feat(client-guardduty): Add RDS Provisioned and Serverless Usage types

Author: awstools

clients/client-guardduty/src/commands/CreateDetectorCommand.ts

@@ -28,10 +28,26 @@ export interface CreateDetectorCommandOutput extends CreateDetectorResponse, __M
 
 /**
  * @public
- * <p>Creates a single Amazon GuardDuty detector. A detector is a resource that represents the
+ * <p>Creates a single GuardDuty detector. A detector is a resource that represents the
  *       GuardDuty service. To start using GuardDuty, you must create a detector in each Region where
  *       you enable the service. You can have only one detector per account per Region. All data
  *       sources are enabled in a new detector by default.</p>
+ *          <ul>
+ *             <li>
+ *                <p>When you don't specify any <code>features</code>, with an
+ *           exception to <code>RUNTIME_MONITORING</code>, all the optional features are
+ *           enabled by default.</p>
+ *             </li>
+ *             <li>
+ *                <p>When you specify some of the <code>features</code>, any feature that is not specified in the
+ *           API call gets enabled by default, with an exception to <code>RUNTIME_MONITORING</code>. </p>
+ *             </li>
+ *          </ul>
+ *          <p>Specifying both EKS Runtime Monitoring (<code>EKS_RUNTIME_MONITORING</code>)
+ *       and Runtime Monitoring (<code>RUNTIME_MONITORING</code>) will cause an error.
+ *       You can add only one of these two features because Runtime Monitoring already includes the
+ *       threat detection for Amazon EKS resources. For more information, see
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html">Runtime Monitoring</a>.</p>
  *          <p>There might be regional differences because some data sources might not be
  *       available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more
  *       information, see <a href="https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html">Regions and endpoints</a>.</p>

clients/client-guardduty/src/commands/GetOrganizationStatisticsCommand.ts

@@ -28,10 +28,9 @@ export interface GetOrganizationStatisticsCommandOutput extends GetOrganizationS
 
 /**
  * @public
- * <p>Retrieves how many active member accounts
- *       in your Amazon Web Services organization have
+ * <p>Retrieves how many active member accounts have
  *       each feature enabled within GuardDuty. Only a delegated GuardDuty administrator of an organization can run this API.</p>
- *          <p>When you create a new Amazon Web Services organization, it might take up to 24
+ *          <p>When you create a new organization, it might take up to 24
  *       hours to generate the statistics for the entire organization.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-guardduty/src/commands/GetUsageStatisticsCommand.ts

@@ -52,7 +52,7 @@ export interface GetUsageStatisticsCommandOutput extends GetUsageStatisticsRespo
  *       "STRING_VALUE",
  *     ],
  *     Features: [ // UsageFeatureList
- *       "FLOW_LOGS" || "CLOUD_TRAIL" || "DNS_LOGS" || "S3_DATA_EVENTS" || "EKS_AUDIT_LOGS" || "EBS_MALWARE_PROTECTION" || "RDS_LOGIN_EVENTS" || "LAMBDA_NETWORK_LOGS" || "EKS_RUNTIME_MONITORING" || "FARGATE_RUNTIME_MONITORING" || "EC2_RUNTIME_MONITORING",
+ *       "FLOW_LOGS" || "CLOUD_TRAIL" || "DNS_LOGS" || "S3_DATA_EVENTS" || "EKS_AUDIT_LOGS" || "EBS_MALWARE_PROTECTION" || "RDS_LOGIN_EVENTS" || "LAMBDA_NETWORK_LOGS" || "EKS_RUNTIME_MONITORING" || "FARGATE_RUNTIME_MONITORING" || "EC2_RUNTIME_MONITORING" || "RDS_DBI_PROTECTION_PROVISIONED" || "RDS_DBI_PROTECTION_SERVERLESS",
  *     ],
  *   },
  *   Unit: "STRING_VALUE",
@@ -74,7 +74,7 @@ export interface GetUsageStatisticsCommandOutput extends GetUsageStatisticsRespo
  * //     ],
  * //     TopAccountsByFeature: [ // UsageTopAccountsResultList
  * //       { // UsageTopAccountsResult
- * //         Feature: "FLOW_LOGS" || "CLOUD_TRAIL" || "DNS_LOGS" || "S3_DATA_EVENTS" || "EKS_AUDIT_LOGS" || "EBS_MALWARE_PROTECTION" || "RDS_LOGIN_EVENTS" || "LAMBDA_NETWORK_LOGS" || "EKS_RUNTIME_MONITORING" || "FARGATE_RUNTIME_MONITORING" || "EC2_RUNTIME_MONITORING",
+ * //         Feature: "FLOW_LOGS" || "CLOUD_TRAIL" || "DNS_LOGS" || "S3_DATA_EVENTS" || "EKS_AUDIT_LOGS" || "EBS_MALWARE_PROTECTION" || "RDS_LOGIN_EVENTS" || "LAMBDA_NETWORK_LOGS" || "EKS_RUNTIME_MONITORING" || "FARGATE_RUNTIME_MONITORING" || "EC2_RUNTIME_MONITORING" || "RDS_DBI_PROTECTION_PROVISIONED" || "RDS_DBI_PROTECTION_SERVERLESS",
  * //         Accounts: [ // UsageTopAccountsByFeatureList
  * //           { // UsageTopAccountResult
  * //             AccountId: "STRING_VALUE",
@@ -115,7 +115,7 @@ export interface GetUsageStatisticsCommandOutput extends GetUsageStatisticsRespo
  * //     ],
  * //     SumByFeature: [ // UsageFeatureResultList
  * //       { // UsageFeatureResult
- * //         Feature: "FLOW_LOGS" || "CLOUD_TRAIL" || "DNS_LOGS" || "S3_DATA_EVENTS" || "EKS_AUDIT_LOGS" || "EBS_MALWARE_PROTECTION" || "RDS_LOGIN_EVENTS" || "LAMBDA_NETWORK_LOGS" || "EKS_RUNTIME_MONITORING" || "FARGATE_RUNTIME_MONITORING" || "EC2_RUNTIME_MONITORING",
+ * //         Feature: "FLOW_LOGS" || "CLOUD_TRAIL" || "DNS_LOGS" || "S3_DATA_EVENTS" || "EKS_AUDIT_LOGS" || "EBS_MALWARE_PROTECTION" || "RDS_LOGIN_EVENTS" || "LAMBDA_NETWORK_LOGS" || "EKS_RUNTIME_MONITORING" || "FARGATE_RUNTIME_MONITORING" || "EC2_RUNTIME_MONITORING" || "RDS_DBI_PROTECTION_PROVISIONED" || "RDS_DBI_PROTECTION_SERVERLESS",
  * //         Total: "<Total>",
  * //       },
  * //     ],

clients/client-guardduty/src/commands/StartMalwareScanCommand.ts

@@ -28,8 +28,10 @@ export interface StartMalwareScanCommandOutput extends StartMalwareScanResponse,
 
 /**
  * @public
- * <p>Initiates the malware scan. Invoking this API will automatically create the <a href="https://docs.aws.amazon.com/guardduty/latest/ug/slr-permissions-malware-protection.html">Service-linked role </a> in
+ * <p>Initiates the malware scan. Invoking this API will automatically create the <a href="https://docs.aws.amazon.com/guardduty/latest/ug/slr-permissions-malware-protection.html">Service-linked role</a> in
  *       the corresponding account.</p>
+ *          <p>When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information,
+ *       see <a href="https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DescribeMalwareScans.html">DescribeMalwareScans</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-guardduty/src/commands/UpdateDetectorCommand.ts

@@ -28,7 +28,12 @@ export interface UpdateDetectorCommandOutput extends UpdateDetectorResponse, __M
 
 /**
  * @public
- * <p>Updates the GuardDuty detector specified by the detectorId.</p>
+ * <p>Updates the GuardDuty detector specified by the detector ID.</p>
+ *          <p>Specifying both EKS Runtime Monitoring (<code>EKS_RUNTIME_MONITORING</code>)
+ *       and Runtime Monitoring (<code>RUNTIME_MONITORING</code>) will cause an error.
+ *       You can add only one of these two features because Runtime Monitoring already includes the
+ *       threat detection for Amazon EKS resources. For more information, see
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html">Runtime Monitoring</a>.</p>
  *          <p>There might be regional differences because some data sources might not be
  *       available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more
  *       information, see <a href="https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html">Regions and endpoints</a>.</p>

clients/client-guardduty/src/commands/UpdateMemberDetectorsCommand.ts

@@ -29,6 +29,11 @@ export interface UpdateMemberDetectorsCommandOutput extends UpdateMemberDetector
 /**
  * @public
  * <p>Contains information on member accounts to be updated.</p>
+ *          <p>Specifying both EKS Runtime Monitoring (<code>EKS_RUNTIME_MONITORING</code>)
+ *       and Runtime Monitoring (<code>RUNTIME_MONITORING</code>) will cause an error.
+ *       You can add only one of these two features because Runtime Monitoring already includes the
+ *       threat detection for Amazon EKS resources. For more information, see
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html">Runtime Monitoring</a>.</p>
  *          <p>There might be regional differences because some data sources might not be
  *       available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more
  *       information, see <a href="https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html">Regions and endpoints</a>.</p>

clients/client-guardduty/src/commands/UpdateOrganizationConfigurationCommand.ts

@@ -35,6 +35,11 @@ export interface UpdateOrganizationConfigurationCommandOutput
  * @public
  * <p>Configures the delegated administrator account with the provided values. You must provide
  *       a value for either <code>autoEnableOrganizationMembers</code> or <code>autoEnable</code>, but not both. </p>
+ *          <p>Specifying both EKS Runtime Monitoring (<code>EKS_RUNTIME_MONITORING</code>)
+ *       and Runtime Monitoring (<code>RUNTIME_MONITORING</code>) will cause an error.
+ *       You can add only one of these two features because Runtime Monitoring already includes the
+ *       threat detection for Amazon EKS resources. For more information, see
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html">Runtime Monitoring</a>.</p>
  *          <p>There might be regional differences because some data sources might not be
  *       available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more
  *       information, see <a href="https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html">Regions and endpoints</a>.</p>

clients/client-guardduty/src/models/models_0.ts

@@ -2242,6 +2242,11 @@ export type DetectorFeature = (typeof DetectorFeature)[keyof typeof DetectorFeat
 /**
  * @public
  * <p>Contains information about a GuardDuty feature.</p>
+ *          <p>Specifying both EKS Runtime Monitoring (<code>EKS_RUNTIME_MONITORING</code>)
+ *       and Runtime Monitoring (<code>RUNTIME_MONITORING</code>) will cause an error.
+ *       You can add only one of these two features because Runtime Monitoring already includes the
+ *       threat detection for Amazon EKS resources. For more information, see
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html">Runtime Monitoring</a>.</p>
  */
 export interface DetectorFeatureConfiguration {
   /**
@@ -4152,26 +4157,31 @@ export interface DescribeOrganizationConfigurationResponse {
 
   /**
    * @public
-   * <p>Indicates the auto-enablement configuration of GuardDuty for the member accounts in the
+   * <p>Indicates the auto-enablement configuration of GuardDuty or any of the corresponding protection plans for the member accounts in the
    *       organization.</p>
    *          <ul>
    *             <li>
    *                <p>
    *                   <code>NEW</code>: Indicates that when a new account joins the organization, they will
-   *           have GuardDuty enabled automatically. </p>
+   *           have GuardDuty or any of the corresponding protection plans enabled automatically. </p>
    *             </li>
    *             <li>
    *                <p>
-   *                   <code>ALL</code>: Indicates that all accounts in the organization have GuardDuty
-   *           enabled automatically. This includes <code>NEW</code> accounts that join the organization
+   *                   <code>ALL</code>: Indicates that all accounts in the organization have GuardDuty and any of the corresponding
+   *           protection plans enabled automatically. This includes <code>NEW</code> accounts that join the organization
    *           and accounts that may have been suspended or removed from the organization in
    *           GuardDuty.</p>
    *             </li>
    *             <li>
    *                <p>
-   *                   <code>NONE</code>: Indicates that GuardDuty will not be automatically enabled for any
+   *                   <code>NONE</code>: Indicates that GuardDuty or any of the corresponding protection plans
+   *           will not be automatically enabled for any
    *           account in the organization. The administrator must manage GuardDuty for each account in
    *           the organization individually.</p>
+   *                <p>When you update the auto-enable setting from <code>ALL</code> or <code>NEW</code> to
+   *         <code>NONE</code>, this action doesn't disable the corresponding option for your existing accounts. This
+   *         configuration will apply to the new accounts that join the organization. After you update the auto-enable settings,
+   *         no new account will have the corresponding option as enabled.</p>
    *             </li>
    *          </ul>
    */
@@ -4339,6 +4349,11 @@ export type DetectorFeatureResult = (typeof DetectorFeatureResult)[keyof typeof
 /**
  * @public
  * <p>Contains information about a GuardDuty feature.</p>
+ *          <p>Specifying both EKS Runtime Monitoring (<code>EKS_RUNTIME_MONITORING</code>)
+ *       and Runtime Monitoring (<code>RUNTIME_MONITORING</code>) will cause an error.
+ *       You can add only one of these two features because Runtime Monitoring already includes the
+ *       threat detection for Amazon EKS resources. For more information, see
+ *       <a href="https://docs.aws.amazon.com/guardduty/latest/ug/runtime-monitoring.html">Runtime Monitoring</a>.</p>
  */
 export interface DetectorFeatureConfigurationResult {
   /**
@@ -7199,6 +7214,8 @@ export const UsageFeature = {
   FARGATE_RUNTIME_MONITORING: "FARGATE_RUNTIME_MONITORING",
   FLOW_LOGS: "FLOW_LOGS",
   LAMBDA_NETWORK_LOGS: "LAMBDA_NETWORK_LOGS",
+  RDS_DBI_PROTECTION_PROVISIONED: "RDS_DBI_PROTECTION_PROVISIONED",
+  RDS_DBI_PROTECTION_SERVERLESS: "RDS_DBI_PROTECTION_SERVERLESS",
   RDS_LOGIN_EVENTS: "RDS_LOGIN_EVENTS",
   S3_DATA_EVENTS: "S3_DATA_EVENTS",
 } as const;

clients/client-guardduty/src/models/models_1.ts

@@ -1342,6 +1342,10 @@ export interface UpdateOrganizationConfigurationRequest {
    *                <p>
    *                   <code>NONE</code>: Indicates that GuardDuty will not be automatically enabled for any
    *           account in the organization. The administrator must manage GuardDuty for each account in the organization individually.</p>
+   *                <p>When you update the auto-enable setting from <code>ALL</code> or <code>NEW</code> to
+   *           <code>NONE</code>, this action doesn't disable the corresponding option for your existing accounts. This
+   *           configuration will apply to the new accounts that join the organization. After you update the auto-enable settings,
+   *           no new account will have the corresponding option as enabled.</p>
    *             </li>
    *          </ul>
    */