Crate aws_sdk_securityhub

Please Note: The SDK is currently in Developer Preview and is intended strictly for feedback purposes only. Do not use this SDK for production workloads.

Security Hub provides you with a comprehensive view of the security state of your Amazon Web Services environment and resources. It also provides you with the readiness status of your environment based on controls from supported security standards. Security Hub collects security data from Amazon Web Services accounts, services, and integrated third-party products and helps you analyze security trends in your environment to identify the highest priority security issues. For more information about Security Hub, see the Security Hub User Guide.

When you use operations in the Security Hub API, the requests are executed only in the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, run the same command for each Region in which you want to apply the change.

For example, if your Region is set to us-west-2, when you use CreateMembers to add a member account to Security Hub, the association of the member account with the administrator account is created only in the us-west-2 Region. Security Hub must be enabled for the member account in the same Region that the invitation was sent from.

The following throttling limits apply to using Security Hub API operations.

• BatchEnableStandards - RateLimit of 1 request per second. BurstLimit of 1 request per second.
• GetFindings - RateLimit of 3 requests per second. BurstLimit of 6 requests per second.
• BatchImportFindings - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
• BatchUpdateFindings - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.
• UpdateStandardsControl - RateLimit of 1 request per second. BurstLimit of 5 requests per second.
• All other operations - RateLimit of 10 requests per second. BurstLimit of 30 requests per second.

Getting Started

Examples are available for many services and operations, check out the examples folder in GitHub.

The SDK provides one crate per AWS service. You must add Tokio as a dependency within your Rust project to execute asynchronous code. To add aws-sdk-securityhub to your project, add the following to your Cargo.toml file:

[dependencies]
aws-config = "0.56.1"
aws-sdk-securityhub = "0.32.0"
tokio = { version = "1", features = ["full"] }

Then in code, a client can be created with the following:

use aws_sdk_securityhub as securityhub;

#[::tokio::main]
async fn main() -> Result<(), securityhub::Error> {
    let config = aws_config::load_from_env().await;
    let client = aws_sdk_securityhub::Client::new(&config);

    // ... make some calls with the client

    Ok(())
}

See the client documentation for information on what calls can be made, and the inputs and outputs for each of those calls.

Using the SDK

Until the SDK is released, we will be adding information about using the SDK to the Developer Guide. Feel free to suggest additional sections for the guide by opening an issue and describing what you are trying to do.

Getting Help

• GitHub discussions - For ideas, RFCs & general questions
• GitHub issues - For bug reports & feature requests
• Generated Docs (latest version)
• Usage examples

Crate Organization

The entry point for most customers will be Client, which exposes one method for each API offered by AWS SecurityHub. The return value of each of these methods is a “fluent builder”, where the different inputs for that API are added by builder-style function call chaining, followed by calling send() to get a Future that will result in either a successful output or a SdkError.

Some of these API inputs may be structs or enums to provide more complex structured information. These structs and enums live in types. There are some simpler types for representing data such as date times or binary blobs that live in primitives.

All types required to configure a client via the Config struct live in config.

The operation module has a submodule for every API, and in each submodule is the input, output, and error type for that API, as well as builders to construct each of those.

There is a top-level Error type that encompasses all the errors that the client can return. Any other error type can be converted to this Error type via the From trait.

The other modules within this crate are not required for normal usage.

Modules

• client
  Client for calling AWS SecurityHub.
• config
  Configuration for AWS SecurityHub.
• error
  Common errors and error handling utilities.
• meta
  Information about this crate.
• operation
  All operations that this crate can perform.
• primitives
  Primitives such as Blob or DateTime used by other types.
• types
  Data structures used by operation inputs/outputs.

Structs

• Client
  Client for AWS SecurityHub
• Config
  Configuration for a aws_sdk_securityhub service client.

Enums

• Error
  All possible error types for this service.