Struct Client

pub struct Client { /* private fields */ }

Client for AWS SecurityHub

Client for invoking operations on AWS SecurityHub. Each operation on AWS SecurityHub is a method on this this struct. .send() MUST be invoked on the generated operations to dispatch the request to the service.

Constructing a Client

A Config is required to construct a client. For most use cases, the aws-config crate should be used to automatically resolve this config using aws_config::load_from_env(), since this will resolve an SdkConfig which can be shared across multiple different AWS SDK clients. This config resolution process can be customized by calling aws_config::from_env() instead, which returns a ConfigLoader that uses the builder pattern to customize the default config.

In the simplest case, creating a client looks as follows:

let config = aws_config::load_from_env().await;
let client = aws_sdk_securityhub::Client::new(&config);

Occasionally, SDKs may have additional service-specific values that can be set on the Config that is absent from SdkConfig, or slightly different settings for a specific client may be desired. The Builder struct implements From<&SdkConfig>, so setting these specific settings can be done as follows:

let sdk_config = ::aws_config::load_from_env().await;
let config = aws_sdk_securityhub::config::Builder::from(&sdk_config)
    .some_service_specific_setting("value")
    .build();

See the aws-config docs and Config for more information on customizing configuration.

Note: Client construction is expensive due to connection thread pool initialization, and should be done once at application start-up.

Using the Client

A client has a function for every operation that can be performed by the service. For example, the AcceptAdministratorInvitation operation has a Client::accept_administrator_invitation, function which returns a builder for that operation. The fluent builder ultimately has a send() function that returns an async future that returns a result, as illustrated below:

let result = client.accept_administrator_invitation()
    .administrator_id("example")
    .send()
    .await;

The underlying HTTP requests that get made by this can be modified with the customize_operation function on the fluent builder. See the customize module for more information.

Implementations

impl Client

pub fn accept_administrator_invitation( &self, ) -> AcceptAdministratorInvitationFluentBuilder

Constructs a fluent builder for the AcceptAdministratorInvitation operation.

• The fluent builder is configurable:
  • administrator_id(impl Into<String>) / set_administrator_id(Option<String>):
    required: true
    

    The account ID of the Security Hub administrator account that sent the invitation.

    
    
  • invitation_id(impl Into<String>) / set_invitation_id(Option<String>):
    required: true
    

    The identifier of the invitation sent from the Security Hub administrator account.

    
    
• On success, responds with AcceptAdministratorInvitationOutput
• On failure, responds with SdkError<AcceptAdministratorInvitationError>

impl Client

pub fn accept_invitation(&self) -> AcceptInvitationFluentBuilder

👎Deprecated: This API has been deprecated, use AcceptAdministratorInvitation API instead.

Constructs a fluent builder for the AcceptInvitation operation.

• The fluent builder is configurable:
  • master_id(impl Into<String>) / set_master_id(Option<String>):
    required: true
    

    The account ID of the Security Hub administrator account that sent the invitation.

    
    
  • invitation_id(impl Into<String>) / set_invitation_id(Option<String>):
    required: true
    

    The identifier of the invitation sent from the Security Hub administrator account.

    
    
• On success, responds with AcceptInvitationOutput
• On failure, responds with SdkError<AcceptInvitationError>

impl Client

pub fn batch_delete_automation_rules( &self, ) -> BatchDeleteAutomationRulesFluentBuilder

Constructs a fluent builder for the BatchDeleteAutomationRules operation.

• The fluent builder is configurable:
  • automation_rules_arns(impl Into<String>) / set_automation_rules_arns(Option<Vec::<String>>):
    required: true
    

    A list of Amazon Resource Names (ARNs) for the rules that are to be deleted.

    
    
• On success, responds with BatchDeleteAutomationRulesOutput with field(s):
  • processed_automation_rules(Option<Vec::<String>>):

    A list of properly processed rule ARNs.

  • unprocessed_automation_rules(Option<Vec::<UnprocessedAutomationRule>>):

    A list of objects containing RuleArn, ErrorCode, and ErrorMessage. This parameter tells you which automation rules the request didn’t delete and why.

• On failure, responds with SdkError<BatchDeleteAutomationRulesError>

impl Client

pub fn batch_disable_standards(&self) -> BatchDisableStandardsFluentBuilder

Constructs a fluent builder for the BatchDisableStandards operation.

• The fluent builder is configurable:
  • standards_subscription_arns(impl Into<String>) / set_standards_subscription_arns(Option<Vec::<String>>):
    required: true
    

    The ARNs of the standards subscriptions to disable.

    
    
• On success, responds with BatchDisableStandardsOutput with field(s):
  • standards_subscriptions(Option<Vec::<StandardsSubscription>>):

    The details of the standards subscriptions that were disabled.

• On failure, responds with SdkError<BatchDisableStandardsError>

impl Client

pub fn batch_enable_standards(&self) -> BatchEnableStandardsFluentBuilder

Constructs a fluent builder for the BatchEnableStandards operation.

• The fluent builder is configurable:
  • standards_subscription_requests(StandardsSubscriptionRequest) / set_standards_subscription_requests(Option<Vec::<StandardsSubscriptionRequest>>):
    required: true
    

    The list of standards checks to enable.

    
    
• On success, responds with BatchEnableStandardsOutput with field(s):
  • standards_subscriptions(Option<Vec::<StandardsSubscription>>):

    The details of the standards subscriptions that were enabled.

• On failure, responds with SdkError<BatchEnableStandardsError>

impl Client

pub fn batch_get_automation_rules(&self) -> BatchGetAutomationRulesFluentBuilder

Constructs a fluent builder for the BatchGetAutomationRules operation.

• The fluent builder is configurable:
  • automation_rules_arns(impl Into<String>) / set_automation_rules_arns(Option<Vec::<String>>):
    required: true
    

    A list of rule ARNs to get details for.

    
    
• On success, responds with BatchGetAutomationRulesOutput with field(s):
  • rules(Option<Vec::<AutomationRulesConfig>>):

    A list of rule details for the provided rule ARNs.

  • unprocessed_automation_rules(Option<Vec::<UnprocessedAutomationRule>>):

    A list of objects containing RuleArn, ErrorCode, and ErrorMessage. This parameter tells you which automation rules the request didn’t retrieve and why.

• On failure, responds with SdkError<BatchGetAutomationRulesError>

impl Client

pub fn batch_get_configuration_policy_associations( &self, ) -> BatchGetConfigurationPolicyAssociationsFluentBuilder

Constructs a fluent builder for the BatchGetConfigurationPolicyAssociations operation.

• The fluent builder is configurable:
  • configuration_policy_association_identifiers(ConfigurationPolicyAssociation) / set_configuration_policy_association_identifiers(Option<Vec::<ConfigurationPolicyAssociation>>):
    required: true
    

    Specifies one or more target account IDs, organizational unit (OU) IDs, or the root ID to retrieve associations for.

    
    
• On success, responds with BatchGetConfigurationPolicyAssociationsOutput with field(s):
  • configuration_policy_associations(Option<Vec::<ConfigurationPolicyAssociationSummary>>):

    Describes associations for the target accounts, OUs, or the root.

  • unprocessed_configuration_policy_associations(Option<Vec::<UnprocessedConfigurationPolicyAssociation>>):

    An array of configuration policy associations, one for each configuration policy association identifier, that was specified in the request but couldn’t be processed due to an error.

• On failure, responds with SdkError<BatchGetConfigurationPolicyAssociationsError>

impl Client

pub fn batch_get_security_controls( &self, ) -> BatchGetSecurityControlsFluentBuilder

Constructs a fluent builder for the BatchGetSecurityControls operation.

• The fluent builder is configurable:
  • security_control_ids(impl Into<String>) / set_security_control_ids(Option<Vec::<String>>):
    required: true
    

    A list of security controls (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters). The security control ID or Amazon Resource Name (ARN) is the same across standards.

    
    
• On success, responds with BatchGetSecurityControlsOutput with field(s):
  • security_controls(Option<Vec::<SecurityControl>>):

    An array that returns the identifier, Amazon Resource Name (ARN), and other details about a security control. The same information is returned whether the request includes SecurityControlId or SecurityControlArn.

  • unprocessed_ids(Option<Vec::<UnprocessedSecurityControl>>):

    A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) for which details cannot be returned.

• On failure, responds with SdkError<BatchGetSecurityControlsError>

impl Client

pub fn batch_get_standards_control_associations( &self, ) -> BatchGetStandardsControlAssociationsFluentBuilder

Constructs a fluent builder for the BatchGetStandardsControlAssociations operation.

• The fluent builder is configurable:
  • standards_control_association_ids(StandardsControlAssociationId) / set_standards_control_association_ids(Option<Vec::<StandardsControlAssociationId>>):
    required: true
    

    An array with one or more objects that includes a security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) and the Amazon Resource Name (ARN) of a standard. This field is used to query the enablement status of a control in a specified standard. The security control ID or ARN is the same across standards.

    
    
• On success, responds with BatchGetStandardsControlAssociationsOutput with field(s):
  • standards_control_association_details(Option<Vec::<StandardsControlAssociationDetail>>):

    Provides the enablement status of a security control in a specified standard and other details for the control in relation to the specified standard.

  • unprocessed_associations(Option<Vec::<UnprocessedStandardsControlAssociation>>):

    A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) whose enablement status in a specified standard cannot be returned.

• On failure, responds with SdkError<BatchGetStandardsControlAssociationsError>

impl Client

pub fn batch_import_findings(&self) -> BatchImportFindingsFluentBuilder

Constructs a fluent builder for the BatchImportFindings operation.

• The fluent builder is configurable:
  • findings(AwsSecurityFinding) / set_findings(Option<Vec::<AwsSecurityFinding>>):
    required: true
    

    A list of findings to import. To successfully import a finding, it must follow the Amazon Web Services Security Finding Format. Maximum of 100 findings per request.

    
    
• On success, responds with BatchImportFindingsOutput with field(s):
  • failed_count(Option<i32>):

    The number of findings that failed to import.

  • success_count(Option<i32>):

    The number of findings that were successfully imported.

  • failed_findings(Option<Vec::<ImportFindingsError>>):

    The list of findings that failed to import.

• On failure, responds with SdkError<BatchImportFindingsError>

impl Client

pub fn batch_update_automation_rules( &self, ) -> BatchUpdateAutomationRulesFluentBuilder

Constructs a fluent builder for the BatchUpdateAutomationRules operation.

• The fluent builder is configurable:
  • update_automation_rules_request_items(UpdateAutomationRulesRequestItem) / set_update_automation_rules_request_items(Option<Vec::<UpdateAutomationRulesRequestItem>>):
    required: true
    

    An array of ARNs for the rules that are to be updated. Optionally, you can also include RuleStatus and RuleOrder.

    
    
• On success, responds with BatchUpdateAutomationRulesOutput with field(s):
  • processed_automation_rules(Option<Vec::<String>>):

    A list of properly processed rule ARNs.

  • unprocessed_automation_rules(Option<Vec::<UnprocessedAutomationRule>>):

    A list of objects containing RuleArn, ErrorCode, and ErrorMessage. This parameter tells you which automation rules the request didn’t update and why.

• On failure, responds with SdkError<BatchUpdateAutomationRulesError>

impl Client

pub fn batch_update_findings(&self) -> BatchUpdateFindingsFluentBuilder

Constructs a fluent builder for the BatchUpdateFindings operation.

• The fluent builder is configurable:
  • finding_identifiers(AwsSecurityFindingIdentifier) / set_finding_identifiers(Option<Vec::<AwsSecurityFindingIdentifier>>):
    required: true
    

    The list of findings to update. BatchUpdateFindings can be used to update up to 100 findings at a time.

    For each finding, the list provides the finding identifier and the ARN of the finding provider.

    
    
  • note(NoteUpdate) / set_note(Option<NoteUpdate>):
    required: false
    

    The updated note.

    
    
  • severity(SeverityUpdate) / set_severity(Option<SeverityUpdate>):
    required: false
    

    Used to update the finding severity.

    
    
  • verification_state(VerificationState) / set_verification_state(Option<VerificationState>):
    required: false
    

    Indicates the veracity of a finding.

    The available values for VerificationState are as follows.

    • UNKNOWN – The default disposition of a security finding

    • TRUE_POSITIVE – The security finding is confirmed

    • FALSE_POSITIVE – The security finding was determined to be a false alarm

    • BENIGN_POSITIVE – A special case of TRUE_POSITIVE where the finding doesn’t pose any threat, is expected, or both

    
    
  • confidence(i32) / set_confidence(Option<i32>):
    required: false
    

    The updated value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify.

    Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence.

    
    
  • criticality(i32) / set_criticality(Option<i32>):
    required: false
    

    The updated value for the level of importance assigned to the resources associated with the findings.

    A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources.

    
    
  • types(impl Into<String>) / set_types(Option<Vec::<String>>):
    required: false
    

    One or more finding types in the format of namespace/category/classifier that classify a finding.

    Valid namespace values are as follows.

    • Software and Configuration Checks

    • TTPs

    • Effects

    • Unusual Behaviors

    • Sensitive Data Identifications

    
    
  • user_defined_fields(impl Into<String>, impl Into<String>) / set_user_defined_fields(Option<HashMap::<String, String>>):
    required: false
    

    A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding.

    
    
  • workflow(WorkflowUpdate) / set_workflow(Option<WorkflowUpdate>):
    required: false
    

    Used to update the workflow status of a finding.

    The workflow status indicates the progress of the investigation into the finding.

    
    
  • related_findings(RelatedFinding) / set_related_findings(Option<Vec::<RelatedFinding>>):
    required: false
    

    A list of findings that are related to the updated findings.

    
    
• On success, responds with BatchUpdateFindingsOutput with field(s):
  • processed_findings(Option<Vec::<AwsSecurityFindingIdentifier>>):

    The list of findings that were updated successfully.

  • unprocessed_findings(Option<Vec::<BatchUpdateFindingsUnprocessedFinding>>):

    The list of findings that were not updated.

• On failure, responds with SdkError<BatchUpdateFindingsError>

impl Client

pub fn batch_update_standards_control_associations( &self, ) -> BatchUpdateStandardsControlAssociationsFluentBuilder

Constructs a fluent builder for the BatchUpdateStandardsControlAssociations operation.

• The fluent builder is configurable:
  • standards_control_association_updates(StandardsControlAssociationUpdate) / set_standards_control_association_updates(Option<Vec::<StandardsControlAssociationUpdate>>):
    required: true
    

    Updates the enablement status of a security control in a specified standard.

    Calls to this operation return a RESOURCE_NOT_FOUND_EXCEPTION error when the standard subscription for the control has StandardsControlsUpdatable value NOT_READY_FOR_UPDATES.

    
    
• On success, responds with BatchUpdateStandardsControlAssociationsOutput with field(s):
  • unprocessed_association_updates(Option<Vec::<UnprocessedStandardsControlAssociationUpdate>>):

    A security control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) whose enablement status in a specified standard couldn’t be updated.

• On failure, responds with SdkError<BatchUpdateStandardsControlAssociationsError>

impl Client

pub fn create_action_target(&self) -> CreateActionTargetFluentBuilder

Constructs a fluent builder for the CreateActionTarget operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    The name of the custom action target. Can contain up to 20 characters.

    
    
  • description(impl Into<String>) / set_description(Option<String>):
    required: true
    

    The description for the custom action target.

    
    
  • id(impl Into<String>) / set_id(Option<String>):
    required: true
    

    The ID for the custom action target. Can contain up to 20 alphanumeric characters.

    
    
• On success, responds with CreateActionTargetOutput with field(s):
  • action_target_arn(Option<String>):

    The Amazon Resource Name (ARN) for the custom action target.

• On failure, responds with SdkError<CreateActionTargetError>

impl Client

pub fn create_automation_rule(&self) -> CreateAutomationRuleFluentBuilder

Constructs a fluent builder for the CreateAutomationRule operation.

• The fluent builder is configurable:
  • tags(impl Into<String>, impl Into<String>) / set_tags(Option<HashMap::<String, String>>):
    required: false
    

    User-defined tags associated with an automation rule.

    
    
  • rule_status(RuleStatus) / set_rule_status(Option<RuleStatus>):
    required: false
    

    Whether the rule is active after it is created. If this parameter is equal to ENABLED, Security Hub starts applying the rule to findings and finding updates after the rule is created. To change the value of this parameter after creating a rule, use BatchUpdateAutomationRules .

    
    
  • rule_order(i32) / set_rule_order(Option<i32>):
    required: true
    

    An integer ranging from 1 to 1000 that represents the order in which the rule action is applied to findings. Security Hub applies rules with lower values for this parameter first.

    
    
  • rule_name(impl Into<String>) / set_rule_name(Option<String>):
    required: true
    

    The name of the rule.

    
    
  • description(impl Into<String>) / set_description(Option<String>):
    required: true
    

    A description of the rule.

    
    
  • is_terminal(bool) / set_is_terminal(Option<bool>):
    required: false
    

    Specifies whether a rule is the last to be applied with respect to a finding that matches the rule criteria. This is useful when a finding matches the criteria for multiple rules, and each rule has different actions. If a rule is terminal, Security Hub applies the rule action to a finding that matches the rule criteria and doesn’t evaluate other rules for the finding. By default, a rule isn’t terminal.

    
    
  • criteria(AutomationRulesFindingFilters) / set_criteria(Option<AutomationRulesFindingFilters>):
    required: true
    

    A set of ASFF finding field attributes and corresponding expected values that Security Hub uses to filter findings. If a rule is enabled and a finding matches the conditions specified in this parameter, Security Hub applies the rule action to the finding.

    
    
  • actions(AutomationRulesAction) / set_actions(Option<Vec::<AutomationRulesAction>>):
    required: true
    

    One or more actions to update finding fields if a finding matches the conditions specified in Criteria.

    
    
• On success, responds with CreateAutomationRuleOutput with field(s):
  • rule_arn(Option<String>):

    The Amazon Resource Name (ARN) of the automation rule that you created.

• On failure, responds with SdkError<CreateAutomationRuleError>

impl Client

pub fn create_configuration_policy( &self, ) -> CreateConfigurationPolicyFluentBuilder

Constructs a fluent builder for the CreateConfigurationPolicy operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, /.

    
    
  • description(impl Into<String>) / set_description(Option<String>):
    required: false
    

    The description of the configuration policy.

    
    
  • configuration_policy(Policy) / set_configuration_policy(Option<Policy>):
    required: true
    

    An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

    
    
  • tags(impl Into<String>, impl Into<String>) / set_tags(Option<HashMap::<String, String>>):
    required: false
    

    User-defined tags associated with a configuration policy. For more information, see Tagging Security Hub resources in the Security Hub user guide.

    
    
• On success, responds with CreateConfigurationPolicyOutput with field(s):
  • arn(Option<String>):

    The Amazon Resource Name (ARN) of the configuration policy.

  • id(Option<String>):

    The universally unique identifier (UUID) of the configuration policy.

  • name(Option<String>):

    The name of the configuration policy.

  • description(Option<String>):

    The description of the configuration policy.

  • updated_at(Option<DateTime>):

    The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.

  • created_at(Option<DateTime>):

    The date and time, in UTC and ISO 8601 format, that the configuration policy was created.

  • configuration_policy(Option<Policy>):

    An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If the request included a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If the request included a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

• On failure, responds with SdkError<CreateConfigurationPolicyError>

impl Client

pub fn create_finding_aggregator(&self) -> CreateFindingAggregatorFluentBuilder

Constructs a fluent builder for the CreateFindingAggregator operation.

• The fluent builder is configurable:
  • region_linking_mode(impl Into<String>) / set_region_linking_mode(Option<String>):
    required: true
    

    Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

    The selected option also determines how to use the Regions provided in the Regions list.

    The options are as follows:

    • ALL_REGIONS - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

    • ALL_REGIONS_EXCEPT_SPECIFIED - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

    • SPECIFIED_REGIONS - Aggregates findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.

    • NO_REGIONS - Aggregates no data because no Regions are selected as linked Regions.

    
    
  • regions(impl Into<String>) / set_regions(Option<Vec::<String>>):
    required: false
    

    If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that don’t replicate and send findings to the home Region.

    If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do replicate and send findings to the home Region.

    An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.

    
    
• On success, responds with CreateFindingAggregatorOutput with field(s):
  • finding_aggregator_arn(Option<String>):

    The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and stop cross-Region aggregation.

  • finding_aggregation_region(Option<String>):

    The home Region. Findings generated in linked Regions are replicated and sent to the home Region.

  • region_linking_mode(Option<String>):

    Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.

  • regions(Option<Vec::<String>>):

    The list of excluded Regions or included Regions.

• On failure, responds with SdkError<CreateFindingAggregatorError>

impl Client

pub fn create_insight(&self) -> CreateInsightFluentBuilder

Constructs a fluent builder for the CreateInsight operation.

• The fluent builder is configurable:
  • name(impl Into<String>) / set_name(Option<String>):
    required: true
    

    The name of the custom insight to create.

    
    
  • filters(AwsSecurityFindingFilters) / set_filters(Option<AwsSecurityFindingFilters>):
    required: true
    

    One or more attributes used to filter the findings included in the insight. The insight only includes findings that match the criteria defined in the filters.

    
    
  • group_by_attribute(impl Into<String>) / set_group_by_attribute(Option<String>):
    required: true
    

    The attribute used to group the findings for the insight. The grouping attribute identifies the type of item that the insight applies to. For example, if an insight is grouped by resource identifier, then the insight produces a list of resource identifiers.

    
    
• On success, responds with CreateInsightOutput with field(s):
  • insight_arn(Option<String>):

    The ARN of the insight created.

• On failure, responds with SdkError<CreateInsightError>

impl Client

pub fn create_members(&self) -> CreateMembersFluentBuilder

Constructs a fluent builder for the CreateMembers operation.

• The fluent builder is configurable:
  • account_details(AccountDetails) / set_account_details(Option<Vec::<AccountDetails>>):
    required: true
    

    The list of accounts to associate with the Security Hub administrator account. For each account, the list includes the account ID and optionally the email address.

    
    
• On success, responds with CreateMembersOutput with field(s):
  • unprocessed_accounts(Option<Vec::<Result>>):

    The list of Amazon Web Services accounts that were not processed. For each account, the list includes the account ID and the email address.

• On failure, responds with SdkError<CreateMembersError>

impl Client

pub fn decline_invitations(&self) -> DeclineInvitationsFluentBuilder

Constructs a fluent builder for the DeclineInvitations operation.

• The fluent builder is configurable:
  • account_ids(impl Into<String>) / set_account_ids(Option<Vec::<String>>):
    required: true
    

    The list of prospective member account IDs for which to decline an invitation.

    
    
• On success, responds with DeclineInvitationsOutput with field(s):
  • unprocessed_accounts(Option<Vec::<Result>>):

    The list of Amazon Web Services accounts that were not processed. For each account, the list includes the account ID and the email address.

• On failure, responds with SdkError<DeclineInvitationsError>

impl Client

pub fn delete_action_target(&self) -> DeleteActionTargetFluentBuilder

Constructs a fluent builder for the DeleteActionTarget operation.

• The fluent builder is configurable:
  • action_target_arn(impl Into<String>) / set_action_target_arn(Option<String>):
    required: true
    

    The Amazon Resource Name (ARN) of the custom action target to delete.

    
    
• On success, responds with DeleteActionTargetOutput with field(s):
  • action_target_arn(Option<String>):

    The ARN of the custom action target that was deleted.

• On failure, responds with SdkError<DeleteActionTargetError>

impl Client

pub fn delete_configuration_policy( &self, ) -> DeleteConfigurationPolicyFluentBuilder

Constructs a fluent builder for the DeleteConfigurationPolicy operation.

• The fluent builder is configurable:
  • identifier(impl Into<String>) / set_identifier(Option<String>):
    required: true
    

    The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

    
    
• On success, responds with DeleteConfigurationPolicyOutput
• On failure, responds with SdkError<DeleteConfigurationPolicyError>

impl Client

pub fn delete_finding_aggregator(&self) -> DeleteFindingAggregatorFluentBuilder

Constructs a fluent builder for the DeleteFindingAggregator operation.

• The fluent builder is configurable:
  • finding_aggregator_arn(impl Into<String>) / set_finding_aggregator_arn(Option<String>):
    required: true
    

    The ARN of the finding aggregator to delete. To obtain the ARN, use ListFindingAggregators.

    
    
• On success, responds with DeleteFindingAggregatorOutput
• On failure, responds with SdkError<DeleteFindingAggregatorError>

impl Client

pub fn delete_insight(&self) -> DeleteInsightFluentBuilder

Constructs a fluent builder for the DeleteInsight operation.

• The fluent builder is configurable:
  • insight_arn(impl Into<String>) / set_insight_arn(Option<String>):
    required: true
    

    The ARN of the insight to delete.

    
    
• On success, responds with DeleteInsightOutput with field(s):
  • insight_arn(Option<String>):

    The ARN of the insight that was deleted.

• On failure, responds with SdkError<DeleteInsightError>

impl Client

pub fn delete_invitations(&self) -> DeleteInvitationsFluentBuilder

Constructs a fluent builder for the DeleteInvitations operation.

• The fluent builder is configurable:
  • account_ids(impl Into<String>) / set_account_ids(Option<Vec::<String>>):
    required: true
    

    The list of member account IDs that received the invitations you want to delete.

    
    
• On success, responds with DeleteInvitationsOutput with field(s):
  • unprocessed_accounts(Option<Vec::<Result>>):

    The list of Amazon Web Services accounts for which the invitations were not deleted. For each account, the list includes the account ID and the email address.

• On failure, responds with SdkError<DeleteInvitationsError>

impl Client

pub fn delete_members(&self) -> DeleteMembersFluentBuilder

Constructs a fluent builder for the DeleteMembers operation.

• The fluent builder is configurable:
  • account_ids(impl Into<String>) / set_account_ids(Option<Vec::<String>>):
    required: true
    

    The list of account IDs for the member accounts to delete.

    
    
• On success, responds with DeleteMembersOutput with field(s):
  • unprocessed_accounts(Option<Vec::<Result>>):

    The list of Amazon Web Services accounts that were not deleted. For each account, the list includes the account ID and the email address.

• On failure, responds with SdkError<DeleteMembersError>

impl Client

pub fn describe_action_targets(&self) -> DescribeActionTargetsFluentBuilder

Constructs a fluent builder for the DescribeActionTargets operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • action_target_arns(impl Into<String>) / set_action_target_arns(Option<Vec::<String>>):
    required: false
    

    A list of custom action target ARNs for the custom action targets to retrieve.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token that is required for pagination. On your first call to the DescribeActionTargets operation, set the value of this parameter to NULL.

    For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return.

    
    
• On success, responds with DescribeActionTargetsOutput with field(s):
  • action_targets(Option<Vec::<ActionTarget>>):

    A list of ActionTarget objects. Each object includes the ActionTargetArn, Description, and Name of a custom action target available in Security Hub.

  • next_token(Option<String>):

    The pagination token to use to request the next page of results.

• On failure, responds with SdkError<DescribeActionTargetsError>

impl Client

pub fn describe_hub(&self) -> DescribeHubFluentBuilder

Constructs a fluent builder for the DescribeHub operation.

• The fluent builder is configurable:
  • hub_arn(impl Into<String>) / set_hub_arn(Option<String>):
    required: false
    

    The ARN of the Hub resource to retrieve.

    
    
• On success, responds with DescribeHubOutput with field(s):
  • hub_arn(Option<String>):

    The ARN of the Hub resource that was retrieved.

  • subscribed_at(Option<String>):

    The date and time when Security Hub was enabled in the account.

  • auto_enable_controls(Option<bool>):

    Whether to automatically enable new controls when they are added to standards that are enabled.

    If set to true, then new controls for enabled standards are enabled automatically. If set to false, then new controls are not enabled.

    When you automatically enable new controls, you can interact with the controls in the console and programmatically immediately after release. However, automatically enabled controls have a temporary default status of DISABLED. It can take up to several days for Security Hub to process the control release and designate the control as ENABLED in your account. During the processing period, you can manually enable or disable a control, and Security Hub will maintain that designation regardless of whether you have AutoEnableControls set to true.

  • control_finding_generator(Option<ControlFindingGenerator>):

    Specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.

    If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.

    The value for this field in a member account matches the value in the administrator account. For accounts that aren’t part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 23, 2023.

• On failure, responds with SdkError<DescribeHubError>

impl Client

pub fn describe_organization_configuration( &self, ) -> DescribeOrganizationConfigurationFluentBuilder

Constructs a fluent builder for the DescribeOrganizationConfiguration operation.

• The fluent builder takes no input, just send it.
• On success, responds with DescribeOrganizationConfigurationOutput with field(s):
  • auto_enable(Option<bool>):

    Whether to automatically enable Security Hub in new member accounts when they join the organization.

    If set to true, then Security Hub is automatically enabled in new accounts. If set to false, then Security Hub isn’t enabled in new accounts automatically. The default value is false.

    If the ConfigurationType of your organization is set to CENTRAL, then this field is set to false and can’t be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which Security Hub is enabled and associate the policy with new organization accounts.

  • member_account_limit_reached(Option<bool>):

    Whether the maximum number of allowed member accounts are already associated with the Security Hub administrator account.

  • auto_enable_standards(Option<AutoEnableStandards>):

    Whether to automatically enable Security Hub default standards in new member accounts when they join the organization.

    If equal to DEFAULT, then Security Hub default standards are automatically enabled for new member accounts. If equal to NONE, then default standards are not automatically enabled for new member accounts. The default value of this parameter is equal to DEFAULT.

    If the ConfigurationType of your organization is set to CENTRAL, then this field is set to NONE and can’t be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which specific security standards are enabled and associate the policy with new organization accounts.

  • organization_configuration(Option<OrganizationConfiguration>):

    Provides information about the way an organization is configured in Security Hub.

• On failure, responds with SdkError<DescribeOrganizationConfigurationError>

impl Client

pub fn describe_products(&self) -> DescribeProductsFluentBuilder

Constructs a fluent builder for the DescribeProducts operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token that is required for pagination. On your first call to the DescribeProducts operation, set the value of this parameter to NULL.

    For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return.

    
    
  • product_arn(impl Into<String>) / set_product_arn(Option<String>):
    required: false
    

    The ARN of the integration to return.

    
    
• On success, responds with DescribeProductsOutput with field(s):
  • products(Option<Vec::<Product>>):

    A list of products, including details for each product.

  • next_token(Option<String>):

    The pagination token to use to request the next page of results.

• On failure, responds with SdkError<DescribeProductsError>

impl Client

pub fn describe_standards(&self) -> DescribeStandardsFluentBuilder

Constructs a fluent builder for the DescribeStandards operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token that is required for pagination. On your first call to the DescribeStandards operation, set the value of this parameter to NULL.

    For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of standards to return.

    
    
• On success, responds with DescribeStandardsOutput with field(s):
  • standards(Option<Vec::<Standard>>):

    A list of available standards.

  • next_token(Option<String>):

    The pagination token to use to request the next page of results.

• On failure, responds with SdkError<DescribeStandardsError>

impl Client

pub fn describe_standards_controls( &self, ) -> DescribeStandardsControlsFluentBuilder

Constructs a fluent builder for the DescribeStandardsControls operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • standards_subscription_arn(impl Into<String>) / set_standards_subscription_arn(Option<String>):
    required: true
    

    The ARN of a resource that represents your subscription to a supported standard. To get the subscription ARNs of the standards you have enabled, use the GetEnabledStandards operation.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token that is required for pagination. On your first call to the DescribeStandardsControls operation, set the value of this parameter to NULL.

    For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of security standard controls to return.

    
    
• On success, responds with DescribeStandardsControlsOutput with field(s):
  • controls(Option<Vec::<StandardsControl>>):

    A list of security standards controls.

  • next_token(Option<String>):

    The pagination token to use to request the next page of results.

• On failure, responds with SdkError<DescribeStandardsControlsError>

impl Client

pub fn disable_import_findings_for_product( &self, ) -> DisableImportFindingsForProductFluentBuilder

Constructs a fluent builder for the DisableImportFindingsForProduct operation.

• The fluent builder is configurable:
  • product_subscription_arn(impl Into<String>) / set_product_subscription_arn(Option<String>):
    required: true
    

    The ARN of the integrated product to disable the integration for.

    
    
• On success, responds with DisableImportFindingsForProductOutput
• On failure, responds with SdkError<DisableImportFindingsForProductError>

impl Client

pub fn disable_organization_admin_account( &self, ) -> DisableOrganizationAdminAccountFluentBuilder

Constructs a fluent builder for the DisableOrganizationAdminAccount operation.

• The fluent builder is configurable:
  • admin_account_id(impl Into<String>) / set_admin_account_id(Option<String>):
    required: true
    

    The Amazon Web Services account identifier of the Security Hub administrator account.

    
    
• On success, responds with DisableOrganizationAdminAccountOutput
• On failure, responds with SdkError<DisableOrganizationAdminAccountError>

impl Client

pub fn disable_security_hub(&self) -> DisableSecurityHubFluentBuilder

Constructs a fluent builder for the DisableSecurityHub operation.

• The fluent builder takes no input, just send it.
• On success, responds with DisableSecurityHubOutput
• On failure, responds with SdkError<DisableSecurityHubError>

impl Client

pub fn disassociate_from_administrator_account( &self, ) -> DisassociateFromAdministratorAccountFluentBuilder

Constructs a fluent builder for the DisassociateFromAdministratorAccount operation.

• The fluent builder takes no input, just send it.
• On success, responds with DisassociateFromAdministratorAccountOutput
• On failure, responds with SdkError<DisassociateFromAdministratorAccountError>

impl Client

pub fn disassociate_from_master_account( &self, ) -> DisassociateFromMasterAccountFluentBuilder

👎Deprecated: This API has been deprecated, use DisassociateFromAdministratorAccount API instead.

Constructs a fluent builder for the DisassociateFromMasterAccount operation.

• The fluent builder takes no input, just send it.
• On success, responds with DisassociateFromMasterAccountOutput
• On failure, responds with SdkError<DisassociateFromMasterAccountError>

impl Client

pub fn disassociate_members(&self) -> DisassociateMembersFluentBuilder

Constructs a fluent builder for the DisassociateMembers operation.

• The fluent builder is configurable:
  • account_ids(impl Into<String>) / set_account_ids(Option<Vec::<String>>):
    required: true
    

    The account IDs of the member accounts to disassociate from the administrator account.

    
    
• On success, responds with DisassociateMembersOutput
• On failure, responds with SdkError<DisassociateMembersError>

impl Client

pub fn enable_import_findings_for_product( &self, ) -> EnableImportFindingsForProductFluentBuilder

Constructs a fluent builder for the EnableImportFindingsForProduct operation.

• The fluent builder is configurable:
  • product_arn(impl Into<String>) / set_product_arn(Option<String>):
    required: true
    

    The ARN of the product to enable the integration for.

    
    
• On success, responds with EnableImportFindingsForProductOutput with field(s):
  • product_subscription_arn(Option<String>):

    The ARN of your subscription to the product to enable integrations for.

• On failure, responds with SdkError<EnableImportFindingsForProductError>

impl Client

pub fn enable_organization_admin_account( &self, ) -> EnableOrganizationAdminAccountFluentBuilder

Constructs a fluent builder for the EnableOrganizationAdminAccount operation.

• The fluent builder is configurable:
  • admin_account_id(impl Into<String>) / set_admin_account_id(Option<String>):
    required: true
    

    The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account.

    
    
• On success, responds with EnableOrganizationAdminAccountOutput
• On failure, responds with SdkError<EnableOrganizationAdminAccountError>

impl Client

pub fn enable_security_hub(&self) -> EnableSecurityHubFluentBuilder

Constructs a fluent builder for the EnableSecurityHub operation.

• The fluent builder is configurable:
  • tags(impl Into<String>, impl Into<String>) / set_tags(Option<HashMap::<String, String>>):
    required: false
    

    The tags to add to the hub resource when you enable Security Hub.

    
    
  • enable_default_standards(bool) / set_enable_default_standards(Option<bool>):
    required: false
    

    Whether to enable the security standards that Security Hub has designated as automatically enabled. If you don’t provide a value for EnableDefaultStandards, it is set to true. To not enable the automatically enabled standards, set EnableDefaultStandards to false.

    
    
  • control_finding_generator(ControlFindingGenerator) / set_control_finding_generator(Option<ControlFindingGenerator>):
    required: false
    

    This field, used when enabling Security Hub, specifies whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.

    If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.

    The value for this field in a member account matches the value in the administrator account. For accounts that aren’t part of an organization, the default value of this field is SECURITY_CONTROL if you enabled Security Hub on or after February 23, 2023.

    
    
• On success, responds with EnableSecurityHubOutput
• On failure, responds with SdkError<EnableSecurityHubError>

impl Client

pub fn get_administrator_account(&self) -> GetAdministratorAccountFluentBuilder

Constructs a fluent builder for the GetAdministratorAccount operation.

• The fluent builder takes no input, just send it.
• On success, responds with GetAdministratorAccountOutput with field(s):
  • administrator(Option<Invitation>):

    Details about an invitation.

• On failure, responds with SdkError<GetAdministratorAccountError>

impl Client

pub fn get_configuration_policy(&self) -> GetConfigurationPolicyFluentBuilder

Constructs a fluent builder for the GetConfigurationPolicy operation.

• The fluent builder is configurable:
  • identifier(impl Into<String>) / set_identifier(Option<String>):
    required: true
    

    The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

    
    
• On success, responds with GetConfigurationPolicyOutput with field(s):
  • arn(Option<String>):

    The ARN of the configuration policy.

  • id(Option<String>):

    The UUID of the configuration policy.

  • name(Option<String>):

    The name of the configuration policy.

  • description(Option<String>):

    The description of the configuration policy.

  • updated_at(Option<DateTime>):

    The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.

  • created_at(Option<DateTime>):

    The date and time, in UTC and ISO 8601 format, that the configuration policy was created.

  • configuration_policy(Option<Policy>):

    An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If the policy includes a list of security controls that are enabled, Security Hub disables all other controls (including newly released controls). If the policy includes a list of security controls that are disabled, Security Hub enables all other controls (including newly released controls).

• On failure, responds with SdkError<GetConfigurationPolicyError>

impl Client

pub fn get_configuration_policy_association( &self, ) -> GetConfigurationPolicyAssociationFluentBuilder

Constructs a fluent builder for the GetConfigurationPolicyAssociation operation.

• The fluent builder is configurable:
  • target(Target) / set_target(Option<Target>):
    required: true
    

    The target account ID, organizational unit ID, or the root ID to retrieve the association for.

    
    
• On success, responds with GetConfigurationPolicyAssociationOutput with field(s):
  • configuration_policy_id(Option<String>):

    The universally unique identifier (UUID) of a configuration policy. For self-managed behavior, the value is SELF_MANAGED_SECURITY_HUB.

  • target_id(Option<String>):

    The target account ID, organizational unit ID, or the root ID for which the association is retrieved.

  • target_type(Option<TargetType>):

    Specifies whether the target is an Amazon Web Services account, organizational unit, or the organization root.

  • association_type(Option<AssociationType>):

    Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

  • updated_at(Option<DateTime>):

    The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

  • association_status(Option<ConfigurationPolicyAssociationStatus>):

    The current status of the association between the specified target and the configuration.

  • association_status_message(Option<String>):

    The explanation for a FAILED value for AssociationStatus.

• On failure, responds with SdkError<GetConfigurationPolicyAssociationError>

impl Client

pub fn get_enabled_standards(&self) -> GetEnabledStandardsFluentBuilder

Constructs a fluent builder for the GetEnabledStandards operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • standards_subscription_arns(impl Into<String>) / set_standards_subscription_arns(Option<Vec::<String>>):
    required: false
    

    The list of the standards subscription ARNs for the standards to retrieve.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token that is required for pagination. On your first call to the GetEnabledStandards operation, set the value of this parameter to NULL.

    For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return in the response.

    
    
• On success, responds with GetEnabledStandardsOutput with field(s):
  • standards_subscriptions(Option<Vec::<StandardsSubscription>>):

    The list of StandardsSubscriptions objects that include information about the enabled standards.

  • next_token(Option<String>):

    The pagination token to use to request the next page of results.

• On failure, responds with SdkError<GetEnabledStandardsError>

impl Client

pub fn get_finding_aggregator(&self) -> GetFindingAggregatorFluentBuilder

Constructs a fluent builder for the GetFindingAggregator operation.

• The fluent builder is configurable:
  • finding_aggregator_arn(impl Into<String>) / set_finding_aggregator_arn(Option<String>):
    required: true
    

    The ARN of the finding aggregator to return details for. To obtain the ARN, use ListFindingAggregators.

    
    
• On success, responds with GetFindingAggregatorOutput with field(s):
  • finding_aggregator_arn(Option<String>):

    The ARN of the finding aggregator.

  • finding_aggregation_region(Option<String>):

    The home Region. Findings generated in linked Regions are replicated and sent to the home Region.

  • region_linking_mode(Option<String>):

    Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.

  • regions(Option<Vec::<String>>):

    The list of excluded Regions or included Regions.

• On failure, responds with SdkError<GetFindingAggregatorError>

impl Client

pub fn get_finding_history(&self) -> GetFindingHistoryFluentBuilder

Constructs a fluent builder for the GetFindingHistory operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • finding_identifier(AwsSecurityFindingIdentifier) / set_finding_identifier(Option<AwsSecurityFindingIdentifier>):
    required: true
    

    Identifies which finding to get the finding history for.

    
    
  • start_time(DateTime) / set_start_time(Option<DateTime>):
    required: false
    

    A timestamp that indicates the start time of the requested finding history.

    If you provide values for both StartTime and EndTime, Security Hub returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results, and the maximum time period is limited to 90 days.

    For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

    
    
  • end_time(DateTime) / set_end_time(Option<DateTime>):
    required: false
    

    An ISO 8601-formatted timestamp that indicates the end time of the requested finding history.

    If you provide values for both StartTime and EndTime, Security Hub returns finding history for the specified time period. If you provide a value for StartTime but not for EndTime, Security Hub returns finding history from the StartTime to the time at which the API is called. If you provide a value for EndTime but not for StartTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the EndTime. If you provide neither StartTime nor EndTime, Security Hub returns finding history from the CreatedAt timestamp of the finding to the time at which the API is called. In all of these scenarios, the response is limited to 100 results, and the maximum time period is limited to 90 days.

    For more information about the validation and formatting of timestamp fields in Security Hub, see Timestamps.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token for pagination purposes. Provide NULL as the initial value. In subsequent requests, provide the token included in the response to get up to an additional 100 results of finding history. If you don’t provide NextToken, Security Hub returns up to 100 results of finding history for each request.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to be returned. If you don’t provide it, Security Hub returns up to 100 results of finding history.

    
    
• On success, responds with GetFindingHistoryOutput with field(s):
  • records(Option<Vec::<FindingHistoryRecord>>):

    A list of events that altered the specified finding during the specified time period.

  • next_token(Option<String>):

    A token for pagination purposes. Provide this token in the subsequent request to GetFindingsHistory to get up to an additional 100 results of history for the same finding that you specified in your initial request.

• On failure, responds with SdkError<GetFindingHistoryError>

impl Client

pub fn get_findings(&self) -> GetFindingsFluentBuilder

Constructs a fluent builder for the GetFindings operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • filters(AwsSecurityFindingFilters) / set_filters(Option<AwsSecurityFindingFilters>):
    required: false
    

    The finding attributes used to define a condition to filter the returned findings.

    You can filter by up to 10 finding attributes. For each attribute, you can provide up to 20 filter values.

    Note that in the available filter fields, WorkflowState is deprecated. To search for a finding based on its workflow status, use WorkflowStatus.

    
    
  • sort_criteria(SortCriterion) / set_sort_criteria(Option<Vec::<SortCriterion>>):
    required: false
    

    The finding attributes used to sort the list of returned findings.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token that is required for pagination. On your first call to the GetFindings operation, set the value of this parameter to NULL.

    For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of findings to return.

    
    
• On success, responds with GetFindingsOutput with field(s):
  • findings(Option<Vec::<AwsSecurityFinding>>):

    The findings that matched the filters specified in the request.

  • next_token(Option<String>):

    The pagination token to use to request the next page of results.

• On failure, responds with SdkError<GetFindingsError>

impl Client

pub fn get_insight_results(&self) -> GetInsightResultsFluentBuilder

Constructs a fluent builder for the GetInsightResults operation.

• The fluent builder is configurable:
  • insight_arn(impl Into<String>) / set_insight_arn(Option<String>):
    required: true
    

    The ARN of the insight for which to return results.

    
    
• On success, responds with GetInsightResultsOutput with field(s):
  • insight_results(Option<InsightResults>):

    The insight results returned by the operation.

• On failure, responds with SdkError<GetInsightResultsError>

impl Client

pub fn get_insights(&self) -> GetInsightsFluentBuilder

Constructs a fluent builder for the GetInsights operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • insight_arns(impl Into<String>) / set_insight_arns(Option<Vec::<String>>):
    required: false
    

    The ARNs of the insights to describe. If you don’t provide any insight ARNs, then GetInsights returns all of your custom insights. It does not return any managed insights.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token that is required for pagination. On your first call to the GetInsights operation, set the value of this parameter to NULL.

    For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of items to return in the response.

    
    
• On success, responds with GetInsightsOutput with field(s):
  • insights(Option<Vec::<Insight>>):

    The insights returned by the operation.

  • next_token(Option<String>):

    The pagination token to use to request the next page of results.

• On failure, responds with SdkError<GetInsightsError>

impl Client

pub fn get_invitations_count(&self) -> GetInvitationsCountFluentBuilder

Constructs a fluent builder for the GetInvitationsCount operation.

• The fluent builder takes no input, just send it.
• On success, responds with GetInvitationsCountOutput with field(s):
  • invitations_count(Option<i32>):

    The number of all membership invitations sent to this Security Hub member account, not including the currently accepted invitation.

• On failure, responds with SdkError<GetInvitationsCountError>

impl Client

pub fn get_master_account(&self) -> GetMasterAccountFluentBuilder

👎Deprecated: This API has been deprecated, use GetAdministratorAccount API instead.

Constructs a fluent builder for the GetMasterAccount operation.

• The fluent builder takes no input, just send it.
• On success, responds with GetMasterAccountOutput with field(s):
  • master(Option<Invitation>):

    A list of details about the Security Hub administrator account for the current member account.

• On failure, responds with SdkError<GetMasterAccountError>

impl Client

pub fn get_members(&self) -> GetMembersFluentBuilder

Constructs a fluent builder for the GetMembers operation.

• The fluent builder is configurable:
  • account_ids(impl Into<String>) / set_account_ids(Option<Vec::<String>>):
    required: true
    

    The list of account IDs for the Security Hub member accounts to return the details for.

    
    
• On success, responds with GetMembersOutput with field(s):
  • members(Option<Vec::<Member>>):

    The list of details about the Security Hub member accounts.

  • unprocessed_accounts(Option<Vec::<Result>>):

    The list of Amazon Web Services accounts that could not be processed. For each account, the list includes the account ID and the email address.

• On failure, responds with SdkError<GetMembersError>

impl Client

pub fn get_security_control_definition( &self, ) -> GetSecurityControlDefinitionFluentBuilder

Constructs a fluent builder for the GetSecurityControlDefinition operation.

• The fluent builder is configurable:
  • security_control_id(impl Into<String>) / set_security_control_id(Option<String>):
    required: true
    

    The ID of the security control to retrieve the definition for. This field doesn’t accept an Amazon Resource Name (ARN).

    
    
• On success, responds with GetSecurityControlDefinitionOutput with field(s):
  • security_control_definition(Option<SecurityControlDefinition>):

    Provides metadata for a security control, including its unique standard-agnostic identifier, title, description, severity, availability in Amazon Web Services Regions, and a link to remediation steps.

• On failure, responds with SdkError<GetSecurityControlDefinitionError>

impl Client

pub fn invite_members(&self) -> InviteMembersFluentBuilder

Constructs a fluent builder for the InviteMembers operation.

• The fluent builder is configurable:
  • account_ids(impl Into<String>) / set_account_ids(Option<Vec::<String>>):
    required: true
    

    The list of account IDs of the Amazon Web Services accounts to invite to Security Hub as members.

    
    
• On success, responds with InviteMembersOutput with field(s):
  • unprocessed_accounts(Option<Vec::<Result>>):

    The list of Amazon Web Services accounts that could not be processed. For each account, the list includes the account ID and the email address.

• On failure, responds with SdkError<InviteMembersError>

impl Client

pub fn list_automation_rules(&self) -> ListAutomationRulesFluentBuilder

Constructs a fluent builder for the ListAutomationRules operation.

• The fluent builder is configurable:
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    A token to specify where to start paginating the response. This is the NextToken from a previously truncated response. On your first call to the ListAutomationRules API, set the value of this parameter to NULL.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of rules to return in the response. This currently ranges from 1 to 100.

    
    
• On success, responds with ListAutomationRulesOutput with field(s):
  • automation_rules_metadata(Option<Vec::<AutomationRulesMetadata>>):

    Metadata for rules in the calling account. The response includes rules with a RuleStatus of ENABLED and DISABLED.

  • next_token(Option<String>):

    A pagination token for the response.

• On failure, responds with SdkError<ListAutomationRulesError>

impl Client

pub fn list_configuration_policies( &self, ) -> ListConfigurationPoliciesFluentBuilder

Constructs a fluent builder for the ListConfigurationPolicies operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The NextToken value that’s returned from a previous paginated ListConfigurationPolicies request where MaxResults was used but the results exceeded the value of that parameter. Pagination continues from the MaxResults was used but the results exceeded the value of that parameter. Pagination continues from the end of the previous response that returned the NextToken value. This value is null when there are no more results to return.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results that’s returned by ListConfigurationPolicies in each page of the response. When this parameter is used, ListConfigurationPolicies returns the specified number of results in a single page and a NextToken response element. You can see the remaining results of the initial request by sending another ListConfigurationPolicies request with the returned NextToken value. A valid range for MaxResults is between 1 and 100.

    
    
• On success, responds with ListConfigurationPoliciesOutput with field(s):
  • configuration_policy_summaries(Option<Vec::<ConfigurationPolicySummary>>):

    Provides metadata for each of your configuration policies.

  • next_token(Option<String>):

    The NextToken value to include in the next ListConfigurationPolicies request. When the results of a ListConfigurationPolicies request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

• On failure, responds with SdkError<ListConfigurationPoliciesError>

impl Client

pub fn list_configuration_policy_associations( &self, ) -> ListConfigurationPolicyAssociationsFluentBuilder

Constructs a fluent builder for the ListConfigurationPolicyAssociations operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The NextToken value that’s returned from a previous paginated ListConfigurationPolicyAssociations request where MaxResults was used but the results exceeded the value of that parameter. Pagination continues from the end of the previous response that returned the NextToken value. This value is null when there are no more results to return.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results that’s returned by ListConfigurationPolicies in each page of the response. When this parameter is used, ListConfigurationPolicyAssociations returns the specified number of results in a single page and a NextToken response element. You can see the remaining results of the initial request by sending another ListConfigurationPolicyAssociations request with the returned NextToken value. A valid range for MaxResults is between 1 and 100.

    
    
  • filters(AssociationFilters) / set_filters(Option<AssociationFilters>):
    required: false
    

    Options for filtering the ListConfigurationPolicyAssociations response. You can filter by the Amazon Resource Name (ARN) or universally unique identifier (UUID) of a configuration, AssociationType, or AssociationStatus.

    
    
• On success, responds with ListConfigurationPolicyAssociationsOutput with field(s):
  • configuration_policy_association_summaries(Option<Vec::<ConfigurationPolicyAssociationSummary>>):

    An object that contains the details of each configuration policy association that’s returned in a ListConfigurationPolicyAssociations request.

  • next_token(Option<String>):

    The NextToken value to include in the next ListConfigurationPolicyAssociations request. When the results of a ListConfigurationPolicyAssociations request exceed MaxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

• On failure, responds with SdkError<ListConfigurationPolicyAssociationsError>

impl Client

pub fn list_enabled_products_for_import( &self, ) -> ListEnabledProductsForImportFluentBuilder

Constructs a fluent builder for the ListEnabledProductsForImport operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token that is required for pagination. On your first call to the ListEnabledProductsForImport operation, set the value of this parameter to NULL.

    For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of items to return in the response.

    
    
• On success, responds with ListEnabledProductsForImportOutput with field(s):
  • product_subscriptions(Option<Vec::<String>>):

    The list of ARNs for the resources that represent your subscriptions to products.

  • next_token(Option<String>):

    The pagination token to use to request the next page of results.

• On failure, responds with SdkError<ListEnabledProductsForImportError>

impl Client

pub fn list_finding_aggregators(&self) -> ListFindingAggregatorsFluentBuilder

Constructs a fluent builder for the ListFindingAggregators operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token returned with the previous set of results. Identifies the next set of results to return.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of results to return. This operation currently only returns a single result.

    
    
• On success, responds with ListFindingAggregatorsOutput with field(s):
  • finding_aggregators(Option<Vec::<FindingAggregator>>):

    The list of finding aggregators. This operation currently only returns a single result.

  • next_token(Option<String>):

    If there are more results, this is the token to provide in the next call to ListFindingAggregators.

    This operation currently only returns a single result.

• On failure, responds with SdkError<ListFindingAggregatorsError>

impl Client

pub fn list_invitations(&self) -> ListInvitationsFluentBuilder

Constructs a fluent builder for the ListInvitations operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of items to return in the response.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token that is required for pagination. On your first call to the ListInvitations operation, set the value of this parameter to NULL.

    For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    
    
• On success, responds with ListInvitationsOutput with field(s):
  • invitations(Option<Vec::<Invitation>>):

    The details of the invitations returned by the operation.

  • next_token(Option<String>):

    The pagination token to use to request the next page of results.

• On failure, responds with SdkError<ListInvitationsError>

impl Client

pub fn list_members(&self) -> ListMembersFluentBuilder

Constructs a fluent builder for the ListMembers operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • only_associated(bool) / set_only_associated(Option<bool>):
    required: false
    

    Specifies which member accounts to include in the response based on their relationship status with the administrator account. The default value is TRUE.

    If OnlyAssociated is set to TRUE, the response includes member accounts whose relationship status with the administrator account is set to ENABLED.

    If OnlyAssociated is set to FALSE, the response includes all existing member accounts.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of items to return in the response.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token that is required for pagination. On your first call to the ListMembers operation, set the value of this parameter to NULL.

    For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    
    
• On success, responds with ListMembersOutput with field(s):
  • members(Option<Vec::<Member>>):

    Member details returned by the operation.

  • next_token(Option<String>):

    The pagination token to use to request the next page of results.

• On failure, responds with SdkError<ListMembersError>

impl Client

pub fn list_organization_admin_accounts( &self, ) -> ListOrganizationAdminAccountsFluentBuilder

Constructs a fluent builder for the ListOrganizationAdminAccounts operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    The maximum number of items to return in the response.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    The token that is required for pagination. On your first call to the ListOrganizationAdminAccounts operation, set the value of this parameter to NULL. For subsequent calls to the operation, to continue listing data, set the value of this parameter to the value returned from the previous response.

    
    
• On success, responds with ListOrganizationAdminAccountsOutput with field(s):
  • admin_accounts(Option<Vec::<AdminAccount>>):

    The list of Security Hub administrator accounts.

  • next_token(Option<String>):

    The pagination token to use to request the next page of results.

• On failure, responds with SdkError<ListOrganizationAdminAccountsError>

impl Client

pub fn list_security_control_definitions( &self, ) -> ListSecurityControlDefinitionsFluentBuilder

Constructs a fluent builder for the ListSecurityControlDefinitions operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • standards_arn(impl Into<String>) / set_standards_arn(Option<String>):
    required: false
    

    The Amazon Resource Name (ARN) of the standard that you want to view controls for.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    Optional pagination parameter.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    An optional parameter that limits the total results of the API response to the specified number. If this parameter isn’t provided in the request, the results include the first 25 security controls that apply to the specified standard. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 controls. This repeats until all controls for the standard are returned.

    
    
• On success, responds with ListSecurityControlDefinitionsOutput with field(s):
  • security_control_definitions(Option<Vec::<SecurityControlDefinition>>):

    An array of controls that apply to the specified standard.

  • next_token(Option<String>):

    A pagination parameter that’s included in the response only if it was included in the request.

• On failure, responds with SdkError<ListSecurityControlDefinitionsError>

impl Client

pub fn list_standards_control_associations( &self, ) -> ListStandardsControlAssociationsFluentBuilder

Constructs a fluent builder for the ListStandardsControlAssociations operation. This operation supports pagination; See into_paginator().

• The fluent builder is configurable:
  • security_control_id(impl Into<String>) / set_security_control_id(Option<String>):
    required: true
    

    The identifier of the control (identified with SecurityControlId, SecurityControlArn, or a mix of both parameters) that you want to determine the enablement status of in each enabled standard.

    
    
  • next_token(impl Into<String>) / set_next_token(Option<String>):
    required: false
    

    Optional pagination parameter.

    
    
  • max_results(i32) / set_max_results(Option<i32>):
    required: false
    

    An optional parameter that limits the total results of the API response to the specified number. If this parameter isn’t provided in the request, the results include the first 25 standard and control associations. The results also include a NextToken parameter that you can use in a subsequent API call to get the next 25 associations. This repeats until all associations for the specified control are returned. The number of results is limited by the number of supported Security Hub standards that you’ve enabled in the calling account.

    
    
• On success, responds with ListStandardsControlAssociationsOutput with field(s):
  • standards_control_association_summaries(Option<Vec::<StandardsControlAssociationSummary>>):

    An array that provides the enablement status and other details for each security control that applies to each enabled standard.

  • next_token(Option<String>):

    A pagination parameter that’s included in the response only if it was included in the request.

• On failure, responds with SdkError<ListStandardsControlAssociationsError>

impl Client

pub fn list_tags_for_resource(&self) -> ListTagsForResourceFluentBuilder

Constructs a fluent builder for the ListTagsForResource operation.

• The fluent builder is configurable:
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: true
    

    The ARN of the resource to retrieve tags for.

    
    
• On success, responds with ListTagsForResourceOutput with field(s):
  • tags(Option<HashMap::<String, String>>):

    The tags associated with a resource.

• On failure, responds with SdkError<ListTagsForResourceError>

impl Client

pub fn start_configuration_policy_association( &self, ) -> StartConfigurationPolicyAssociationFluentBuilder

Constructs a fluent builder for the StartConfigurationPolicyAssociation operation.

• The fluent builder is configurable:
  • configuration_policy_identifier(impl Into<String>) / set_configuration_policy_identifier(Option<String>):
    required: true
    

    The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of SELF_MANAGED_SECURITY_HUB for a self-managed configuration.

    
    
  • target(Target) / set_target(Option<Target>):
    required: true
    

    The identifier of the target account, organizational unit, or the root to associate with the specified configuration.

    
    
• On success, responds with StartConfigurationPolicyAssociationOutput with field(s):
  • configuration_policy_id(Option<String>):

    The UUID of the configuration policy.

  • target_id(Option<String>):

    The identifier of the target account, organizational unit, or the organization root with which the configuration is associated.

  • target_type(Option<TargetType>):

    Indicates whether the target is an Amazon Web Services account, organizational unit, or the organization root.

  • association_type(Option<AssociationType>):

    Indicates whether the association between the specified target and the configuration was directly applied by the Security Hub delegated administrator or inherited from a parent.

  • updated_at(Option<DateTime>):

    The date and time, in UTC and ISO 8601 format, that the configuration policy association was last updated.

  • association_status(Option<ConfigurationPolicyAssociationStatus>):

    The current status of the association between the specified target and the configuration.

  • association_status_message(Option<String>):

    An explanation for a FAILED value for AssociationStatus.

• On failure, responds with SdkError<StartConfigurationPolicyAssociationError>

impl Client

pub fn start_configuration_policy_disassociation( &self, ) -> StartConfigurationPolicyDisassociationFluentBuilder

Constructs a fluent builder for the StartConfigurationPolicyDisassociation operation.

• The fluent builder is configurable:
  • target(Target) / set_target(Option<Target>):
    required: false
    

    The identifier of the target account, organizational unit, or the root to disassociate from the specified configuration.

    
    
  • configuration_policy_identifier(impl Into<String>) / set_configuration_policy_identifier(Option<String>):
    required: true
    

    The Amazon Resource Name (ARN) of a configuration policy, the universally unique identifier (UUID) of a configuration policy, or a value of SELF_MANAGED_SECURITY_HUB for a self-managed configuration.

    
    
• On success, responds with StartConfigurationPolicyDisassociationOutput
• On failure, responds with SdkError<StartConfigurationPolicyDisassociationError>

impl Client

pub fn tag_resource(&self) -> TagResourceFluentBuilder

Constructs a fluent builder for the TagResource operation.

• The fluent builder is configurable:
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: true
    

    The ARN of the resource to apply the tags to.

    
    
  • tags(impl Into<String>, impl Into<String>) / set_tags(Option<HashMap::<String, String>>):
    required: true
    

    The tags to add to the resource. You can add up to 50 tags at a time. The tag keys can be no longer than 128 characters. The tag values can be no longer than 256 characters.

    
    
• On success, responds with TagResourceOutput
• On failure, responds with SdkError<TagResourceError>

impl Client

pub fn untag_resource(&self) -> UntagResourceFluentBuilder

Constructs a fluent builder for the UntagResource operation.

• The fluent builder is configurable:
  • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
    required: true
    

    The ARN of the resource to remove the tags from.

    
    
  • tag_keys(impl Into<String>) / set_tag_keys(Option<Vec::<String>>):
    required: true
    

    The tag keys associated with the tags to remove from the resource. You can remove up to 50 tags at a time.

    
    
• On success, responds with UntagResourceOutput
• On failure, responds with SdkError<UntagResourceError>

impl Client

pub fn update_action_target(&self) -> UpdateActionTargetFluentBuilder

Constructs a fluent builder for the UpdateActionTarget operation.

• The fluent builder is configurable:
  • action_target_arn(impl Into<String>) / set_action_target_arn(Option<String>):
    required: true
    

    The ARN of the custom action target to update.

    
    
  • name(impl Into<String>) / set_name(Option<String>):
    required: false
    

    The updated name of the custom action target.

    
    
  • description(impl Into<String>) / set_description(Option<String>):
    required: false
    

    The updated description for the custom action target.

    
    
• On success, responds with UpdateActionTargetOutput
• On failure, responds with SdkError<UpdateActionTargetError>

impl Client

pub fn update_configuration_policy( &self, ) -> UpdateConfigurationPolicyFluentBuilder

Constructs a fluent builder for the UpdateConfigurationPolicy operation.

• The fluent builder is configurable:
  • identifier(impl Into<String>) / set_identifier(Option<String>):
    required: true
    

    The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.

    
    
  • name(impl Into<String>) / set_name(Option<String>):
    required: false
    

    The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, /.

    
    
  • description(impl Into<String>) / set_description(Option<String>):
    required: false
    

    The description of the configuration policy.

    
    
  • updated_reason(impl Into<String>) / set_updated_reason(Option<String>):
    required: false
    

    The reason for updating the configuration policy.

    
    
  • configuration_policy(Policy) / set_configuration_policy(Option<Policy>):
    required: false
    

    An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

    When updating a configuration policy, provide a complete list of standards that you want to enable and a complete list of controls that you want to enable or disable. The updated configuration replaces the current configuration.

    
    
• On success, responds with UpdateConfigurationPolicyOutput with field(s):
  • arn(Option<String>):

    The ARN of the configuration policy.

  • id(Option<String>):

    The UUID of the configuration policy.

  • name(Option<String>):

    The name of the configuration policy.

  • description(Option<String>):

    The description of the configuration policy.

  • updated_at(Option<DateTime>):

    The date and time, in UTC and ISO 8601 format, that the configuration policy was last updated.

  • created_at(Option<DateTime>):

    The date and time, in UTC and ISO 8601 format, that the configuration policy was created.

  • configuration_policy(Option<Policy>):

    An object that defines how Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If the request included a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If the request included a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).

• On failure, responds with SdkError<UpdateConfigurationPolicyError>

impl Client

pub fn update_finding_aggregator(&self) -> UpdateFindingAggregatorFluentBuilder

Constructs a fluent builder for the UpdateFindingAggregator operation.

• The fluent builder is configurable:
  • finding_aggregator_arn(impl Into<String>) / set_finding_aggregator_arn(Option<String>):
    required: true
    

    The ARN of the finding aggregator. To obtain the ARN, use ListFindingAggregators.

    
    
  • region_linking_mode(impl Into<String>) / set_region_linking_mode(Option<String>):
    required: true
    

    Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.

    The selected option also determines how to use the Regions provided in the Regions list.

    The options are as follows:

    • ALL_REGIONS - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

    • ALL_REGIONS_EXCEPT_SPECIFIED - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the Regions parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them.

    • SPECIFIED_REGIONS - Aggregates findings only from the Regions listed in the Regions parameter. Security Hub does not automatically aggregate findings from new Regions.

    • NO_REGIONS - Aggregates no data because no Regions are selected as linked Regions.

    
    
  • regions(impl Into<String>) / set_regions(Option<Vec::<String>>):
    required: false
    

    If RegionLinkingMode is ALL_REGIONS_EXCEPT_SPECIFIED, then this is a space-separated list of Regions that don’t replicate and send findings to the home Region.

    If RegionLinkingMode is SPECIFIED_REGIONS, then this is a space-separated list of Regions that do replicate and send findings to the home Region.

    An InvalidInputException error results if you populate this field while RegionLinkingMode is NO_REGIONS.

    
    
• On success, responds with UpdateFindingAggregatorOutput with field(s):
  • finding_aggregator_arn(Option<String>):

    The ARN of the finding aggregator.

  • finding_aggregation_region(Option<String>):

    The home Region. Findings generated in linked Regions are replicated and sent to the home Region.

  • region_linking_mode(Option<String>):

    Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions.

  • regions(Option<Vec::<String>>):

    The list of excluded Regions or included Regions.

• On failure, responds with SdkError<UpdateFindingAggregatorError>

impl Client

pub fn update_findings(&self) -> UpdateFindingsFluentBuilder

Constructs a fluent builder for the UpdateFindings operation.

• The fluent builder is configurable:
  • filters(AwsSecurityFindingFilters) / set_filters(Option<AwsSecurityFindingFilters>):
    required: true
    

    A collection of attributes that specify which findings you want to update.

    
    
  • note(NoteUpdate) / set_note(Option<NoteUpdate>):
    required: false
    

    The updated note for the finding.

    
    
  • record_state(RecordState) / set_record_state(Option<RecordState>):
    required: false
    

    The updated record state for the finding.

    
    
• On success, responds with UpdateFindingsOutput
• On failure, responds with SdkError<UpdateFindingsError>

impl Client

pub fn update_insight(&self) -> UpdateInsightFluentBuilder

Constructs a fluent builder for the UpdateInsight operation.

• The fluent builder is configurable:
  • insight_arn(impl Into<String>) / set_insight_arn(Option<String>):
    required: true
    

    The ARN of the insight that you want to update.

    
    
  • name(impl Into<String>) / set_name(Option<String>):
    required: false
    

    The updated name for the insight.

    
    
  • filters(AwsSecurityFindingFilters) / set_filters(Option<AwsSecurityFindingFilters>):
    required: false
    

    The updated filters that define this insight.

    
    
  • group_by_attribute(impl Into<String>) / set_group_by_attribute(Option<String>):
    required: false
    

    The updated GroupBy attribute that defines this insight.

    
    
• On success, responds with UpdateInsightOutput
• On failure, responds with SdkError<UpdateInsightError>

impl Client

pub fn update_organization_configuration( &self, ) -> UpdateOrganizationConfigurationFluentBuilder

Constructs a fluent builder for the UpdateOrganizationConfiguration operation.

• The fluent builder is configurable:
  • auto_enable(bool) / set_auto_enable(Option<bool>):
    required: true
    

    Whether to automatically enable Security Hub in new member accounts when they join the organization.

    If set to true, then Security Hub is automatically enabled in new accounts. If set to false, then Security Hub isn’t enabled in new accounts automatically. The default value is false.

    If the ConfigurationType of your organization is set to CENTRAL, then this field is set to false and can’t be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which Security Hub is enabled and associate the policy with new organization accounts.

    
    
  • auto_enable_standards(AutoEnableStandards) / set_auto_enable_standards(Option<AutoEnableStandards>):
    required: false
    

    Whether to automatically enable Security Hub default standards in new member accounts when they join the organization.

    The default value of this parameter is equal to DEFAULT.

    If equal to DEFAULT, then Security Hub default standards are automatically enabled for new member accounts. If equal to NONE, then default standards are not automatically enabled for new member accounts.

    If the ConfigurationType of your organization is set to CENTRAL, then this field is set to NONE and can’t be changed in the home Region and linked Regions. However, in that case, the delegated administrator can create a configuration policy in which specific security standards are enabled and associate the policy with new organization accounts.

    
    
  • organization_configuration(OrganizationConfiguration) / set_organization_configuration(Option<OrganizationConfiguration>):
    required: false
    

    Provides information about the way an organization is configured in Security Hub.

    
    
• On success, responds with UpdateOrganizationConfigurationOutput
• On failure, responds with SdkError<UpdateOrganizationConfigurationError>

impl Client

pub fn update_security_control(&self) -> UpdateSecurityControlFluentBuilder

Constructs a fluent builder for the UpdateSecurityControl operation.

• The fluent builder is configurable:
  • security_control_id(impl Into<String>) / set_security_control_id(Option<String>):
    required: true
    

    The Amazon Resource Name (ARN) or ID of the control to update.

    
    
  • parameters(impl Into<String>, ParameterConfiguration) / set_parameters(Option<HashMap::<String, ParameterConfiguration>>):
    required: true
    

    An object that specifies which security control parameters to update.

    
    
  • last_update_reason(impl Into<String>) / set_last_update_reason(Option<String>):
    required: false
    

    The most recent reason for updating the properties of the security control. This field accepts alphanumeric characters in addition to white spaces, dashes, and underscores.

    
    
• On success, responds with UpdateSecurityControlOutput
• On failure, responds with SdkError<UpdateSecurityControlError>

impl Client

pub fn update_security_hub_configuration( &self, ) -> UpdateSecurityHubConfigurationFluentBuilder

Constructs a fluent builder for the UpdateSecurityHubConfiguration operation.

• The fluent builder is configurable:
  • auto_enable_controls(bool) / set_auto_enable_controls(Option<bool>):
    required: false
    

    Whether to automatically enable new controls when they are added to standards that are enabled.

    By default, this is set to true, and new controls are enabled automatically. To not automatically enable new controls, set this to false.

    When you automatically enable new controls, you can interact with the controls in the console and programmatically immediately after release. However, automatically enabled controls have a temporary default status of DISABLED. It can take up to several days for Security Hub to process the control release and designate the control as ENABLED in your account. During the processing period, you can manually enable or disable a control, and Security Hub will maintain that designation regardless of whether you have AutoEnableControls set to true.

    
    
  • control_finding_generator(ControlFindingGenerator) / set_control_finding_generator(Option<ControlFindingGenerator>):
    required: false
    

    Updates whether the calling account has consolidated control findings turned on. If the value for this field is set to SECURITY_CONTROL, Security Hub generates a single finding for a control check even when the check applies to multiple enabled standards.

    If the value for this field is set to STANDARD_CONTROL, Security Hub generates separate findings for a control check when the check applies to multiple enabled standards.

    For accounts that are part of an organization, this value can only be updated in the administrator account.

    
    
• On success, responds with UpdateSecurityHubConfigurationOutput
• On failure, responds with SdkError<UpdateSecurityHubConfigurationError>

impl Client

pub fn update_standards_control(&self) -> UpdateStandardsControlFluentBuilder

Constructs a fluent builder for the UpdateStandardsControl operation.

• The fluent builder is configurable:
  • standards_control_arn(impl Into<String>) / set_standards_control_arn(Option<String>):
    required: true
    

    The ARN of the security standard control to enable or disable.

    
    
  • control_status(ControlStatus) / set_control_status(Option<ControlStatus>):
    required: false
    

    The updated status of the security standard control.

    
    
  • disabled_reason(impl Into<String>) / set_disabled_reason(Option<String>):
    required: false
    

    A description of the reason why you are disabling a security standard control. If you are disabling a control, then this is required.

    
    
• On success, responds with UpdateStandardsControlOutput
• On failure, responds with SdkError<UpdateStandardsControlError>

impl Client

pub fn from_conf(conf: Config) -> Self

Creates a new client from the service Config.

Panics

This method will panic in the following cases:

• Retries or timeouts are enabled without a sleep_impl configured.
• Identity caching is enabled without a sleep_impl and time_source configured.
• No behavior_version is provided.

The panic message for each of these will have instructions on how to resolve them.

pub fn config(&self) -> &Config

Returns the client’s configuration.

impl Client

pub fn new(sdk_config: &SdkConfig) -> Self

Creates a new client from an SDK Config.

Panics

• This method will panic if the sdk_config is missing an async sleep implementation. If you experience this panic, set the sleep_impl on the Config passed into this function to fix it.
• This method will panic if the sdk_config is missing an HTTP connector. If you experience this panic, set the http_connector on the Config passed into this function to fix it.
• This method will panic if no BehaviorVersion is provided. If you experience this panic, set behavior_version on the Config or enable the behavior-version-latest Cargo feature.

Trait Implementations

impl Clone for Client

fn clone(&self) -> Client

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Client

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.