com.amazonaws.services.auditmanager.model.SourceKeyword Maven / Gradle / Ivy
Show all versions of aws-java-sdk-auditmanager Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.auditmanager.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;
/**
*
* A keyword that relates to the control data source.
*
*
* For manual evidence, this keyword indicates if the manual evidence is a file or text.
*
*
* For automated evidence, this keyword identifies a specific CloudTrail event, Config rule, Security Hub control, or
* Amazon Web Services API name.
*
*
* To learn more about the supported keywords that you can use when mapping a control data source, see the following
* pages in the Audit Manager User Guide:
*
*
* -
*
*
* -
*
*
* -
*
*
* -
*
*
*
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class SourceKeyword implements Serializable, Cloneable, StructuredPojo {
/**
*
* The input method for the keyword.
*
*
* -
*
* SELECT_FROM_LIST is used when mapping a data source for automated evidence.
*
*
* -
*
* When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect
* automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security
* Hub control, or the name of an Amazon Web Services API call.
*
*
*
*
* -
*
* UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual
* evidence.
*
*
* -
*
* When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual evidence.
*
*
* -
*
* When keywordInputType is INPUT_TEXT, text must be entered as manual evidence.
*
*
*
*
*
*/
private String keywordInputType;
/**
*
* The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail
* event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.
*
*
* If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on
* the type of rule:
*
*
* -
*
* For managed
* rules, you can use the rule identifier as the keywordValue. You can find the rule identifier
* from the list
* of Config managed rules. For some rules, the rule identifier is different from the rule name. For example,
* the rule name restricted-ssh has the following rule identifier: INCOMING_SSH_DISABLED.
* Make sure to use the rule identifier, not the rule name.
*
*
* Keyword example for managed rules:
*
*
* -
*
* Managed rule name: s3-bucket-acl-prohibited
*
*
* keywordValue: S3_BUCKET_ACL_PROHIBITED
*
*
*
*
* -
*
* For custom
* rules, you form the keywordValue by adding the Custom_ prefix to the rule name.
* This prefix distinguishes the custom rule from a managed rule.
*
*
* Keyword example for custom rules:
*
*
* -
*
* Custom rule name: my-custom-config-rule
*
*
* keywordValue: Custom_my-custom-config-rule
*
*
*
*
* -
*
* For service
* -linked rules, you form the keywordValue by adding the Custom_ prefix to the rule
* name. In addition, you remove the suffix ID that appears at the end of the rule name.
*
*
* Keyword examples for service-linked rules:
*
*
* -
*
* Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w
*
*
* keywordValue: Custom_CustomRuleForAccount-conformance-pack
*
*
* -
*
* Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba
*
*
* keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled
*
*
*
*
*
*
*
* The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not
* recognize the data source mapping. As a result, you might not successfully collect evidence from that data source
* as intended.
*
*
* Keep in mind the following requirements, depending on the data source type that you're using.
*
*
* -
*
* For Config:
*
*
* -
*
* For managed rules, make sure that the keywordValue is the rule identifier in
* ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy,
* we recommend that you reference the list of supported
* Config managed rules.
*
*
* -
*
* For custom rules, make sure that the keywordValue has the Custom_ prefix followed by
* the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you
* visit the Config console to verify your custom rule name.
*
*
*
*
* -
*
* For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference
* the list of supported
* Security Hub controls.
*
*
* -
*
* For Amazon Web Services API calls: Make sure that the keywordValue is written as
* serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we recommend that
* you reference the list of supported API
* calls.
*
*
* -
*
* For CloudTrail: Make sure that the keywordValue is written as serviceprefix_ActionName.
* For example, cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web
* Service prefix and action names in the Service Authorization Reference.
*
*
*
*
*/
private String keywordValue;
/**
*
* The input method for the keyword.
*
*
* -
*
* SELECT_FROM_LIST is used when mapping a data source for automated evidence.
*
*
* -
*
* When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect
* automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security
* Hub control, or the name of an Amazon Web Services API call.
*
*
*
*
* -
*
* UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual
* evidence.
*
*
* -
*
* When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual evidence.
*
*
* -
*
* When keywordInputType is INPUT_TEXT, text must be entered as manual evidence.
*
*
*
*
*
*
* @param keywordInputType
* The input method for the keyword.
*
* -
*
* SELECT_FROM_LIST is used when mapping a data source for automated evidence.
*
*
* -
*
* When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect
* automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a
* Security Hub control, or the name of an Amazon Web Services API call.
*
*
*
*
* -
*
* UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual
* evidence.
*
*
* -
*
* When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual
* evidence.
*
*
* -
*
* When keywordInputType is INPUT_TEXT, text must be entered as manual evidence.
*
*
*
*
* @see KeywordInputType
*/
public void setKeywordInputType(String keywordInputType) {
this.keywordInputType = keywordInputType;
}
/**
*
* The input method for the keyword.
*
*
* -
*
* SELECT_FROM_LIST is used when mapping a data source for automated evidence.
*
*
* -
*
* When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect
* automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security
* Hub control, or the name of an Amazon Web Services API call.
*
*
*
*
* -
*
* UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual
* evidence.
*
*
* -
*
* When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual evidence.
*
*
* -
*
* When keywordInputType is INPUT_TEXT, text must be entered as manual evidence.
*
*
*
*
*
*
* @return The input method for the keyword.
*
* -
*
* SELECT_FROM_LIST is used when mapping a data source for automated evidence.
*
*
* -
*
* When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to
* collect automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for
* Config, a Security Hub control, or the name of an Amazon Web Services API call.
*
*
*
*
* -
*
* UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual
* evidence.
*
*
* -
*
* When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual
* evidence.
*
*
* -
*
* When keywordInputType is INPUT_TEXT, text must be entered as manual evidence.
*
*
*
*
* @see KeywordInputType
*/
public String getKeywordInputType() {
return this.keywordInputType;
}
/**
*
* The input method for the keyword.
*
*
* -
*
* SELECT_FROM_LIST is used when mapping a data source for automated evidence.
*
*
* -
*
* When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect
* automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security
* Hub control, or the name of an Amazon Web Services API call.
*
*
*
*
* -
*
* UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual
* evidence.
*
*
* -
*
* When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual evidence.
*
*
* -
*
* When keywordInputType is INPUT_TEXT, text must be entered as manual evidence.
*
*
*
*
*
*
* @param keywordInputType
* The input method for the keyword.
*
* -
*
* SELECT_FROM_LIST is used when mapping a data source for automated evidence.
*
*
* -
*
* When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect
* automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a
* Security Hub control, or the name of an Amazon Web Services API call.
*
*
*
*
* -
*
* UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual
* evidence.
*
*
* -
*
* When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual
* evidence.
*
*
* -
*
* When keywordInputType is INPUT_TEXT, text must be entered as manual evidence.
*
*
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see KeywordInputType
*/
public SourceKeyword withKeywordInputType(String keywordInputType) {
setKeywordInputType(keywordInputType);
return this;
}
/**
*
* The input method for the keyword.
*
*
* -
*
* SELECT_FROM_LIST is used when mapping a data source for automated evidence.
*
*
* -
*
* When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect
* automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a Security
* Hub control, or the name of an Amazon Web Services API call.
*
*
*
*
* -
*
* UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual
* evidence.
*
*
* -
*
* When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual evidence.
*
*
* -
*
* When keywordInputType is INPUT_TEXT, text must be entered as manual evidence.
*
*
*
*
*
*
* @param keywordInputType
* The input method for the keyword.
*
* -
*
* SELECT_FROM_LIST is used when mapping a data source for automated evidence.
*
*
* -
*
* When keywordInputType is SELECT_FROM_LIST, a keyword must be selected to collect
* automated evidence. For example, this keyword can be a CloudTrail event name, a rule name for Config, a
* Security Hub control, or the name of an Amazon Web Services API call.
*
*
*
*
* -
*
* UPLOAD_FILE and INPUT_TEXT are only used when mapping a data source for manual
* evidence.
*
*
* -
*
* When keywordInputType is UPLOAD_FILE, a file must be uploaded as manual
* evidence.
*
*
* -
*
* When keywordInputType is INPUT_TEXT, text must be entered as manual evidence.
*
*
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see KeywordInputType
*/
public SourceKeyword withKeywordInputType(KeywordInputType keywordInputType) {
this.keywordInputType = keywordInputType.toString();
return this;
}
/**
*
* The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail
* event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.
*
*
* If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on
* the type of rule:
*
*
* -
*
* For managed
* rules, you can use the rule identifier as the keywordValue. You can find the rule identifier
* from the list
* of Config managed rules. For some rules, the rule identifier is different from the rule name. For example,
* the rule name restricted-ssh has the following rule identifier: INCOMING_SSH_DISABLED.
* Make sure to use the rule identifier, not the rule name.
*
*
* Keyword example for managed rules:
*
*
* -
*
* Managed rule name: s3-bucket-acl-prohibited
*
*
* keywordValue: S3_BUCKET_ACL_PROHIBITED
*
*
*
*
* -
*
* For custom
* rules, you form the keywordValue by adding the Custom_ prefix to the rule name.
* This prefix distinguishes the custom rule from a managed rule.
*
*
* Keyword example for custom rules:
*
*
* -
*
* Custom rule name: my-custom-config-rule
*
*
* keywordValue: Custom_my-custom-config-rule
*
*
*
*
* -
*
* For service
* -linked rules, you form the keywordValue by adding the Custom_ prefix to the rule
* name. In addition, you remove the suffix ID that appears at the end of the rule name.
*
*
* Keyword examples for service-linked rules:
*
*
* -
*
* Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w
*
*
* keywordValue: Custom_CustomRuleForAccount-conformance-pack
*
*
* -
*
* Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba
*
*
* keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled
*
*
*
*
*
*
*
* The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not
* recognize the data source mapping. As a result, you might not successfully collect evidence from that data source
* as intended.
*
*
* Keep in mind the following requirements, depending on the data source type that you're using.
*
*
* -
*
* For Config:
*
*
* -
*
* For managed rules, make sure that the keywordValue is the rule identifier in
* ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy,
* we recommend that you reference the list of supported
* Config managed rules.
*
*
* -
*
* For custom rules, make sure that the keywordValue has the Custom_ prefix followed by
* the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you
* visit the Config console to verify your custom rule name.
*
*
*
*
* -
*
* For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference
* the list of supported
* Security Hub controls.
*
*
* -
*
* For Amazon Web Services API calls: Make sure that the keywordValue is written as
* serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we recommend that
* you reference the list of supported API
* calls.
*
*
* -
*
* For CloudTrail: Make sure that the keywordValue is written as serviceprefix_ActionName.
* For example, cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web
* Service prefix and action names in the Service Authorization Reference.
*
*
*
*
*
* @param keywordValue
* The value of the keyword that's used when mapping a control data source. For example, this can be a
* CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web
* Services API call.
*
* If you’re mapping a data source to a rule in Config, the keywordValue that you specify
* depends on the type of rule:
*
*
* -
*
* For managed rules, you can use the rule identifier as the keywordValue. You can find the
* rule identifier from the list of
* Config managed rules. For some rules, the rule identifier is different from the rule name. For
* example, the rule name restricted-ssh has the following rule identifier:
* INCOMING_SSH_DISABLED. Make sure to use the rule identifier, not the rule name.
*
*
* Keyword example for managed rules:
*
*
* -
*
* Managed rule name: s3-bucket-acl-prohibited
*
*
* keywordValue: S3_BUCKET_ACL_PROHIBITED
*
*
*
*
* -
*
* For
* custom rules, you form the keywordValue by adding the Custom_ prefix to the
* rule name. This prefix distinguishes the custom rule from a managed rule.
*
*
* Keyword example for custom rules:
*
*
* -
*
* Custom rule name: my-custom-config-rule
*
*
* keywordValue: Custom_my-custom-config-rule
*
*
*
*
* -
*
* For
* service-linked rules, you form the keywordValue by adding the Custom_ prefix
* to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name.
*
*
* Keyword examples for service-linked rules:
*
*
* -
*
* Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w
*
*
* keywordValue: Custom_CustomRuleForAccount-conformance-pack
*
*
* -
*
* Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba
*
*
* keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled
*
*
*
*
*
*
*
* The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not
* recognize the data source mapping. As a result, you might not successfully collect evidence from that data
* source as intended.
*
*
* Keep in mind the following requirements, depending on the data source type that you're using.
*
*
* -
*
* For Config:
*
*
* -
*
* For managed rules, make sure that the keywordValue is the rule identifier in
* ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For
* accuracy, we recommend that you reference the list of supported Config managed rules.
*
*
* -
*
* For custom rules, make sure that the keywordValue has the Custom_ prefix
* followed by the custom rule name. The format of the custom rule name itself may vary. For accuracy, we
* recommend that you visit the Config console to verify
* your custom rule name.
*
*
*
*
* -
*
* For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you
* reference the list of supported
* Security Hub controls.
*
*
* -
*
* For Amazon Web Services API calls: Make sure that the keywordValue is written as
* serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we
* recommend that you reference the list of supported
* API calls.
*
*
* -
*
* For CloudTrail: Make sure that the keywordValue is written as
* serviceprefix_ActionName. For example, cloudtrail_StartLogging. For accuracy, we
* recommend that you review the Amazon Web Service prefix and action names in the Service Authorization Reference.
*
*
*
*/
public void setKeywordValue(String keywordValue) {
this.keywordValue = keywordValue;
}
/**
*
* The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail
* event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.
*
*
* If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on
* the type of rule:
*
*
* -
*
* For managed
* rules, you can use the rule identifier as the keywordValue. You can find the rule identifier
* from the list
* of Config managed rules. For some rules, the rule identifier is different from the rule name. For example,
* the rule name restricted-ssh has the following rule identifier: INCOMING_SSH_DISABLED.
* Make sure to use the rule identifier, not the rule name.
*
*
* Keyword example for managed rules:
*
*
* -
*
* Managed rule name: s3-bucket-acl-prohibited
*
*
* keywordValue: S3_BUCKET_ACL_PROHIBITED
*
*
*
*
* -
*
* For custom
* rules, you form the keywordValue by adding the Custom_ prefix to the rule name.
* This prefix distinguishes the custom rule from a managed rule.
*
*
* Keyword example for custom rules:
*
*
* -
*
* Custom rule name: my-custom-config-rule
*
*
* keywordValue: Custom_my-custom-config-rule
*
*
*
*
* -
*
* For service
* -linked rules, you form the keywordValue by adding the Custom_ prefix to the rule
* name. In addition, you remove the suffix ID that appears at the end of the rule name.
*
*
* Keyword examples for service-linked rules:
*
*
* -
*
* Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w
*
*
* keywordValue: Custom_CustomRuleForAccount-conformance-pack
*
*
* -
*
* Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba
*
*
* keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled
*
*
*
*
*
*
*
* The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not
* recognize the data source mapping. As a result, you might not successfully collect evidence from that data source
* as intended.
*
*
* Keep in mind the following requirements, depending on the data source type that you're using.
*
*
* -
*
* For Config:
*
*
* -
*
* For managed rules, make sure that the keywordValue is the rule identifier in
* ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy,
* we recommend that you reference the list of supported
* Config managed rules.
*
*
* -
*
* For custom rules, make sure that the keywordValue has the Custom_ prefix followed by
* the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you
* visit the Config console to verify your custom rule name.
*
*
*
*
* -
*
* For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference
* the list of supported
* Security Hub controls.
*
*
* -
*
* For Amazon Web Services API calls: Make sure that the keywordValue is written as
* serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we recommend that
* you reference the list of supported API
* calls.
*
*
* -
*
* For CloudTrail: Make sure that the keywordValue is written as serviceprefix_ActionName.
* For example, cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web
* Service prefix and action names in the Service Authorization Reference.
*
*
*
*
*
* @return The value of the keyword that's used when mapping a control data source. For example, this can be a
* CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web
* Services API call.
*
* If you’re mapping a data source to a rule in Config, the keywordValue that you specify
* depends on the type of rule:
*
*
* -
*
* For managed rules, you can use the rule identifier as the keywordValue. You can find the
* rule identifier from the list of
* Config managed rules. For some rules, the rule identifier is different from the rule name. For
* example, the rule name restricted-ssh has the following rule identifier:
* INCOMING_SSH_DISABLED. Make sure to use the rule identifier, not the rule name.
*
*
* Keyword example for managed rules:
*
*
* -
*
* Managed rule name: s3-bucket-acl-prohibited
*
*
* keywordValue: S3_BUCKET_ACL_PROHIBITED
*
*
*
*
* -
*
* For custom
* rules, you form the keywordValue by adding the Custom_ prefix to the rule
* name. This prefix distinguishes the custom rule from a managed rule.
*
*
* Keyword example for custom rules:
*
*
* -
*
* Custom rule name: my-custom-config-rule
*
*
* keywordValue: Custom_my-custom-config-rule
*
*
*
*
* -
*
* For service-linked rules, you form the keywordValue by adding the Custom_
* prefix to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name.
*
*
* Keyword examples for service-linked rules:
*
*
* -
*
* Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w
*
*
* keywordValue: Custom_CustomRuleForAccount-conformance-pack
*
*
* -
*
* Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba
*
*
* keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled
*
*
*
*
*
*
*
* The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might
* not recognize the data source mapping. As a result, you might not successfully collect evidence from that
* data source as intended.
*
*
* Keep in mind the following requirements, depending on the data source type that you're using.
*
*
* -
*
* For Config:
*
*
* -
*
* For managed rules, make sure that the keywordValue is the rule identifier in
* ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For
* accuracy, we recommend that you reference the list of supported Config managed rules.
*
*
* -
*
* For custom rules, make sure that the keywordValue has the Custom_ prefix
* followed by the custom rule name. The format of the custom rule name itself may vary. For accuracy, we
* recommend that you visit the Config console to
* verify your custom rule name.
*
*
*
*
* -
*
* For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you
* reference the list of supported
* Security Hub controls.
*
*
* -
*
* For Amazon Web Services API calls: Make sure that the keywordValue is written as
* serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we
* recommend that you reference the list of supported
* API calls.
*
*
* -
*
* For CloudTrail: Make sure that the keywordValue is written as
* serviceprefix_ActionName. For example, cloudtrail_StartLogging. For accuracy,
* we recommend that you review the Amazon Web Service prefix and action names in the Service Authorization Reference.
*
*
*
*/
public String getKeywordValue() {
return this.keywordValue;
}
/**
*
* The value of the keyword that's used when mapping a control data source. For example, this can be a CloudTrail
* event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web Services API call.
*
*
* If you’re mapping a data source to a rule in Config, the keywordValue that you specify depends on
* the type of rule:
*
*
* -
*
* For managed
* rules, you can use the rule identifier as the keywordValue. You can find the rule identifier
* from the list
* of Config managed rules. For some rules, the rule identifier is different from the rule name. For example,
* the rule name restricted-ssh has the following rule identifier: INCOMING_SSH_DISABLED.
* Make sure to use the rule identifier, not the rule name.
*
*
* Keyword example for managed rules:
*
*
* -
*
* Managed rule name: s3-bucket-acl-prohibited
*
*
* keywordValue: S3_BUCKET_ACL_PROHIBITED
*
*
*
*
* -
*
* For custom
* rules, you form the keywordValue by adding the Custom_ prefix to the rule name.
* This prefix distinguishes the custom rule from a managed rule.
*
*
* Keyword example for custom rules:
*
*
* -
*
* Custom rule name: my-custom-config-rule
*
*
* keywordValue: Custom_my-custom-config-rule
*
*
*
*
* -
*
* For service
* -linked rules, you form the keywordValue by adding the Custom_ prefix to the rule
* name. In addition, you remove the suffix ID that appears at the end of the rule name.
*
*
* Keyword examples for service-linked rules:
*
*
* -
*
* Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w
*
*
* keywordValue: Custom_CustomRuleForAccount-conformance-pack
*
*
* -
*
* Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba
*
*
* keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled
*
*
*
*
*
*
*
* The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not
* recognize the data source mapping. As a result, you might not successfully collect evidence from that data source
* as intended.
*
*
* Keep in mind the following requirements, depending on the data source type that you're using.
*
*
* -
*
* For Config:
*
*
* -
*
* For managed rules, make sure that the keywordValue is the rule identifier in
* ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For accuracy,
* we recommend that you reference the list of supported
* Config managed rules.
*
*
* -
*
* For custom rules, make sure that the keywordValue has the Custom_ prefix followed by
* the custom rule name. The format of the custom rule name itself may vary. For accuracy, we recommend that you
* visit the Config console to verify your custom rule name.
*
*
*
*
* -
*
* For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you reference
* the list of supported
* Security Hub controls.
*
*
* -
*
* For Amazon Web Services API calls: Make sure that the keywordValue is written as
* serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we recommend that
* you reference the list of supported API
* calls.
*
*
* -
*
* For CloudTrail: Make sure that the keywordValue is written as serviceprefix_ActionName.
* For example, cloudtrail_StartLogging. For accuracy, we recommend that you review the Amazon Web
* Service prefix and action names in the Service Authorization Reference.
*
*
*
*
*
* @param keywordValue
* The value of the keyword that's used when mapping a control data source. For example, this can be a
* CloudTrail event name, a rule name for Config, a Security Hub control, or the name of an Amazon Web
* Services API call.
*
* If you’re mapping a data source to a rule in Config, the keywordValue that you specify
* depends on the type of rule:
*
*
* -
*
* For managed rules, you can use the rule identifier as the keywordValue. You can find the
* rule identifier from the list of
* Config managed rules. For some rules, the rule identifier is different from the rule name. For
* example, the rule name restricted-ssh has the following rule identifier:
* INCOMING_SSH_DISABLED. Make sure to use the rule identifier, not the rule name.
*
*
* Keyword example for managed rules:
*
*
* -
*
* Managed rule name: s3-bucket-acl-prohibited
*
*
* keywordValue: S3_BUCKET_ACL_PROHIBITED
*
*
*
*
* -
*
* For
* custom rules, you form the keywordValue by adding the Custom_ prefix to the
* rule name. This prefix distinguishes the custom rule from a managed rule.
*
*
* Keyword example for custom rules:
*
*
* -
*
* Custom rule name: my-custom-config-rule
*
*
* keywordValue: Custom_my-custom-config-rule
*
*
*
*
* -
*
* For
* service-linked rules, you form the keywordValue by adding the Custom_ prefix
* to the rule name. In addition, you remove the suffix ID that appears at the end of the rule name.
*
*
* Keyword examples for service-linked rules:
*
*
* -
*
* Service-linked rule name: CustomRuleForAccount-conformance-pack-szsm1uv0w
*
*
* keywordValue: Custom_CustomRuleForAccount-conformance-pack
*
*
* -
*
* Service-linked rule name: OrgConfigRule-s3-bucket-versioning-enabled-dbgzf8ba
*
*
* keywordValue: Custom_OrgConfigRule-s3-bucket-versioning-enabled
*
*
*
*
*
*
*
* The keywordValue is case sensitive. If you enter a value incorrectly, Audit Manager might not
* recognize the data source mapping. As a result, you might not successfully collect evidence from that data
* source as intended.
*
*
* Keep in mind the following requirements, depending on the data source type that you're using.
*
*
* -
*
* For Config:
*
*
* -
*
* For managed rules, make sure that the keywordValue is the rule identifier in
* ALL_CAPS_WITH_UNDERSCORES. For example, CLOUDWATCH_LOG_GROUP_ENCRYPTED. For
* accuracy, we recommend that you reference the list of supported Config managed rules.
*
*
* -
*
* For custom rules, make sure that the keywordValue has the Custom_ prefix
* followed by the custom rule name. The format of the custom rule name itself may vary. For accuracy, we
* recommend that you visit the Config console to verify
* your custom rule name.
*
*
*
*
* -
*
* For Security Hub: The format varies for Security Hub control names. For accuracy, we recommend that you
* reference the list of supported
* Security Hub controls.
*
*
* -
*
* For Amazon Web Services API calls: Make sure that the keywordValue is written as
* serviceprefix_ActionName. For example, iam_ListGroups. For accuracy, we
* recommend that you reference the list of supported
* API calls.
*
*
* -
*
* For CloudTrail: Make sure that the keywordValue is written as
* serviceprefix_ActionName. For example, cloudtrail_StartLogging. For accuracy, we
* recommend that you review the Amazon Web Service prefix and action names in the Service Authorization Reference.
*
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public SourceKeyword withKeywordValue(String keywordValue) {
setKeywordValue(keywordValue);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getKeywordInputType() != null)
sb.append("KeywordInputType: ").append(getKeywordInputType()).append(",");
if (getKeywordValue() != null)
sb.append("KeywordValue: ").append(getKeywordValue());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof SourceKeyword == false)
return false;
SourceKeyword other = (SourceKeyword) obj;
if (other.getKeywordInputType() == null ^ this.getKeywordInputType() == null)
return false;
if (other.getKeywordInputType() != null && other.getKeywordInputType().equals(this.getKeywordInputType()) == false)
return false;
if (other.getKeywordValue() == null ^ this.getKeywordValue() == null)
return false;
if (other.getKeywordValue() != null && other.getKeywordValue().equals(this.getKeywordValue()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getKeywordInputType() == null) ? 0 : getKeywordInputType().hashCode());
hashCode = prime * hashCode + ((getKeywordValue() == null) ? 0 : getKeywordValue().hashCode());
return hashCode;
}
@Override
public SourceKeyword clone() {
try {
return (SourceKeyword) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e);
}
}
@com.amazonaws.annotation.SdkInternalApi
@Override
public void marshall(ProtocolMarshaller protocolMarshaller) {
com.amazonaws.services.auditmanager.model.transform.SourceKeywordMarshaller.getInstance().marshall(this, protocolMarshaller);
}
}