type of the resource that you are providing details for. Whenever possible, use one of the provided resource types, such as
If the resource type does not match any of the provided resource types, then set the
resource Type: String (256 characters max) Supported values are as follows. If a type has a corresponding subfield, then to view the details for the subfield, choose the type name.
Example:
|
AwsAutoScalingAutoScalingGroup
The AwsAutoScalingAutoScalingGroup object provides details about an automatic
scaling group.
Example
"AwsAutoScalingAutoScalingGroup": { "CreatedTime": "2017-10-17T14:47:11Z", "HealthCheckGracePeriod": 300, "HealthCheckType": "EC2", "LaunchConfigurationName": "mylaunchconf", "LoadBalancerNames": [] }
The AwsAutoScalingAutoScalingGroup object can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Indicates when the automatic scaling group was created. Type: String Format: Uses the |
|
|
No |
The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before it checks the health status of an EC2 instance that has come into service. Type: Integer |
|
|
No |
The service to use for the health checks. Type: String (32 characters max) Valid values: |
|
|
No |
The name of the launch configuration. Type: String (32 characters max) |
|
|
No |
The list of load balancers that are associated with the group. Type: Array of strings Each load balancer name is limited to 255 characters. |
AwsCloudFrontDistribution
The AwsCloudFrontDistribution object provides details about a
distribution configuration.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The domain name corresponding to the distribution. Type: String |
|
|
No |
The entity tag is a hash of the object. Type: String |
|
|
No |
Indicates when the distribution was last modified. Type: String Format: Uses the |
|
No |
A complex type that controls whether access logs are written for the distribution. Type: Object |
|
|
No |
A complex type that contains information about origins and origin groups for this distribution. Type: String |
|
|
|
No |
Indicates the current status of the distribution. Type: String |
|
|
No |
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. Type: String |
Logging
The Logging object provides information about the logging for
the distribution.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The S3 bucket to store the access logs in. Type: String |
|
|
No |
With this field, you can enable or disable the selected distribution. Type: Boolean |
|
|
No |
Specifies whether you want CloudFront to include cookies in access logs. Type: Boolean |
|
|
No |
An optional string that you want CloudFront to prefix to the access log file names for this distribution. Type: String |
Origins
The Origins object contains information about origins and
origin groups for this distribution.
It can contain the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
A complex type that contains origins or origin groups for this distribution. Type: Array of objects |
Each item can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Amazon S3 origins: The DNS name of the S3 bucket from which you want CloudFront to get objects for this origin. Type: String |
|
|
No |
A unique identifier for the origin or origin group. Type: String |
|
|
No |
An optional element that causes CloudFront to request your content from a directory in your S3 bucket or your custom origin. Type: String |
AwsCodeBuildProject
The AwsCodeBuildProject object provides information about an
AWS CodeBuild project.
Example
"AwsCodeBuildProject": { "EncryptionKey": "my-symm-key", "Environment": { "Type": "LINUX_CONTAINER", "Certificate": "myX509", "ImagePullCredentialsType": "CODEBUILD", "RegistryCredential": { "Credential": "my_dockerhub_secret", "CredentialProvider": "SECRETS_MANAGER" } }, "Name": "my-cd-project", "Source": { "Type": "CODECOMMIT", "Location": "https://git-codecommit.us-east-2.amazonaws.com/v1/repos/MyDemoRepo", "GitCloneDepth": 1 }, "ServiceRole": "arn:aws:iam:myrole", "VpcConfig": { "VpcId": "vpc-1234456", "Subnets": ["sub-12344566"], "SecurityGroupIds": ["sg-123456789012"] } }
The AwsCodeBuildProject object can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The AWS KMS customer master key (CMK) to be used for encrypting the build output artifacts. You can use a cross-account KMS key to encrypt the build output artifacts if your service role has permission to that key. You can specify either the ARN of the CMK or, if
available, the CMK alias (using the format
Type: String Length constraints: Minimum length of 1 |
|
No |
Information about the build environment for this build project. Type: Object |
|
|
|
No |
The name of the build project. Type: String Length constraints: Minimum length of 2. Maximum length of 255. Pattern: [A-Za-z0-9][A-Za-z0-9\-_]{1,254} |
|
|
No |
The ARN of the IAM role that enables CodeBuild to interact with dependent AWS services on behalf of the AWS account. Type: String Length constraints: Minimum length of 1 |
|
No |
Information about the build input source code for this build project. Type: Object |
|
|
No |
Information about the VPC configuration that CodeBuild accesses. Type: Object |
Environment
The Environment object provides information about the build
environment for the build project.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The certificate to use with this build project. Type: String |
|
|
No |
The type of credentials CodeBuild uses to pull images in your build. There are two valid values:
When you use a cross-account or private registry
image, you must use Type: String Valid values: |
|
|
No |
The credentials for access to a private registry. Type: Object |
|
|
Yes |
The type of build environment to use for related builds. Type: String Valid values: |
Each registry credential in the RegistryCredentials object
has the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
Yes |
The ARN or name of credentials created using AWS Secrets Manager. The credential can use the name of the credentials only if they exist in your current AWS Region. Type: String Length constraints: Minimum length of 1 |
|
|
Yes |
The service that created the credentials to access a
private Docker registry. The valid value, Type: String Valid values: |
Source
The Source object provides information about the build input
source code for this build project.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Information about the Git clone depth for the build project. Type: Integer Valid range: Minimum value of 0 |
|
|
No |
Information about the location of the source code to be built. Type: String Valid values:
|
|
|
Yes |
The type of repository that contains the source code to be built. Type: String Valid values:
|
VpcConfig
The VpcConfig object provides information about the VPC
configuration that CodeBuild accesses.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
A list of one or more security group IDs in your Amazon VPC. Type: Array of strings Array members: Maximum number of 5 items Length constraints: Minimum length of 1 |
|
|
No |
A list of one or more subnet IDs in your Amazon VPC. Type: Array of strings Array members: Maximum number of 16 items Length constraints: Minimum length of 1 |
|
VpcId |
No |
The ID of the VPC. Type: String Length constraints: Minimum length of 1 |
AwsDynamoDbTable
The AwsDynamoDbTable object provides details about a DynamoDB
table.
Example
"AwsDynamoDbTable": { "AttributeDefinitions": [ { "AttributeName": "attribute1", "AttributeType": "value 1" }, { "AttributeName": "attribute2", "AttributeType": "value 2" }, { "AttributeName": "attribute3", "AttributeType": "value 3" } ], "BillingModeSummary": { "BillingMode": "PAY_PER_REQUEST", "LastUpdateToPayPerRequestDateTime": "2019-12-03T15:23:10.323Z" }, "CreationDateTime": "2019-12-03T15:23:10.248Z", "GlobalSecondaryIndexes": [ { "Backfilling": false, "IndexArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/index/exampleIndex", "IndexName": "standardsControlArnIndex", "IndexSizeBytes": 1862513, "IndexStatus": "ACTIVE", "ItemCount": 20, "KeySchema": [ { "AttributeName": "City", "KeyType": "HASH" }, { "AttributeName": "Date", "KeyType": "RANGE" } ], "Projection": { "NonKeyAttributes": ["predictorName"], "ProjectionType": "ALL" }, "ProvisionedThroughput": { "LastIncreaseDateTime": "2019-03-14T13:21:00.399Z", "LastDecreaseDateTime": "2019-03-14T12:47:35.193Z", "NumberOfDecreasesToday": 0, "ReadCapacityUnits": 100, "WriteCapacityUnits": 50 }, } ], "GlobalTableVersion": "V1", "ItemCount": 2705, "KeySchema": [ { "AttributeName": "zipcode", "KeyType": "HASH" } ], "LatestStreamArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/stream/2019-12-03T23:23:10.248", "LatestStreamLabel": "2019-12-03T23:23:10.248", "LocalSecondaryIndexes": [ { "IndexArn": "arn:aws:dynamodb:us-east-1:111122223333:table/exampleGroup/index/exampleId", "IndexName": "CITY_DATE_INDEX_NAME", "KeySchema": [ { "AttributeName": "zipcode", "KeyType": "HASH" } ], "Projection": { "NonKeyAttributes": ["predictorName"], "ProjectionType": "ALL" }, } ], "ProvisionedThroughput": { "LastIncreaseDateTime": "2019-03-14T13:21:00.399Z", "LastDecreaseDateTime": "2019-03-14T12:47:35.193Z", "NumberOfDecreasesToday": 0, "ReadCapacityUnits": 100, "WriteCapacityUnits": 50 }, "Replicas": [ { "GlobalSecondaryIndexes":[ { "IndexName": "CITY_DATE_INDEX_NAME", "ProvisionedThroughputOverride": { "ReadCapacityUnits": 10 } } ], "KmsMasterKeyId" : "KmsMasterKeyId" "ProvisionedThroughputOverride": { "ReadCapacityUnits": 10 }, "RegionName": "regionName", "ReplicaStatus": "CREATING", "ReplicaStatusDescription": "replicaStatusDescription" } ], "RestoreSummary" : { "SourceBackupArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable/backup/backup1", "SourceTableArn": "arn:aws:dynamodb:us-west-2:111122223333:table/exampleTable", "RestoreDateTime": "2020-06-22T17:40:12.322Z", "RestoreInProgress": true }, "SseDescription": { "InaccessibleEncryptionDateTime": "2018-01-26T23:50:05.000Z", "Status": "ENABLED", "SseType": "KMS", "KmsMasterKeyArn": "arn:aws:kms:us-east-1:111122223333:key/key1" }, "StreamSpecification" : { "StreamEnabled": true, "StreamViewType": "NEW_IMAGE" }, "TableId": "example-table-id-1", "TableName": "example-table", "TableSizeBytes": 1862513, "TableStatus": "ACTIVE" }
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
No |
A list of attribute definitions for the table. Type: Array of objects. |
|
|
No |
Information about the billing for read/write capacity on the table. Type: Object |
|
|
|
No |
Indicates when the table was created. Type: String Format: Uses the Example:
|
|
No |
List of global secondary indexes for the table. Type: Array of objects |
|
|
|
No |
The version of global tables being used. Type: String |
|
|
No |
The number of items in the table. Type: Number |
|
No |
The primary key structure for the table. Type: Array of objects |
|
|
|
No |
The ARN of the latest stream for the table. Type: String |
|
|
No |
The label of the latest stream. The label is not a unique identifier. Type: String |
|
No |
The list of local secondary indexes for the table. Type: Array of objects |
|
|
No |
Information about the provisioned throughput for the table. Type: Object |
|
|
No |
The list of replicas of this table. Type: Array of objects |
|
|
No |
Information about the restore for the table. Type: Object |
|
|
No |
Information about the server-side encryption for the table. Type: Object |
|
|
No |
The current DynamoDB Streams configuration for the table. Type: Object |
|
|
|
No |
The identifier of the table. Type: String |
|
|
No |
The name of the table. Type: String Minimum length: 3 Maximum length: 255 |
|
|
No |
The total size of the table in bytes. Type: Integer |
|
|
No |
The current status of the table. Type: String Valid values: |
AttributeDefinitions
The AttributeDefinitions object contains a list of attribute definitions for
the table.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The name of the attribute. Type: String |
|
|
No |
The type of the attribute. Type: String |
BillingModeSummary
The BillingModeSummary object provides information about the
billing for read/write capacity on the table.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The method used to charge for read and write throughput and to manage capacity. Type: String Valid values: |
|
|
No |
If the billing mode is Type: String Format: Uses the Example:
|
GlobalSecondaryIndexes
The GlobalSecondaryIndexes object contains a list of global
secondary indexes for the table.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Whether the index is currently backfilling. Type: Boolean |
|
|
No |
The ARN of the index. Type: String |
|
|
No |
The name of the index. Type: String |
|
|
No |
The total size in bytes of the index. Type: Number |
|
|
No |
The current status of the index. Type: String Valid values: |
|
|
No |
The number of items in the index. Type: Number |
|
No |
The key schema for the index. Type: Array of objects |
|
|
No |
Attributes that are copied from the table into an index. Type: Object |
|
|
No |
Information about the provisioned throughput settings for the indexes. Type: Object |
KeySchema
The KeySchema object contains the key schema for the table, a
global secondary index, or a local secondary index.
Each component of the key schema can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The name of the attribute. Type: String. |
|
|
No |
The type of key used for the attribute. Type: String Valid values: |
LocalSecondaryIndexes
LocalSecondaryIndexes can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The ARN of the index. Type: String |
|
|
No |
The name of the index. Type: String Minimum length: 3 Maximum length: 255 |
|
No |
The complete key schema for the index. Type: Array of objects |
|
|
No |
Attributes that are copied from the table into the index. These are in addition to the primary key attributes and index key attributes, which are automatically projected. Type: Object |
Projection (for global and local secondary indexes)
For global and local secondary indexes, the Projection object
identifies the attributes that are copied from the table into the
index.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The nonkey attributes that are projected into the index. For each attribute, provide the attribute name. Type: Array of strings Maximum number of items: 20 Minimum length per attribute: 1 Maximum length per attribute: 225 |
|
|
No |
The types of attributes that are projected into the index. Type: String Valid values: |
ProvisionedThroughput
The ProvisionedThroughput object contains information about
the provisioned throughput for the table or for a global secondary
index.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Indicates when the provisioned throughput was last decreased. Type: String Format: Uses the Example:
|
|
|
No |
Indicates when the provisioned throughput was last increased. Type: String Format: Uses the Example:
|
|
|
No |
The number of times during the current UTC calendar day that the provisioned throughput was decreased. Type: Number |
|
|
No |
The maximum number of strongly consistent reads
consumed per second before DynamoDB returns a
Type: Number |
|
|
No |
The maximum number of writes consumed per second
before DynamoDB returns a
Type: Number |
Replicas
The Replicas object contains the list of replicas of this
table.
Each replica can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
List of global secondary indexes for the replica. Type: Array of objects |
GlobalSecondaryIndexes.IndexName |
No |
The name of the index. Type: String |
|
|
No |
Replica-specific configuration for the provisioned throughput for the index. Type: Object |
|
|
No |
The identifier of the AWS KMS customer master key (CMK) that will be used for AWS KMS encryption for the replica. Type: String |
|
|
No |
Replica-specific configuration for the provisioned throughput. Type: Object |
|
|
No |
The name of the Region where the replica is located. Type: String |
|
|
No |
The current status of the replica. Type: String Valid values: |
|
|
No |
Detailed information about the replica status. Type: String |
The ProvisionedThroughputOverride object provides
replica-specific configuration for the provisioned throughput for the table
or the global secondary indexes.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The read capacity units for the replica. Type: Number Minimum value: 1 |
RestoreSummary
The RestoreSummary object provides information about the
restore for the table.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Indicates the point in time that the table was restored to. Type: String Format: Uses the Example:
|
|
|
No |
Whether a restore is currently in progress. Type: Boolean |
|
|
No |
The ARN of the source backup from which the table was restored. Type: String |
|
|
No |
The ARN of the source table for the backup. Type: String |
SseDescription
The SseDescription object provides information about the
server-side encryption for the table.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
If the key is inaccessible, the date and time when DynamoDB detected that the key was inaccessible. Type: String Format: Uses the Example:
|
|
|
No |
The ARN of the AWS KMS customer master key (CMK) that is used for the AWS KMS encryption. Type: String |
|
|
No |
The type of server-side encryption. Type: String Valid values: |
|
|
No |
The status of the server-side encryption. Type: String Valid values: |
StreamSpecification
The StreamSpecification object contains the current DynamoDB Streams
configuration for the table.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Indicates whether DynamoDB Streams is enabled on the table. Type: Boolean |
|
|
No |
Determines the information that is written to the table. Type: String Valid values: |
AwsEc2Eip
The AwsEc2Eip object provides information about an Elastic IP
address.
Example
"AwsEc2Eip": { "InstanceId": "instance1", "PublicIp": "192.0.2.04", "AllocationId": "eipalloc-example-id-1", "AssociationId": "eipassoc-example-id-1", "Domain": "vpc", "PublicIpv4Pool": "anycompany", "NetworkBorderGroup": "eu-central-1", "NetworkInterfaceId": "eni-example-id-1", "NetworkInterfaceOwnerId": "777788889999", "PrivateIpAddress": "192.0.2.03" }
The AwsEc2Eip object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The identifier that AWS assigns to represent the allocation of the Elastic IP address for use with Amazon VPC. Type: String |
|
|
No |
The identifier that represents the association of the Elastic IP address with an EC2 instance. Type: String |
|
|
No |
The domain in which to allocate the address. If the address is for use with EC2 instances in a VPC,
then Type: String Valid values: |
|
|
No |
The identifier of the EC2 instance. Type: String |
|
|
No |
The name of the location from which the Elastic IP address is advertised. Type: String |
|
|
No |
The identifier of the network interface. Type: String |
|
|
No |
The AWS account ID of the owner of the network interface. Type: String Format: Must be a 12-digit number. |
|
|
No |
The private IP address that is associated with the Elastic IP address. Type: IPv4 |
|
|
No |
A public IP address that is associated with the EC2 instance. Type: IPv4 |
|
|
No |
The identifier of an IP address pool. This parameter allows Amazon EC2 to select an IP address from the address pool. Type: String |
AwsEc2Instance
The details of an Amazon EC2 instance.
Type: Object
The AwsEc2Instance object can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The IAM profile ARN of the instance. Type: String (conforms to the AWS ARN format) |
|
|
No |
The Amazon Machine Image (AMI) ID of the instance. Type: String (64 characters max) |
|
|
No |
The IPv4 addresses that are associated with the instance. Type: Array of up to 10 IPv4 addresses |
|
|
No |
The IPv6 addresses that are associated with the instance. Type: Array of up to 10 IPv6 addresses |
|
|
No |
The key name that is associated with the instance. Type: String (128 characters max) |
|
|
No |
Indicates when the instance was launched. Type: String Format: Uses the |
|
|
No |
The identifier of the subnet where the instance was launched. Type: String (32 characters max) |
|
|
No |
The instance type of the instance. This must be a valid EC2 instance type. Type: String (16 characters max) |
|
|
No |
The identifier of the VPC where the instance was launched. Type: String (32 characters max) |
AwsEc2NetworkInterface
The AwsEc2NetworkInterface object provides information about an Amazon EC2 network
interface.
Example
"AwsEc2NetworkInterface": { "Attachment": { "AttachTime": "2019-01-01T03:03:21Z", "AttachmentId": "eni-attach-43348162", "DeleteOnTermination": true, "DeviceIndex": 123, "InstanceId": "i-1234567890abcdef0", "InstanceOwnerId": "123456789012", "Status": 'ATTACHED' }, "SecurityGroups": [ { "GroupName": "my-security-group", "GroupId": "sg-903004f8" }, ], "NetworkInterfaceId": 'eni-686ea200', "SourceDestCheck": false }
The AwsEc2NetworkInterface object can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
No |
Information about the network interface attachment. Type: Object |
|
|
|
No |
The ID of the network interface. Type: String |
|
No |
Security groups for the network interface. Type: Array of group objects |
|
|
|
No |
Indicates whether traffic to or from the instance is validated. Type: Boolean |
Attachment
The Attachment object provides information about the network
interface attachment.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The identifier of the network interface attachment Type: String |
|
|
No |
Indicates when the attachment initiated. Type: String Format: Uses the |
|
|
No |
Indicates whether the network interface is deleted when the instance is terminated. Type: Boolean |
|
|
No |
The device index of the network interface attachment on the instance. Type: Integer |
|
|
No |
The ID of the instance. Type: String |
|
|
No |
The AWS account ID of the owner of the instance. Type: String |
|
|
No |
The attachment state. Type: String Valid values: |
SecurityGroups
The SecurityGroups object contains the list of security
groups for the network interface.
Each security group can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The ID of the security group. Type: String |
|
GroupName |
The name of the security group. Type: String |
AwsEc2SecurityGroup
The AwsEc2SecurityGroup object describes an Amazon EC2 security
group.
Example
"AwsEc2SecurityGroup": { "GroupName": "MySecurityGroup", "GroupId": "sg-903004f8", "OwnerId": "123456789012", "VpcId": "vpc-1a2b3c4d", "IpPermissions": [ { "IpProtocol": "-1", "IpRanges": [], "UserIdGroupPairs": [ { "UserId": "123456789012", "GroupId": "sg-903004f8" } ], "PrefixListIds": [ {"PrefixListId": "pl-63a5400a"} ] }, { "PrefixListIds": [], "FromPort": 22, "IpRanges": [ { "CidrIp": "203.0.113.0/24" } ], "ToPort": 22, "IpProtocol": "tcp", "UserIdGroupPairs": [] } ] }
The AwsEc2SecurityGroup object can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The ID of the security group. Type: String |
|
|
No |
The name of the security group. Type: String |
|
No |
The inbound rules that are associated with the security group. Type: Array of IP permission objects |
|
|
No |
[VPC only] The outbound rules that are associated with the security group. Type: Array of IP permission objects |
|
|
|
No |
The AWS account ID of the owner of the security group. Type: String |
|
|
No |
[VPC only] The ID of the VPC for the security group. Type: String |
IP permission object
The IpPermissions and IpPermissionsEgress
objects both contain an array of IP permission objects.
Each IP permission object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The start of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of Type: Integer |
|
|
No |
The IP protocol name ( [VPC only] Use When authorizing security group rules, specifying
For For Type: String |
|
|
No |
The ranges of IP addresses. Type: Array of IP range objects |
|
|
No |
[VPC only] The prefix list IDs for an AWS service. With outbound rules, this is the AWS service to access through a VPC endpoint from instances that are associated with the security group. Type: Array of prefix list ID objects |
|
|
No |
The end of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of Type: Integer |
|
|
No |
The security group and AWS account ID pairs. Type: Array of user ID group pair objects |
Each entry in the IpRanges array can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
A range of IP addresses. You can either specify a CIDR range or a source security group, but not both. To specify a single IPv4 address, use the /32 prefix length. To specify a single IPv6 address, use the /128 prefix length. Type: String |
Each entry in the PrefixListIds array can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The ID of the prefix. Type: String |
Each entry in the UserIdGroupPairs array can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
GroupId |
No |
The ID of the security group. Type: String |
|
UserId |
No |
The ID of an AWS account. For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned. [Amazon EC2-Classic] Required when adding or removing rules that reference a security group in another AWS account. Type: String |
AwsEc2Volume
The AwsEc2Volume object provides details about an EC2
volume.
Example
"AwsEc2Volume": { "Attachments": [ { "AttachTime": "2017-10-17T14:47:11Z", "DeleteOnTermination": true, "InstanceId": "i-123abc456def789g", "Status": "attached" } ], "CreateTime": "2020-02-24T15:54:30Z", "Encrypted": true, "KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Size": 80, "SnapshotId": "", "Status": "available" }
The AwsEc2Volume object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
No |
The volume attachments. Type: Array of objects |
|
|
|
No |
Indicates when the volume was created. Type: String Format: Uses the |
|
|
No |
Whether the volume is encrypted. Type: Boolean |
|
|
No |
The ARN of the AWS KMS customer master key (CMK) that was used to protect the volume encryption key for the volume. Type: String |
|
|
No |
The size of the volume, in GiBs. Type: Integer |
|
|
No |
The snapshot from which the volume was created. Type: String |
|
|
No |
The volume state. Type: String Valid values: |
Attachments
The Attachments object contains the set of attachments for
the EC2 volume. Each attachment can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The date and time when the attachment initiated. Type: String (timestamp) Format: |
|
|
No |
Whether the EBS volume is deleted when the EC2 instance is terminated. Type: Boolean |
|
|
No |
The identifier of the EC2 instance. Type: String |
|
|
No |
The attachment state of the volume. Type: String Valid values: |
AwsEc2Vpc
The AwsEc2Vpc object provides details about an EC2 virtual private cloud
(VPC).
Example
"AwsEc2Vpc": { "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlock": "192.0.2.0/24", "CidrBlockState": "associated" } ], "DhcpOptionsId": "dopt-4e42ce28", "Ipv6CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-0dc4c852f52abda97", "CidrBlockState": "associated", "Ipv6CidrBlock": "192.0.2.0/24" } ], "State": "available" }
The AwsEc2Vpc object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
No |
Information about the IPv4 CIDR blocks that are associated with the VPC. Type: Array of objects |
|
|
|
No |
The identifier of the set of Dynamic Host Configuration
Protocol (DHCP) options that are associated with the VPC. If
the default options are associated with the VPC, then this
is Type: String (32 characters max) |
|
No |
Information about the IPv6 CIDR blocks that are associated with the VPC. Type: Array of objects. |
|
|
|
No |
The current state of the VPC. Type: String (32 characters max) Valid values: |
CidrBlockAssociationSet
The CidrBlockAssociationSet object provides a list of IPV4
CIDR block associations.
Each CIDR block association can contain the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The association ID for the IPv4 CIDR block. Type: String (32 characters max) |
|
|
No |
The IPv4 CIDR block. Type: CIDR IPV4 |
|
|
No |
Information about the state of the CIDR block. Type: String (32 characters max) |
IpV6CidrBlockAssociationSet
The IPV6CidrBlockAssociationSet object provides a list of
IPV6 CIDR block associations.
Each CIDR block association can contain the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The association ID for the IPv6 CIDR block. Type: String (32 characters max) |
|
|
No |
Information about the state of the CIDR block. Type: String (32 characters max) |
|
|
No |
The IPv6 CIDR block. Type: CIDR IPV6 |
AwsElasticSearchDomain
The AwsElasticSearchDomain object provides details about an
Elasticsearch domain.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
IAM policy document specifying the access policies for the new Amazon ES domain. Type: String |
|
No |
Additional options for the domain endpoint. Type: Object |
|
|
No |
Details about the domain status. Type: Object |
|
|
|
No |
Elasticsearch version. Type: String |
|
No |
Details about the configuration for encryption at rest. Type: Object |
|
|
No |
Details about the configuration for node-to-node encryption. Type: Object |
|
|
No |
Information that Amazon ES derives based on
Type: Object |
DomainEndpointOptions
The DomainEndpointOptions object provides information about
additional options for the domain endpoint.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Whether to require that all traffic to the domain arrive over HTTPS. Type: Boolean |
|
|
No |
The TLS security policy to apply to the HTTPS endpoint of the Elasticsearch domain. Type: String Valid values:
|
DomainStatus
The DomainStatus object provides details about the domain
status.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Unique identifier for an Amazon ES domain. Type: String |
|
|
No |
Name of an Amazon ES domain. Domain names are unique across all domains owned by the same account within an AWS Region. Domain names must start with a lowercase letter and must be between 3 and 28 characters. Valid characters are a-z (lowercase only), 0-9, and – (hyphen). Type: String |
|
|
No |
Domain-specific endpoint used to submit index, search, and data upload requests to an Amazon ES domain. The endpoint is a service URL. Type: String |
|
|
No |
The key-value pair that exists if the Amazon ES domain uses VPC endpoints. Type: Map of key-value pairs Example:
|
EncryptionAtRestOptions
The EncryptionAtRestOptions object provides details about the
configuration for encryption at rest.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Whether encryption at rest is enabled. Type: Boolean |
|
|
No |
The AWS KMS key ID. Takes the form
Type: String |
NodeToNodeEncryptionOptions
The NodeToNodeEncryptionOptions object provides details about
the configuration for node-to-node encryption.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
Enabled |
No |
Whether node-to-node encryption is enabled. Type: Boolean |
VpcOptions
The VpcOptions object contains information that Amazon ES derives
based on the VPCOptions for the domain.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The list of Availability Zones that are associated with the VPC subnets. Type: Array of strings |
|
|
No |
The list of security group IDs that are associated with the VPC endpoints for the domain Type: Array of strings. |
|
|
No |
A list of subnet IDs that are associated with the VPC endpoints for the domain. Type: Array of strings |
|
|
No |
ID for the VPC. Type: String |
AwsElbv2LoadBalancer
The AwsElbv2LoadBalancer object provides information about a load
balancer.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
No |
The Availability Zones for the load balancer. Type: Object |
|
|
|
No |
The ID of the Amazon Route 53 hosted zone that is associated with the load balancer. Type: String |
|
|
No |
Indicates when the load balancer was created. Type: String Format: Uses the |
|
|
No |
The public DNS name of the load balancer. Type: String |
|
|
No |
The type of IP addresses used by the subnets for your load balancer. The possible values are Type: String |
|
|
No |
The nodes of an Internet-facing load balancer have public IP addresses. Type: String |
|
|
No |
The IDs of the security groups for the load balancer. Type: Array of strings |
|
No |
The state of the load balancer. Type: Object |
|
|
|
No |
The type of load balancer. Type: String |
|
|
No |
The ID of the VPC for the load balancer. Type: String |
AvailabilityZones
Specifies the Availability Zones for the load balancer.
Each Availability Zone can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The ID of the subnet. Type: String |
|
|
No |
The name of the Availability Zone. Type: String |
State
Information about the state of the load balancer.
The State object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The state code. The initial state of the load balancer is provisioning. After the load balancer is fully set up and ready to route traffic, its state is active. If the load balancer could not be set up, its state is failed. Type: String |
|
|
No |
A description of the state. Type: String |
AwsIamAccessKey
The AwsIamAccessKey object contains details about an IAM access key that is
related to a finding.
The AwsIamAccessKey object can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Indicates when the related IAM access key was created. Type: String Format: Uses the |
|
|
No |
The ID of the principal that is associated with an access key. Type: String |
|
|
No |
The name of the principal. Type: String |
|
|
No |
The type of principal. Type: String |
|
|
No |
The status of the IAM access key that is related to a
finding. Valid values are Type: Enum |
AwsIamPolicy
The AwsIamPolicy object represents an IAM permissions policy.
Example
"AwsIamPolicy": { "AttachmentCount": 1, "CreateDate": "2017-09-14T08:17:29.000Z", "DefaultVersionId": "v1", "Description": "Example IAM policy", "IsAttachable": true, "Path": "/", "PermissionsBoundaryUsageCount": 5, "PolicyId": "ANPAJ2UCCR6DPCEXAMPLE", "PolicyName": "EXAMPLE-MANAGED-POLICY", "PolicyVersionList": [ { "VersionId": "v1", "IsDefaultVersion": true, "CreateDate": "2017-09-14T08:17:29.000Z" } ], "UpdateDate": "2017-09-14T08:17:29.000Z" }
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The number of users, groups, and roles that the policy is attached to. Type: Number |
|
CreateDate |
No |
When the policy was created. Type: String Format: Uses the Example:
|
|
|
No |
The identifier of the default version of the policy. Type: String |
|
|
No |
A description of the policy. Type: String Maximum length: 1000 characters |
|
|
No |
Whether the policy can be attached to a user, group, or role. Type: Boolean |
|
|
No |
The path to the policy. Type: String Minimum length: 1 Maximum length: 512 For more information about paths, see IAM Identifiers in the IAM User Guide. |
|
|
No |
The number of users and roles that use the policy to set the permissions boundary. Type: Number |
|
|
No |
The unique identifier of the policy. Type: String Minimum length: 16 Maximum length: 128 |
|
|
No |
The name of the policy. Type: String Minimum length: 1 Maximum length: 128 |
|
No |
List of versions of the policy. Type: Array of objects |
|
|
|
No |
When the policy was most recently updated. Type: String Format: Uses the Example:
|
PolicyVersionList
The PolicyVersionList object contains a list of versions of the IAM
policy.
Each version can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Indicates when the version was created. Type: String Format: Uses the Example:
|
|
|
No |
Whether the version is the default version. Type: Boolean |
|
|
No |
The identifier of the policy version. Type: String |
AwsIamRole
The AwsIamRole object contains information about an IAM role, including all
of the role's policies.
The AwsIamRole object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The trust policy that grants permission to assume the role. Type: String |
|
|
No |
Indicates when the role was created. Type: String Format: Uses the |
|
|
No |
The stable and unique string identifying the role. Type: String |
|
|
No |
The friendly name that identifies the role. Type: String |
|
|
No |
The maximum session duration (in seconds) that you want to set for the specified role. Type: Integer |
|
|
No |
The path to the role. Type: String |
AwsIamUser
The AwsIamUser object provides information about an IAM
user.
Example
"AwsIamUser": { "AttachedManagedPolicies": [ { "PolicyName": "ExamplePolicy", "PolicyArn": "arn:aws:iam::aws:policy/ExampleAccess" } ], "CreateDate": "2018-01-26T23:50:05.000Z", "GroupList": [], "Path": "/", "PermissionsBoundary" : { "PermissionsBoundaryArn" : "arn:aws:iam::aws:policy/AdministratorAccess", "PermissionsBoundaryType" : "PermissionsBoundaryPolicy" }, "UserId": "AIDACKCEVSQ6C2EXAMPLE", "UserName": "ExampleUser", "UserPolicyList": [ { "PolicyName": "InstancePolicy" } ] }
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
No |
A list of the managed policies that are attached to the user. Type: Array of objects |
|
|
|
No |
Indicates when the user was created. Type: String Format: Uses the Example:
|
|
|
No |
A list of IAM groups that the user belongs to. Type: Array of strings Minimum length: 1 Maximum length: 128 |
|
|
No |
The path to the user. Type: String Minimum length: 1 Maximum length: 512 |
|
No |
The permissions boundary for the user. Type: Object |
|
|
|
No |
The unique identifier for the user. Type: String Minimum length: 16 Maximum length: 128 |
|
|
No |
The name of the user. Type: String Minimum length: 1 Maximum length: 64 |
|
No |
The list of inline policies that are embedded in the user. Type: Array of objects |
AttachedManagedPolicies
The AttachedManagedPolicies object contains the list of managed policies
that are attached to the IAM user.
Each policy can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The ARN of the policy. Type: String |
|
|
No |
The name of the policy. Type: String |
PermissionsBoundary
The PermissionsBoundary object contains information about the policy used to
set the permissions boundary for the user.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The ARN of the policy used to set the permissions boundary for the user. Type: String Minimum length: 20 Maximum length: 2,048 |
|
|
No |
The usage type for the permissions boundary. Type: String The value must be
|
UserPolicyList
The UserPolicyList object contains the list of inline policies that are
embedded in the user.
Each policy can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The name of the policy. Type: String Minimum length: 1 Maximum length: 128 |
AwsKmsKey
The AwsKmsKey object provides details about an AWS KMS customer master key
(CMK).
The AwsKmsKey object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The AWS account identifier of the account that owns the CMK. Type: String |
|
|
No |
Indicates when the CMK was created. Type: String Format: Uses the |
|
|
No |
A description of the key. Type: String |
|
|
Yes |
The globally unique identifier for the CMK. Type: String The minimum length is 1. The maximum length is 2048. |
|
|
No |
The manager of the CMK. CMKs in an AWS account are either customer managed or AWS managed. Type: String Valid values: |
|
|
No |
The state of the CMK. Type: String Valid values: |
|
|
No |
The source of the CMK's key material. When this value is When this value is When this value is Type: String Valid values: |
AwsLambdaFunction
The AwsLambdaFunction object provides details about a Lambda
function's configuration.
It can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
No |
An Type: Object |
|
|
|
No |
The SHA256 hash of the function's deployment package. Type: String |
|
No |
The function's dead letter queue. Type: Object |
|
|
No |
A function's environment variable settings. Type: Object |
|
|
|
No |
The name of the function. Type: String |
|
|
No |
The function that Lambda calls to begin running your function. Type: String |
|
|
No |
The AWS KMS key that's used to encrypt the function's environment variables. This key is only returned if you've configured a customer managed CMK. Type: String |
|
|
No |
The date and time that the function was last updated, in ISO-8601 format (YYYY-MM-DDThh:mm:ss.sTZD). Type: String |
|
No |
The function's layers. Type: Object |
|
|
|
No |
For Lambda@Edge functions, the ARN of the master function. Type: String |
|
|
No |
The memory that is allocated to the function. Type: Integer |
|
|
No |
The latest updated revision of the function or alias. Type: String |
|
|
No |
The function's execution role. Type: String |
|
|
No |
The runtime environment for the Lambda function. Type: String |
|
|
No |
The amount of time that Lambda allows a function to run before stopping it. Type: Integer |
|
No |
The function's AWS X-Ray tracing configuration. Type: Object |
|
|
|
No |
The version of the Lambda function. Type: String |
|
No |
The function's networking configuration. Type: Object |
Code
An AwsLambdaFunctionCode object.
The Code object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
An S3 bucket in the same AWS Region as your function. The bucket can be in a different AWS account. Type: String |
|
|
No |
The Amazon S3 key of the deployment package. Type: String |
|
|
No |
For versioned objects, the version of the deployment package object to use. Type: String |
|
|
No |
The base64-encoded contents of the deployment package. AWS SDK and AWS CLI clients handle the encoding for you. Type: String |
DeadLetterConfig
Contains information about the Lambda function's dead letter queue.
The DeadLetterConfig object can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The Amazon Resource Name (ARN) of the Amazon SQS queue or Amazon SNS topic containing the dead letter queue. Type: String |
Environment
Contains the Lambda function's environment variable settings.
The Environment object can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
Environment variable key-value pairs. Type: String to string map |
|
|
No |
Error messages for environment variables that couldn't be applied. Type: Object |
The Error object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The error code. Type: String |
|
|
No |
The error message. Type: String |
Layers
The Lambda function's layers.
Each layer object can have the following attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |
The ARN of the function layer. Type: String |
|
|
No |
The size of the layer archive in bytes. Type: Integer |
TracingConfig
Contains the function's AWS X-Ray tracing configuration.
The TracingConfig object can have the following
attributes.
|
Attribute |
Required |
Description |
|---|---|---|
|
|
No |