docs(client-auditmanager): This release adds documentation updates for Audit Manager. We provided examples of how to use the Custom_ prefix for the keywordValue attribute. We also provided more details about the DeleteAssessmentReport operation.

awstools · awstools · commit ff576e7aca6f · 2022-04-28T19:37:02.000Z
diff --git a/clients/client-auditmanager/src/AuditManager.ts b/clients/client-auditmanager/src/AuditManager.ts
@@ -757,7 +757,27 @@ export class AuditManager extends AuditManagerClient {
   }
 
   /**
-   * <p> Deletes an assessment report from an assessment in Audit Manager. </p>
+   * <p>Deletes an assessment report in Audit Manager. </p>
+   *          <p>When you run the <code>DeleteAssessmentReport</code> operation, Audit Manager attempts to delete the following data:</p>
+   *          <ol>
+   *             <li>
+   *                <p>The specified assessment report that’s stored in your S3 bucket</p>
+   *             </li>
+   *             <li>
+   *                <p>The associated metadata that’s stored in Audit Manager</p>
+   *             </li>
+   *          </ol>
+   *          <p>If Audit Manager can’t access the assessment report in your S3 bucket, the report
+   *          isn’t deleted. In this event, the <code>DeleteAssessmentReport</code> operation doesn’t
+   *          fail. Instead, it proceeds to delete the associated metadata only. You must then delete the
+   *          assessment report from the S3 bucket yourself. </p>
+   *          <p>This scenario happens when Audit Manager receives a <code>403 (Forbidden)</code> or
+   *             <code>404 (Not Found)</code> error from Amazon S3. To avoid this, make sure that
+   *          your S3 bucket is available, and that you configured the correct permissions for Audit Manager to delete resources in your S3 bucket. For an example permissions policy that
+   *          you can use, see <a href="https://docs.aws.amazon.com/audit-manager/latest/userguide/security_iam_id-based-policy-examples.html#full-administrator-access-assessment-report-destination">Assessment report destination permissions</a> in the <i>Audit Manager User Guide</i>. For information about the issues that could cause a <code>403
+   *             (Forbidden)</code> or <code>404 (Not Found</code>) error from Amazon S3, see
+   *             <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList">List of Error Codes</a> in the <i>Amazon Simple Storage Service API
+   *             Reference</i>. </p>
    */
   public deleteAssessmentReport(
     args: DeleteAssessmentReportCommandInput,
diff --git a/clients/client-auditmanager/src/commands/DeleteAssessmentReportCommand.ts b/clients/client-auditmanager/src/commands/DeleteAssessmentReportCommand.ts
@@ -22,7 +22,27 @@ export interface DeleteAssessmentReportCommandInput extends DeleteAssessmentRepo
 export interface DeleteAssessmentReportCommandOutput extends DeleteAssessmentReportResponse, __MetadataBearer {}
 
 /**
- * <p> Deletes an assessment report from an assessment in Audit Manager. </p>
+ * <p>Deletes an assessment report in Audit Manager. </p>
+ *          <p>When you run the <code>DeleteAssessmentReport</code> operation, Audit Manager attempts to delete the following data:</p>
+ *          <ol>
+ *             <li>
+ *                <p>The specified assessment report that’s stored in your S3 bucket</p>
+ *             </li>
+ *             <li>
+ *                <p>The associated metadata that’s stored in Audit Manager</p>
+ *             </li>
+ *          </ol>
+ *          <p>If Audit Manager can’t access the assessment report in your S3 bucket, the report
+ *          isn’t deleted. In this event, the <code>DeleteAssessmentReport</code> operation doesn’t
+ *          fail. Instead, it proceeds to delete the associated metadata only. You must then delete the
+ *          assessment report from the S3 bucket yourself. </p>
+ *          <p>This scenario happens when Audit Manager receives a <code>403 (Forbidden)</code> or
+ *             <code>404 (Not Found)</code> error from Amazon S3. To avoid this, make sure that
+ *          your S3 bucket is available, and that you configured the correct permissions for Audit Manager to delete resources in your S3 bucket. For an example permissions policy that
+ *          you can use, see <a href="https://docs.aws.amazon.com/audit-manager/latest/userguide/security_iam_id-based-policy-examples.html#full-administrator-access-assessment-report-destination">Assessment report destination permissions</a> in the <i>Audit Manager User Guide</i>. For information about the issues that could cause a <code>403
+ *             (Forbidden)</code> or <code>404 (Not Found</code>) error from Amazon S3, see
+ *             <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList">List of Error Codes</a> in the <i>Amazon Simple Storage Service API
+ *             Reference</i>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/clients/client-auditmanager/src/models/models_0.ts b/clients/client-auditmanager/src/models/models_0.ts
@@ -1804,13 +1804,75 @@ export enum KeywordInputType {
  */
 export interface SourceKeyword {
   /**
-   * <p> The method of input for the keyword. </p>
+   * <p> The input method for the keyword. </p>
    */
   keywordInputType?: KeywordInputType | string;
 
   /**
-   * <p> The value of the keyword that's used to search CloudTrail logs, Config rules, Security Hub checks, and Amazon Web Services API names
-   *          when mapping a control data source. </p>
+   * <p> The value of the keyword that's used when mapping a control data source. For example,
+   *          this can be a CloudTrail event name, a rule name for Config, a
+   *             Security Hub control, or the name of an Amazon Web Services API call. </p>
+   *          <p>If you’re mapping a data source to a rule in Config, the
+   *             <code>keywordValue</code> that you specify depends on the type of rule:</p>
+   *          <ul>
+   *             <li>
+   *                <p>For <a href="https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html">managed rules</a>, you can use the rule identifier as the
+   *                   <code>keywordValue</code>. You can find the rule identifier from the <a href="https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html">list of Config managed rules</a>.</p>
+   *                <ul>
+   *                   <li>
+   *                      <p>Managed rule name: <a href="https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-acl-prohibited.html">s3-bucket-acl-prohibited</a>
+   *                      </p>
+   *                      <p>
+   *                         <code>keywordValue</code>: <code>S3_BUCKET_ACL_PROHIBITED</code>
+   *                      </p>
+   *                   </li>
+   *                </ul>
+   *             </li>
+   *             <li>
+   *                <p>For <a href="https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html">custom rules</a>, you form the <code>keywordValue</code>
+   *                by adding the <code>Custom_</code> prefix to the rule name. This prefix distinguishes
+   *                the rule from a managed rule.</p>
+   *                <ul>
+   *                   <li>
+   *                      <p>Custom rule name: my-custom-config-rule</p>
+   *                      <p>
+   *                         <code>keywordValue</code>: <code>Custom_my-custom-config-rule</code>
+   *                      </p>
+   *                   </li>
+   *                </ul>
+   *             </li>
+   *             <li>
+   *                <p>For <a href="https://docs.aws.amazon.com/config/latest/developerguide/service-linked-awsconfig-rules.html">service-linked rules</a>, you form the
+   *                   <code>keywordValue</code> by adding the <code>Custom_</code> prefix to the rule
+   *                name. In addition, you remove the suffix ID that appears at the end of the rule
+   *                name.</p>
+   *                <ul>
+   *                   <li>
+   *                      <p>Service-linked rule name:
+   *                      CustomRuleForAccount-conformance-pack-szsm1uv0w</p>
+   *                      <p>
+   *                         <code>keywordValue</code>:
+   *                         <code>Custom_CustomRuleForAccount-conformance-pack</code>
+   *                      </p>
+   *                   </li>
+   *                   <li>
+   *                      <p>Service-linked rule name: securityhub-api-gw-cache-encrypted-101104e1</p>
+   *                      <p>
+   *                         <code>keywordValue</code>:
+   *                         <code>Custom_securityhub-api-gw-cache-encrypted</code>
+   *                      </p>
+   *                   </li>
+   *                   <li>
+   *                      <p>Service-linked rule name:
+   *                      OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba</p>
+   *                      <p>
+   *                         <code>keywordValue</code>:
+   *                         <code>Custom_OrgConfigRule-s3-bucket-versioning-enabled</code>
+   *                      </p>
+   *                   </li>
+   *                </ul>
+   *             </li>
+   *          </ul>
    */
   keywordValue?: string;
 }
diff --git a/codegen/sdk-codegen/aws-models/auditmanager.json b/codegen/sdk-codegen/aws-models/auditmanager.json
@@ -3295,7 +3295,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p> Deletes an assessment report from an assessment in Audit Manager. </p>",
+        "smithy.api#documentation": "<p>Deletes an assessment report in Audit Manager. </p>\n         <p>When you run the <code>DeleteAssessmentReport</code> operation, Audit Manager attempts to delete the following data:</p>\n         <ol>\n            <li>\n               <p>The specified assessment report that’s stored in your S3 bucket</p>\n            </li>\n            <li>\n               <p>The associated metadata that’s stored in Audit Manager</p>\n            </li>\n         </ol>\n         <p>If Audit Manager can’t access the assessment report in your S3 bucket, the report\n         isn’t deleted. In this event, the <code>DeleteAssessmentReport</code> operation doesn’t\n         fail. Instead, it proceeds to delete the associated metadata only. You must then delete the\n         assessment report from the S3 bucket yourself. </p>\n         <p>This scenario happens when Audit Manager receives a <code>403 (Forbidden)</code> or\n            <code>404 (Not Found)</code> error from Amazon S3. To avoid this, make sure that\n         your S3 bucket is available, and that you configured the correct permissions for Audit Manager to delete resources in your S3 bucket. For an example permissions policy that\n         you can use, see <a href=\"https://docs.aws.amazon.com/audit-manager/latest/userguide/security_iam_id-based-policy-examples.html#full-administrator-access-assessment-report-destination\">Assessment report destination permissions</a> in the <i>Audit Manager User Guide</i>. For information about the issues that could cause a <code>403\n            (Forbidden)</code> or <code>404 (Not Found</code>) error from Amazon S3, see\n            <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList\">List of Error Codes</a> in the <i>Amazon Simple Storage Service API\n            Reference</i>. </p>",
         "smithy.api#http": {
           "method": "DELETE",
           "uri": "/assessments/{assessmentId}/reports/{assessmentReportId}",
@@ -6743,13 +6743,13 @@
         "keywordInputType": {
           "target": "com.amazonaws.auditmanager#KeywordInputType",
           "traits": {
-            "smithy.api#documentation": "<p> The method of input for the keyword. </p>"
+            "smithy.api#documentation": "<p> The input method for the keyword. </p>"
           }
         },
         "keywordValue": {
           "target": "com.amazonaws.auditmanager#KeywordValue",
           "traits": {
-            "smithy.api#documentation": "<p> The value of the keyword that's used to search CloudTrail logs, Config rules, Security Hub checks, and Amazon Web Services API names\n         when mapping a control data source. </p>"
+            "smithy.api#documentation": "<p> The value of the keyword that's used when mapping a control data source. For example,\n         this can be a CloudTrail event name, a rule name for Config, a\n            Security Hub control, or the name of an Amazon Web Services API call. </p>\n         <p>If you’re mapping a data source to a rule in Config, the\n            <code>keywordValue</code> that you specify depends on the type of rule:</p>\n         <ul>\n            <li>\n               <p>For <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html\">managed rules</a>, you can use the rule identifier as the\n                  <code>keywordValue</code>. You can find the rule identifier from the <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html\">list of Config managed rules</a>.</p>\n               <ul>\n                  <li>\n                     <p>Managed rule name: <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-acl-prohibited.html\">s3-bucket-acl-prohibited</a>\n                     </p>\n                     <p>\n                        <code>keywordValue</code>: <code>S3_BUCKET_ACL_PROHIBITED</code>\n                     </p>\n                  </li>\n               </ul>\n            </li>\n            <li>\n               <p>For <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html\">custom rules</a>, you form the <code>keywordValue</code>\n               by adding the <code>Custom_</code> prefix to the rule name. This prefix distinguishes\n               the rule from a managed rule.</p>\n               <ul>\n                  <li>\n                     <p>Custom rule name: my-custom-config-rule</p>\n                     <p>\n                        <code>keywordValue</code>: <code>Custom_my-custom-config-rule</code>\n                     </p>\n                  </li>\n               </ul>\n            </li>\n            <li>\n               <p>For <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/service-linked-awsconfig-rules.html\">service-linked rules</a>, you form the\n                  <code>keywordValue</code> by adding the <code>Custom_</code> prefix to the rule\n               name. In addition, you remove the suffix ID that appears at the end of the rule\n               name.</p>\n               <ul>\n                  <li>\n                     <p>Service-linked rule name:\n                     CustomRuleForAccount-conformance-pack-szsm1uv0w</p>\n                     <p>\n                        <code>keywordValue</code>:\n                        <code>Custom_CustomRuleForAccount-conformance-pack</code>\n                     </p>\n                  </li>\n                  <li>\n                     <p>Service-linked rule name: securityhub-api-gw-cache-encrypted-101104e1</p>\n                     <p>\n                        <code>keywordValue</code>:\n                        <code>Custom_securityhub-api-gw-cache-encrypted</code>\n                     </p>\n                  </li>\n                  <li>\n                     <p>Service-linked rule name:\n                     OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba</p>\n                     <p>\n                        <code>keywordValue</code>:\n                        <code>Custom_OrgConfigRule-s3-bucket-versioning-enabled</code>\n                     </p>\n                  </li>\n               </ul>\n            </li>\n         </ul>"
           }
         }
       },

Original file line number	Diff line number	Diff line change
`@@ -3295,7 +3295,7 @@`
`3295`	`3295`	`}`
`3296`	`3296`	`],`
`3297`	`3297`	`"traits": {`
`3298`		`- "smithy.api#documentation": "<p> Deletes an assessment report from an assessment in Audit Manager. </p>",`
	`3298`	+ "smithy.api#documentation": "<p>Deletes an assessment report in Audit Manager. </p>\n <p>When you run the <code>DeleteAssessmentReport</code> operation, Audit Manager attempts to delete the following data:</p>\n <ol>\n <li>\n <p>The specified assessment report that’s stored in your S3 bucket</p>\n </li>\n <li>\n <p>The associated metadata that’s stored in Audit Manager</p>\n </li>\n </ol>\n <p>If Audit Manager can’t access the assessment report in your S3 bucket, the report\n isn’t deleted. In this event, the <code>DeleteAssessmentReport</code> operation doesn’t\n fail. Instead, it proceeds to delete the associated metadata only. You must then delete the\n assessment report from the S3 bucket yourself. </p>\n <p>This scenario happens when Audit Manager receives a <code>403 (Forbidden)</code> or\n <code>404 (Not Found)</code> error from Amazon S3. To avoid this, make sure that\n your S3 bucket is available, and that you configured the correct permissions for Audit Manager to delete resources in your S3 bucket. For an example permissions policy that\n you can use, see <a href=\"https://docs.aws.amazon.com/audit-manager/latest/userguide/security_iam_id-based-policy-examples.html#full-administrator-access-assessment-report-destination\">Assessment report destination permissions</a> in the <i>Audit Manager User Guide</i>. For information about the issues that could cause a <code>403\n (Forbidden)</code> or <code>404 (Not Found</code>) error from Amazon S3, see\n <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html#ErrorCodeList\">List of Error Codes</a> in the <i>Amazon Simple Storage Service API\n Reference</i>. </p>",
`3299`	`3299`	`"smithy.api#http": {`
`3300`	`3300`	`"method": "DELETE",`
`3301`	`3301`	`"uri": "/assessments/{assessmentId}/reports/{assessmentReportId}",`
`@@ -6743,13 +6743,13 @@`
`6743`	`6743`	`"keywordInputType": {`
`6744`	`6744`	`"target": "com.amazonaws.auditmanager#KeywordInputType",`
`6745`	`6745`	`"traits": {`
`6746`		`- "smithy.api#documentation": "<p> The method of input for the keyword. </p>"`
	`6746`	`+ "smithy.api#documentation": "<p> The input method for the keyword. </p>"`
`6747`	`6747`	`}`
`6748`	`6748`	`},`
`6749`	`6749`	`"keywordValue": {`
`6750`	`6750`	`"target": "com.amazonaws.auditmanager#KeywordValue",`
`6751`	`6751`	`"traits": {`
`6752`		`- "smithy.api#documentation": "<p> The value of the keyword that's used to search CloudTrail logs, Config rules, Security Hub checks, and Amazon Web Services API names\n when mapping a control data source. </p>"`
	`6752`	+ "smithy.api#documentation": "<p> The value of the keyword that's used when mapping a control data source. For example,\n this can be a CloudTrail event name, a rule name for Config, a\n Security Hub control, or the name of an Amazon Web Services API call. </p>\n <p>If you’re mapping a data source to a rule in Config, the\n <code>keywordValue</code> that you specify depends on the type of rule:</p>\n <ul>\n <li>\n <p>For <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html\">managed rules</a>, you can use the rule identifier as the\n <code>keywordValue</code>. You can find the rule identifier from the <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html\">list of Config managed rules</a>.</p>\n <ul>\n <li>\n <p>Managed rule name: <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-acl-prohibited.html\">s3-bucket-acl-prohibited</a>\n </p>\n <p>\n <code>keywordValue</code>: <code>S3_BUCKET_ACL_PROHIBITED</code>\n </p>\n </li>\n </ul>\n </li>\n <li>\n <p>For <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html\">custom rules</a>, you form the <code>keywordValue</code>\n by adding the <code>Custom_</code> prefix to the rule name. This prefix distinguishes\n the rule from a managed rule.</p>\n <ul>\n <li>\n <p>Custom rule name: my-custom-config-rule</p>\n <p>\n <code>keywordValue</code>: <code>Custom_my-custom-config-rule</code>\n </p>\n </li>\n </ul>\n </li>\n <li>\n <p>For <a href=\"https://docs.aws.amazon.com/config/latest/developerguide/service-linked-awsconfig-rules.html\">service-linked rules</a>, you form the\n <code>keywordValue</code> by adding the <code>Custom_</code> prefix to the rule\n name. In addition, you remove the suffix ID that appears at the end of the rule\n name.</p>\n <ul>\n <li>\n <p>Service-linked rule name:\n CustomRuleForAccount-conformance-pack-szsm1uv0w</p>\n <p>\n <code>keywordValue</code>:\n <code>Custom_CustomRuleForAccount-conformance-pack</code>\n </p>\n </li>\n <li>\n <p>Service-linked rule name: securityhub-api-gw-cache-encrypted-101104e1</p>\n <p>\n <code>keywordValue</code>:\n <code>Custom_securityhub-api-gw-cache-encrypted</code>\n </p>\n </li>\n <li>\n <p>Service-linked rule name:\n OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba</p>\n <p>\n <code>keywordValue</code>:\n <code>Custom_OrgConfigRule-s3-bucket-versioning-enabled</code>\n </p>\n </li>\n </ul>\n </li>\n </ul>"
`6753`	`6753`	`}`
`6754`	`6754`	`}`
`6755`	`6755`	`},`