All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.amazonaws.services.auditmanager.model.SourceKeyword Maven / Gradle / Ivy

/*
 * Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
 * the License. A copy of the License is located at
 * 
 * http://aws.amazon.com/apache2.0
 * 
 * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 * and limitations under the License.
 */
package com.amazonaws.services.auditmanager.model;

import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;

/**
 * 

* A keyword that relates to the control data source. *

*

* For manual evidence, this keyword indicates if the manual evidence is a file or text. *

*

* For automated evidence, this keyword identifies a specific CloudTrail event, Config rule, Security Hub control, or * Amazon Web Services API name. *

*

* To learn more about the supported keywords that you can use when mapping a control data source, see the following * pages in the Audit Manager User Guide: *

* * * @see AWS API * Documentation */ @Generated("com.amazonaws:aws-java-sdk-code-generator") public class SourceKeyword implements Serializable, Cloneable, StructuredPojo { /** *

* The input method for the keyword. *

*
    *
  • *

    * SELECT_FROM_LIST is used when mapping a data source for automated evidence. *

    *
      *
    • *

      * When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect * automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call. *

      *
    • *
    *
  • *
  • *

    * UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual * evidence. *

    *
      *
    • *

      * When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual evidence. *

      *
    • *
    • *

      * When keywordInputType is INPUT_TEXT, text must be entered as manual evidence. *

      *
    • *
    *
  • *
*/ private String keywordInputType; /** *

* The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail * event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call. *

*

* If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on * the type of rule: *

*
    *
  • *

    * For managed * rules, you can use the rule identifier as the keywordValue. You can find the rule identifier * from the list * of Config managed rules. For some rules, the rule identifier is different from the rule name. For example, * the rule name restricted-ssh has the following rule identifier: INCOMING_SSH_DISABLED. * Make sure to use the rule identifier, not the rule name. *

    *

    * Keyword example for managed rules: *

    * *
  • *
  • *

    * For custom * rules, you form the keywordValue by adding the Custom_ prefix to the rule name. * This prefix distinguishes the custom rule from a managed rule. *

    *

    * Keyword example for custom rules: *

    *
      *
    • *

      * Custom rule name: my-custom-config-rule *

      *

      * keywordValue: Custom_my-custom-config-rule *

      *
    • *
    *
  • *
  • *

    * For service * -linked rules, you form the keywordValue by adding the Custom_ prefix to the rule * name. In addition, you remove the suffix ID that appears at the end of the rule name. *

    *

    * Keyword examples for service-linked rules: *

    *
      *
    • *

      * Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w *

      *

      * keywordValue: Custom_CustomRuleForAccount-conformance-pack *

      *
    • *
    • *

      * Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba *

      *

      * keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled *

      *
    • *
    *
  • *
* *

* The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not * recognize the data source mapping. As a result, you might not successfully collect evidence from that data source * as intended. *

*

* Keep in mind the following requirements, depending on the data source type that you're using. *

*
    *
  1. *

    * For Config: *

    *
      *
    • *

      * For managed rules, make sure that the keywordValue is the rule identifier in * ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, * we recommend that you reference the list of supported * Config managed rules. *

      *
    • *
    • *

      * For custom rules, make sure that the keywordValue has the Custom_ prefix followed by * the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you * visit the Config console to verify your custom rule name. *

      *
    • *
    *
  2. *
  3. *

    * For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference * the list of supported * Security Hub controls. *

    *
  4. *
  5. *

    * For Amazon Web Services API calls: Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we recommend that * you reference the list of supported API * calls. *

    *
  6. *
  7. *

    * For CloudTrail: Make sure that the keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web * Service prefix and action names in the Service Authorization Reference. *

    *
  8. *
*
*/ private String keywordValue; /** *

* The input method for the keyword. *

*
    *
  • *

    * SELECT_FROM_LIST is used when mapping a data source for automated evidence. *

    *
      *
    • *

      * When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect * automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call. *

      *
    • *
    *
  • *
  • *

    * UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual * evidence. *

    *
      *
    • *

      * When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual evidence. *

      *
    • *
    • *

      * When keywordInputType is INPUT_TEXT, text must be entered as manual evidence. *

      *
    • *
    *
  • *
* * @param keywordInputType * The input method for the keyword.

*
    *
  • *

    * SELECT_FROM_LIST is used when mapping a data source for automated evidence. *

    *
      *
    • *

      * When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect * automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a * Security Hub control, or the name of an Amazon Web Services API call. *

      *
    • *
    *
  • *
  • *

    * UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual * evidence. *

    *
      *
    • *

      * When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual * evidence. *

      *
    • *
    • *

      * When keywordInputType is INPUT_TEXT, text must be entered as manual evidence. *

      *
    • *
    *
  • * @see KeywordInputType */ public void setKeywordInputType(String keywordInputType) { this.keywordInputType = keywordInputType; } /** *

    * The input method for the keyword. *

    *
      *
    • *

      * SELECT_FROM_LIST is used when mapping a data source for automated evidence. *

      *
        *
      • *

        * When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect * automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call. *

        *
      • *
      *
    • *
    • *

      * UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual * evidence. *

      *
        *
      • *

        * When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual evidence. *

        *
      • *
      • *

        * When keywordInputType is INPUT_TEXT, text must be entered as manual evidence. *

        *
      • *
      *
    • *
    * * @return The input method for the keyword.

    *
      *
    • *

      * SELECT_FROM_LIST is used when mapping a data source for automated evidence. *

      *
        *
      • *

        * When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to * collect automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for * Config, a Security Hub control, or the name of an Amazon Web Services API call. *

        *
      • *
      *
    • *
    • *

      * UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual * evidence. *

      *
        *
      • *

        * When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual * evidence. *

        *
      • *
      • *

        * When keywordInputType is INPUT_TEXT, text must be entered as manual evidence. *

        *
      • *
      *
    • * @see KeywordInputType */ public String getKeywordInputType() { return this.keywordInputType; } /** *

      * The input method for the keyword. *

      *
        *
      • *

        * SELECT_FROM_LIST is used when mapping a data source for automated evidence. *

        *
          *
        • *

          * When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect * automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call. *

          *
        • *
        *
      • *
      • *

        * UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual * evidence. *

        *
          *
        • *

          * When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual evidence. *

          *
        • *
        • *

          * When keywordInputType is INPUT_TEXT, text must be entered as manual evidence. *

          *
        • *
        *
      • *
      * * @param keywordInputType * The input method for the keyword.

      *
        *
      • *

        * SELECT_FROM_LIST is used when mapping a data source for automated evidence. *

        *
          *
        • *

          * When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect * automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a * Security Hub control, or the name of an Amazon Web Services API call. *

          *
        • *
        *
      • *
      • *

        * UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual * evidence. *

        *
          *
        • *

          * When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual * evidence. *

          *
        • *
        • *

          * When keywordInputType is INPUT_TEXT, text must be entered as manual evidence. *

          *
        • *
        *
      • * @return Returns a reference to this object so that method calls can be chained together. * @see KeywordInputType */ public SourceKeyword withKeywordInputType(String keywordInputType) { setKeywordInputType(keywordInputType); return this; } /** *

        * The input method for the keyword. *

        *
          *
        • *

          * SELECT_FROM_LIST is used when mapping a data source for automated evidence. *

          *
            *
          • *

            * When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect * automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security * Hub control, or the name of an Amazon Web Services API call. *

            *
          • *
          *
        • *
        • *

          * UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual * evidence. *

          *
            *
          • *

            * When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual evidence. *

            *
          • *
          • *

            * When keywordInputType is INPUT_TEXT, text must be entered as manual evidence. *

            *
          • *
          *
        • *
        * * @param keywordInputType * The input method for the keyword.

        *
          *
        • *

          * SELECT_FROM_LIST is used when mapping a data source for automated evidence. *

          *
            *
          • *

            * When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect * automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a * Security Hub control, or the name of an Amazon Web Services API call. *

            *
          • *
          *
        • *
        • *

          * UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual * evidence. *

          *
            *
          • *

            * When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual * evidence. *

            *
          • *
          • *

            * When keywordInputType is INPUT_TEXT, text must be entered as manual evidence. *

            *
          • *
          *
        • * @return Returns a reference to this object so that method calls can be chained together. * @see KeywordInputType */ public SourceKeyword withKeywordInputType(KeywordInputType keywordInputType) { this.keywordInputType = keywordInputType.toString(); return this; } /** *

          * The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail * event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call. *

          *

          * If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on * the type of rule: *

          *
            *
          • *

            * For managed * rules, you can use the rule identifier as the keywordValue. You can find the rule identifier * from the list * of Config managed rules. For some rules, the rule identifier is different from the rule name. For example, * the rule name restricted-ssh has the following rule identifier: INCOMING_SSH_DISABLED. * Make sure to use the rule identifier, not the rule name. *

            *

            * Keyword example for managed rules: *

            * *
          • *
          • *

            * For custom * rules, you form the keywordValue by adding the Custom_ prefix to the rule name. * This prefix distinguishes the custom rule from a managed rule. *

            *

            * Keyword example for custom rules: *

            *
              *
            • *

              * Custom rule name: my-custom-config-rule *

              *

              * keywordValue: Custom_my-custom-config-rule *

              *
            • *
            *
          • *
          • *

            * For service * -linked rules, you form the keywordValue by adding the Custom_ prefix to the rule * name. In addition, you remove the suffix ID that appears at the end of the rule name. *

            *

            * Keyword examples for service-linked rules: *

            *
              *
            • *

              * Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w *

              *

              * keywordValue: Custom_CustomRuleForAccount-conformance-pack *

              *
            • *
            • *

              * Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba *

              *

              * keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled *

              *
            • *
            *
          • *
          * *

          * The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not * recognize the data source mapping. As a result, you might not successfully collect evidence from that data source * as intended. *

          *

          * Keep in mind the following requirements, depending on the data source type that you're using. *

          *
            *
          1. *

            * For Config: *

            *
              *
            • *

              * For managed rules, make sure that the keywordValue is the rule identifier in * ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, * we recommend that you reference the list of supported * Config managed rules. *

              *
            • *
            • *

              * For custom rules, make sure that the keywordValue has the Custom_ prefix followed by * the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you * visit the Config console to verify your custom rule name. *

              *
            • *
            *
          2. *
          3. *

            * For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference * the list of supported * Security Hub controls. *

            *
          4. *
          5. *

            * For Amazon Web Services API calls: Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we recommend that * you reference the list of supported API * calls. *

            *
          6. *
          7. *

            * For CloudTrail: Make sure that the keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web * Service prefix and action names in the Service Authorization Reference. *

            *
          8. *
          *
          * * @param keywordValue * The value of the keyword that's used when mapping a control data source. For example, this can be a * CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web * Services API call.

          *

          * If you’re mapping a data source to a rule in Config, the keywordValue that you specify * depends on the type of rule: *

          *
            *
          • *

            * For managed rules, you can use the rule identifier as the keywordValue. You can find the * rule identifier from the list of * Config managed rules. For some rules, the rule identifier is different from the rule name. For * example, the rule name restricted-ssh has the following rule identifier: * INCOMING_SSH_DISABLED. Make sure to use the rule identifier, not the rule name. *

            *

            * Keyword example for managed rules: *

            * *
          • *
          • *

            * For * custom rules, you form the keywordValue by adding the Custom_ prefix to the * rule name. This prefix distinguishes the custom rule from a managed rule. *

            *

            * Keyword example for custom rules: *

            *
              *
            • *

              * Custom rule name: my-custom-config-rule *

              *

              * keywordValue: Custom_my-custom-config-rule *

              *
            • *
            *
          • *
          • *

            * For * service-linked rules, you form the keywordValue by adding the Custom_ prefix * to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name. *

            *

            * Keyword examples for service-linked rules: *

            *
              *
            • *

              * Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w *

              *

              * keywordValue: Custom_CustomRuleForAccount-conformance-pack *

              *
            • *
            • *

              * Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba *

              *

              * keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled *

              *
            • *
            *
          • *
          * *

          * The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not * recognize the data source mapping. As a result, you might not successfully collect evidence from that data * source as intended. *

          *

          * Keep in mind the following requirements, depending on the data source type that you're using. *

          *
            *
          1. *

            * For Config: *

            *
              *
            • *

              * For managed rules, make sure that the keywordValue is the rule identifier in * ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For * accuracy, we recommend that you reference the list of supported Config managed rules. *

              *
            • *
            • *

              * For custom rules, make sure that the keywordValue has the Custom_ prefix * followed by the custom rule name. The format of the custom rule name itself may vary. For accuracy, we * recommend that you visit the Config console to verify * your custom rule name. *

              *
            • *
            *
          2. *
          3. *

            * For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you * reference the list of supported * Security Hub controls. *

            *
          4. *
          5. *

            * For Amazon Web Services API calls: Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we * recommend that you reference the list of supported * API calls. *

            *
          6. *
          7. *

            * For CloudTrail: Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, cloudtrail_StartLogging. For accuracy, we * recommend that you review the Amazon Web Service prefix and action names in the Service Authorization Reference. *

            *
          8. *
          */ public void setKeywordValue(String keywordValue) { this.keywordValue = keywordValue; } /** *

          * The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail * event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call. *

          *

          * If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on * the type of rule: *

          *
            *
          • *

            * For managed * rules, you can use the rule identifier as the keywordValue. You can find the rule identifier * from the list * of Config managed rules. For some rules, the rule identifier is different from the rule name. For example, * the rule name restricted-ssh has the following rule identifier: INCOMING_SSH_DISABLED. * Make sure to use the rule identifier, not the rule name. *

            *

            * Keyword example for managed rules: *

            * *
          • *
          • *

            * For custom * rules, you form the keywordValue by adding the Custom_ prefix to the rule name. * This prefix distinguishes the custom rule from a managed rule. *

            *

            * Keyword example for custom rules: *

            *
              *
            • *

              * Custom rule name: my-custom-config-rule *

              *

              * keywordValue: Custom_my-custom-config-rule *

              *
            • *
            *
          • *
          • *

            * For service * -linked rules, you form the keywordValue by adding the Custom_ prefix to the rule * name. In addition, you remove the suffix ID that appears at the end of the rule name. *

            *

            * Keyword examples for service-linked rules: *

            *
              *
            • *

              * Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w *

              *

              * keywordValue: Custom_CustomRuleForAccount-conformance-pack *

              *
            • *
            • *

              * Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba *

              *

              * keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled *

              *
            • *
            *
          • *
          * *

          * The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not * recognize the data source mapping. As a result, you might not successfully collect evidence from that data source * as intended. *

          *

          * Keep in mind the following requirements, depending on the data source type that you're using. *

          *
            *
          1. *

            * For Config: *

            *
              *
            • *

              * For managed rules, make sure that the keywordValue is the rule identifier in * ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, * we recommend that you reference the list of supported * Config managed rules. *

              *
            • *
            • *

              * For custom rules, make sure that the keywordValue has the Custom_ prefix followed by * the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you * visit the Config console to verify your custom rule name. *

              *
            • *
            *
          2. *
          3. *

            * For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference * the list of supported * Security Hub controls. *

            *
          4. *
          5. *

            * For Amazon Web Services API calls: Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we recommend that * you reference the list of supported API * calls. *

            *
          6. *
          7. *

            * For CloudTrail: Make sure that the keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web * Service prefix and action names in the Service Authorization Reference. *

            *
          8. *
          *
          * * @return The value of the keyword that's used when mapping a control data source. For example, this can be a * CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web * Services API call.

          *

          * If you’re mapping a data source to a rule in Config, the keywordValue that you specify * depends on the type of rule: *

          *
            *
          • *

            * For managed rules, you can use the rule identifier as the keywordValue. You can find the * rule identifier from the list of * Config managed rules. For some rules, the rule identifier is different from the rule name. For * example, the rule name restricted-ssh has the following rule identifier: * INCOMING_SSH_DISABLED. Make sure to use the rule identifier, not the rule name. *

            *

            * Keyword example for managed rules: *

            * *
          • *
          • *

            * For custom * rules, you form the keywordValue by adding the Custom_ prefix to the rule * name. This prefix distinguishes the custom rule from a managed rule. *

            *

            * Keyword example for custom rules: *

            *
              *
            • *

              * Custom rule name: my-custom-config-rule *

              *

              * keywordValue: Custom_my-custom-config-rule *

              *
            • *
            *
          • *
          • *

            * For service-linked rules, you form the keywordValue by adding the Custom_ * prefix to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name. *

            *

            * Keyword examples for service-linked rules: *

            *
              *
            • *

              * Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w *

              *

              * keywordValue: Custom_CustomRuleForAccount-conformance-pack *

              *
            • *
            • *

              * Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba *

              *

              * keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled *

              *
            • *
            *
          • *
          * *

          * The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might * not recognize the data source mapping. As a result, you might not successfully collect evidence from that * data source as intended. *

          *

          * Keep in mind the following requirements, depending on the data source type that you're using. *

          *
            *
          1. *

            * For Config: *

            *
              *
            • *

              * For managed rules, make sure that the keywordValue is the rule identifier in * ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For * accuracy, we recommend that you reference the list of supported Config managed rules. *

              *
            • *
            • *

              * For custom rules, make sure that the keywordValue has the Custom_ prefix * followed by the custom rule name. The format of the custom rule name itself may vary. For accuracy, we * recommend that you visit the Config console to * verify your custom rule name. *

              *
            • *
            *
          2. *
          3. *

            * For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you * reference the list of supported * Security Hub controls. *

            *
          4. *
          5. *

            * For Amazon Web Services API calls: Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we * recommend that you reference the list of supported * API calls. *

            *
          6. *
          7. *

            * For CloudTrail: Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, cloudtrail_StartLogging. For accuracy, * we recommend that you review the Amazon Web Service prefix and action names in the Service Authorization Reference. *

            *
          8. *
          */ public String getKeywordValue() { return this.keywordValue; } /** *

          * The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail * event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call. *

          *

          * If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on * the type of rule: *

          *
            *
          • *

            * For managed * rules, you can use the rule identifier as the keywordValue. You can find the rule identifier * from the list * of Config managed rules. For some rules, the rule identifier is different from the rule name. For example, * the rule name restricted-ssh has the following rule identifier: INCOMING_SSH_DISABLED. * Make sure to use the rule identifier, not the rule name. *

            *

            * Keyword example for managed rules: *

            * *
          • *
          • *

            * For custom * rules, you form the keywordValue by adding the Custom_ prefix to the rule name. * This prefix distinguishes the custom rule from a managed rule. *

            *

            * Keyword example for custom rules: *

            *
              *
            • *

              * Custom rule name: my-custom-config-rule *

              *

              * keywordValue: Custom_my-custom-config-rule *

              *
            • *
            *
          • *
          • *

            * For service * -linked rules, you form the keywordValue by adding the Custom_ prefix to the rule * name. In addition, you remove the suffix ID that appears at the end of the rule name. *

            *

            * Keyword examples for service-linked rules: *

            *
              *
            • *

              * Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w *

              *

              * keywordValue: Custom_CustomRuleForAccount-conformance-pack *

              *
            • *
            • *

              * Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba *

              *

              * keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled *

              *
            • *
            *
          • *
          * *

          * The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not * recognize the data source mapping. As a result, you might not successfully collect evidence from that data source * as intended. *

          *

          * Keep in mind the following requirements, depending on the data source type that you're using. *

          *
            *
          1. *

            * For Config: *

            *
              *
            • *

              * For managed rules, make sure that the keywordValue is the rule identifier in * ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy, * we recommend that you reference the list of supported * Config managed rules. *

              *
            • *
            • *

              * For custom rules, make sure that the keywordValue has the Custom_ prefix followed by * the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you * visit the Config console to verify your custom rule name. *

              *
            • *
            *
          2. *
          3. *

            * For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference * the list of supported * Security Hub controls. *

            *
          4. *
          5. *

            * For Amazon Web Services API calls: Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we recommend that * you reference the list of supported API * calls. *

            *
          6. *
          7. *

            * For CloudTrail: Make sure that the keywordValue is written as serviceprefix_ActionName. * For example, cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web * Service prefix and action names in the Service Authorization Reference. *

            *
          8. *
          *
          * * @param keywordValue * The value of the keyword that's used when mapping a control data source. For example, this can be a * CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web * Services API call.

          *

          * If you’re mapping a data source to a rule in Config, the keywordValue that you specify * depends on the type of rule: *

          *
            *
          • *

            * For managed rules, you can use the rule identifier as the keywordValue. You can find the * rule identifier from the list of * Config managed rules. For some rules, the rule identifier is different from the rule name. For * example, the rule name restricted-ssh has the following rule identifier: * INCOMING_SSH_DISABLED. Make sure to use the rule identifier, not the rule name. *

            *

            * Keyword example for managed rules: *

            * *
          • *
          • *

            * For * custom rules, you form the keywordValue by adding the Custom_ prefix to the * rule name. This prefix distinguishes the custom rule from a managed rule. *

            *

            * Keyword example for custom rules: *

            *
              *
            • *

              * Custom rule name: my-custom-config-rule *

              *

              * keywordValue: Custom_my-custom-config-rule *

              *
            • *
            *
          • *
          • *

            * For * service-linked rules, you form the keywordValue by adding the Custom_ prefix * to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name. *

            *

            * Keyword examples for service-linked rules: *

            *
              *
            • *

              * Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w *

              *

              * keywordValue: Custom_CustomRuleForAccount-conformance-pack *

              *
            • *
            • *

              * Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba *

              *

              * keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled *

              *
            • *
            *
          • *
          * *

          * The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not * recognize the data source mapping. As a result, you might not successfully collect evidence from that data * source as intended. *

          *

          * Keep in mind the following requirements, depending on the data source type that you're using. *

          *
            *
          1. *

            * For Config: *

            *
              *
            • *

              * For managed rules, make sure that the keywordValue is the rule identifier in * ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For * accuracy, we recommend that you reference the list of supported Config managed rules. *

              *
            • *
            • *

              * For custom rules, make sure that the keywordValue has the Custom_ prefix * followed by the custom rule name. The format of the custom rule name itself may vary. For accuracy, we * recommend that you visit the Config console to verify * your custom rule name. *

              *
            • *
            *
          2. *
          3. *

            * For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you * reference the list of supported * Security Hub controls. *

            *
          4. *
          5. *

            * For Amazon Web Services API calls: Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we * recommend that you reference the list of supported * API calls. *

            *
          6. *
          7. *

            * For CloudTrail: Make sure that the keywordValue is written as * serviceprefix_ActionName. For example, cloudtrail_StartLogging. For accuracy, we * recommend that you review the Amazon Web Service prefix and action names in the Service Authorization Reference. *

            *
          8. *
          * @return Returns a reference to this object so that method calls can be chained together. */ public SourceKeyword withKeywordValue(String keywordValue) { setKeywordValue(keywordValue); return this; } /** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. * * @return A string representation of this object. * * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getKeywordInputType() != null) sb.append("KeywordInputType: ").append(getKeywordInputType()).append(","); if (getKeywordValue() != null) sb.append("KeywordValue: ").append(getKeywordValue()); sb.append("}"); return sb.toString(); } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof SourceKeyword == false) return false; SourceKeyword other = (SourceKeyword) obj; if (other.getKeywordInputType() == null ^ this.getKeywordInputType() == null) return false; if (other.getKeywordInputType() != null && other.getKeywordInputType().equals(this.getKeywordInputType()) == false) return false; if (other.getKeywordValue() == null ^ this.getKeywordValue() == null) return false; if (other.getKeywordValue() != null && other.getKeywordValue().equals(this.getKeywordValue()) == false) return false; return true; } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getKeywordInputType() == null) ? 0 : getKeywordInputType().hashCode()); hashCode = prime * hashCode + ((getKeywordValue() == null) ? 0 : getKeywordValue().hashCode()); return hashCode; } @Override public SourceKeyword clone() { try { return (SourceKeyword) super.clone(); } catch (CloneNotSupportedException e) { throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e); } } @com.amazonaws.annotation.SdkInternalApi @Override public void marshall(ProtocolMarshaller protocolMarshaller) { com.amazonaws.services.auditmanager.model.transform.SourceKeywordMarshaller.getInstance().marshall(this, protocolMarshaller); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy