This guide documents the action and response elements for use of the service.
", "operations": { "BatchGetMemberAccountDetails": "Provides information on whether the supplied account IDs are associated with a membership.
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.
Cancels an existing membership.
", "CloseCase": "Closes an existing case.
", "CreateCase": "Creates a new case.
", "CreateCaseComment": "Adds a comment to an existing case.
", "CreateMembership": "Creates a new membership.
", "GetCase": "Returns the attributes of a case.
", "GetCaseAttachmentDownloadUrl": "Returns a Pre-Signed URL for uploading attachments into a case.
", "GetCaseAttachmentUploadUrl": "Uploads an attachment to a case.
", "GetMembership": "Returns the attributes of a membership.
", "ListCaseEdits": "Views the case history for edits made to a designated case.
", "ListCases": "Lists all cases the requester has access to.
", "ListComments": "Returns comments for a designated case.
", "ListMemberships": "Returns the memberships that the calling principal can access.
", "ListTagsForResource": "Returns currently configured tags on a resource.
", "TagResource": "Adds a tag(s) to a designated resource.
", "UntagResource": "Removes a tag(s) from a designate resource.
", "UpdateCase": "Updates an existing case.
", "UpdateCaseComment": "Updates an existing case comment.
", "UpdateCaseStatus": "Updates the state transitions for a designated cases.
Self-managed: the following states are available for self-managed cases.
Submitted → Detection and Analysis
Detection and Analysis → Containment, Eradication, and Recovery
Detection and Analysis → Post-incident Activities
Containment, Eradication, and Recovery → Detection and Analysis
Containment, Eradication, and Recovery → Post-incident Activities
Post-incident Activities → Containment, Eradication, and Recovery
Post-incident Activities → Detection and Analysis
Any → Closed
AWS supported: You must use the CloseCase API to close.
Updates membership configuration.
", "UpdateResolverType": "Updates the resolver type for a case.
This is a one-way action and cannot be reversed.
Response element for GetMembership that provides the account configured to manage the membership.
", "ImpactedAccounts$member": null, "ListMembershipItem$accountId": "" } }, "AWSAccountIds": { "base": null, "refs": { "BatchGetMemberAccountDetailsRequest$accountIds": "Optional element to query the membership relationship status to a provided list of account IDs.
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.
Required element for ListTagsForResource to provide the ARN to identify a specific resource.
", "TagResourceInput$resourceArn": "Required element for TagResource to identify the ARN for the resource to add a tag to.
", "UntagResourceInput$resourceArn": "Required element for UnTagResource to identify the ARN for the resource to remove a tag from.
" } }, "AttachmentId": { "base": null, "refs": { "CaseAttachmentAttributes$attachmentId": "", "GetCaseAttachmentDownloadUrlRequest$attachmentId": "Required element for GetCaseAttachmentDownloadUrl to identify the attachment ID for downloading an attachment.
" } }, "AwsRegion": { "base": null, "refs": { "GetMembershipResponse$region": "Response element for GetMembership that provides the region configured to manage the membership.
", "ImpactedAwsRegion$region": "", "ListMembershipItem$region": "" } }, "AwsService": { "base": null, "refs": { "ImpactedServicesList$member": null } }, "BatchGetMemberAccountDetailsRequest": { "base": null, "refs": {} }, "BatchGetMemberAccountDetailsResponse": { "base": null, "refs": {} }, "Boolean": { "base": null, "refs": { "CreateMembershipRequest$coverEntireOrganization": "The coverEntireOrganization parameter is a boolean flag that determines whether the membership should be applied to the entire Amazon Web Services Organization. When set to true, the membership will be created for all accounts within the organization. When set to false, the membership will only be created for specified accounts.
This parameter is optional. If not specified, the default value is false.
If set to true: The membership will automatically include all existing and future accounts in the Amazon Web Services Organization.
If set to false: The membership will only apply to explicitly specified accounts.
The coverEntireOrganization field is a boolean value that determines whether the membership configuration applies to all accounts within an Amazon Web Services Organization.
When set to true, the configuration will be applied across all accounts in the organization. When set to false, the configuration will only apply to specifically designated accounts under the AWS Organizational Units specificied.
The coverEntireOrganization field is a boolean value that determines whether the membership configuration should be applied across the entire Amazon Web Services Organization.
When set to true, the configuration will be applied to all accounts within the organization. When set to false, the configuration will only apply to specifically designated accounts.
The undoMembershipCancellation parameter is a boolean flag that indicates whether to reverse a previously requested membership cancellation. When set to true, this will revoke the cancellation request and maintain the membership status.
This parameter is optional and can be used in scenarios where you need to restore a membership that was marked for cancellation but hasn't been fully terminated yet.
If set to true, the cancellation request will be revoked
If set to false the service will throw a ValidationException.
Response element for GetCase that provides the case ARN
", "ListCasesItem$caseArn": "" } }, "CaseAttachmentAttributes": { "base": "", "refs": { "CaseAttachmentsList$member": null } }, "CaseAttachmentStatus": { "base": null, "refs": { "CaseAttachmentAttributes$attachmentStatus": "" } }, "CaseAttachmentsList": { "base": null, "refs": { "GetCaseResponse$caseAttachments": "Response element for GetCase that provides a list of current case attachments.
" } }, "CaseDescription": { "base": null, "refs": { "CreateCaseRequest$description": "Required element used in combination with CreateCase
to provide a description for the new case.
", "GetCaseResponse$description": "Response element for GetCase that provides contents of the case description.
", "UpdateCaseRequest$description": "Optional element for UpdateCase to provide content for the description field.
" } }, "CaseEditAction": { "base": null, "refs": { "CaseEditItem$action": "" } }, "CaseEditItem": { "base": "", "refs": { "CaseEditItems$member": null } }, "CaseEditItems": { "base": null, "refs": { "ListCaseEditsResponse$items": "Response element for ListCaseEdits that includes the action, event timestamp, message, and principal for the response.
" } }, "CaseEditMessage": { "base": null, "refs": { "CaseEditItem$message": "" } }, "CaseId": { "base": null, "refs": { "CloseCaseRequest$caseId": "Required element used in combination with CloseCase to identify the case ID to close.
", "CreateCaseCommentRequest$caseId": "Required element used in combination with CreateCaseComment to specify a case ID.
", "CreateCaseResponse$caseId": "A response element providing responses for requests to CreateCase. This element responds with the case ID.
", "GetCaseAttachmentDownloadUrlRequest$caseId": "Required element for GetCaseAttachmentDownloadUrl to identify the case ID for downloading an attachment from.
", "GetCaseAttachmentUploadUrlRequest$caseId": "Required element for GetCaseAttachmentUploadUrl to identify the case ID for uploading an attachment.
", "GetCaseRequest$caseId": "Required element for GetCase to identify the requested case ID.
", "ListCaseEditsRequest$caseId": "Required element used with ListCaseEdits to identify the case to query.
", "ListCasesItem$caseId": "", "ListCommentsRequest$caseId": "Required element for ListComments to designate the case to query.
", "UpdateCaseCommentRequest$caseId": "Required element for UpdateCaseComment to identify the case ID containing the comment to be updated.
", "UpdateCaseRequest$caseId": "Required element for UpdateCase to identify the case ID for updates.
", "UpdateCaseStatusRequest$caseId": "Required element for UpdateCaseStatus to identify the case to update.
", "UpdateResolverTypeRequest$caseId": "Required element for UpdateResolverType to identify the case to update.
", "UpdateResolverTypeResponse$caseId": "Response element for UpdateResolver identifying the case ID being updated.
" } }, "CaseStatus": { "base": null, "refs": { "CloseCaseResponse$caseStatus": "A response element providing responses for requests to CloseCase. This element responds Closed if successful.
Response element for GetCase that provides the case status. Options for statuses include Submitted | Detection and Analysis | Eradication, Containment and Recovery | Post-Incident Activities | Closed
Response element for UpdateResolver identifying the current status of the case.
" } }, "CaseTitle": { "base": null, "refs": { "CreateCaseRequest$title": "Required element used in combination with CreateCase to provide a title for the new case.
", "GetCaseResponse$title": "Response element for GetCase that provides the case title.
", "ListCasesItem$title": "", "UpdateCaseRequest$title": "Optional element for UpdateCase to provide content for the title field.
" } }, "CloseCaseRequest": { "base": null, "refs": {} }, "CloseCaseResponse": { "base": null, "refs": {} }, "ClosureCode": { "base": null, "refs": { "GetCaseResponse$closureCode": "Response element for GetCase that provides the summary code for why a case was closed.
" } }, "CommentBody": { "base": null, "refs": { "CreateCaseCommentRequest$body": "Required element used in combination with CreateCaseComment to add content for the new comment.
", "ListCommentsItem$body": "", "UpdateCaseCommentRequest$body": "Required element for UpdateCaseComment to identify the content for the comment to be updated.
", "UpdateCaseCommentResponse$body": "Response element for UpdateCaseComment providing the updated comment content.
" } }, "CommentId": { "base": null, "refs": { "CreateCaseCommentResponse$commentId": "Response element indicating the new comment ID.
", "ListCommentsItem$commentId": "", "UpdateCaseCommentRequest$commentId": "Required element for UpdateCaseComment to identify the case ID to be updated.
", "UpdateCaseCommentResponse$commentId": "Response element for UpdateCaseComment providing the updated comment ID.
" } }, "ConflictException": { "base": "", "refs": {} }, "ContentLength": { "base": null, "refs": { "GetCaseAttachmentUploadUrlRequest$contentLength": "Required element for GetCaseAttachmentUploadUrl to identify the size of the file attachment.
" } }, "CreateCaseCommentRequest": { "base": null, "refs": {} }, "CreateCaseCommentRequestClientTokenString": { "base": null, "refs": { "CreateCaseCommentRequest$clientToken": "The clientToken field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.
The clientToken field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.
The clientToken field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.
Response element for GetMembership that provides the configured membership type. Options include Standalone | Organizations.
Required element used in combination with CreateCase to provide an engagement type for the new cases. Available engagement types include Security Incident | Investigation
", "GetCaseResponse$engagementType": "Response element for GetCase that provides the engagement type. Options for engagement type include Active Security Event | Investigations
Optional element for UpdateCase to provide content for the engagement type field. Available engagement types include Security Incident | Investigation.
Required element for GetCaseAttachmentUploadUrl to identify the file name of the attachment to upload.
" } }, "GetCaseAttachmentDownloadUrlRequest": { "base": null, "refs": {} }, "GetCaseAttachmentDownloadUrlResponse": { "base": null, "refs": {} }, "GetCaseAttachmentUploadUrlRequest": { "base": null, "refs": {} }, "GetCaseAttachmentUploadUrlRequestClientTokenString": { "base": null, "refs": { "GetCaseAttachmentUploadUrlRequest$clientToken": "The clientToken field is an idempotency key used to ensure that repeated attempts for a single action will be ignored by the server during retries. A caller supplied unique ID (typically a UUID) should be provided.
The response element providing error messages for requests to GetMembershipAccountDetails.
" } }, "GetMembershipAccountDetailItem": { "base": "", "refs": { "GetMembershipAccountDetailItems$member": null } }, "GetMembershipAccountDetailItems": { "base": null, "refs": { "BatchGetMemberAccountDetailsResponse$items": "The response element providing responses for requests to GetMembershipAccountDetails.
" } }, "GetMembershipRequest": { "base": null, "refs": {} }, "GetMembershipResponse": { "base": null, "refs": {} }, "IPAddress": { "base": null, "refs": { "ThreatActorIp$ipAddress": "" } }, "ImpactedAccounts": { "base": null, "refs": { "CreateCaseRequest$impactedAccounts": "Required element used in combination with CreateCase to provide a list of impacted accounts.
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.
Response element for GetCase that provides a list of impacted accounts.
", "UpdateCaseRequest$impactedAccountsToAdd": "Optional element for UpdateCase to provide content to add accounts impacted.
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.
Optional element for UpdateCase to provide content to add accounts impacted.
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.
An optional element used in combination with CreateCase to provide a list of impacted regions.
", "GetCaseResponse$impactedAwsRegions": "Response element for GetCase that provides the impacted regions.
", "UpdateCaseRequest$impactedAwsRegionsToAdd": "Optional element for UpdateCase to provide content to add regions impacted.
", "UpdateCaseRequest$impactedAwsRegionsToDelete": "Optional element for UpdateCase to provide content to remove regions impacted.
" } }, "ImpactedServicesList": { "base": null, "refs": { "CreateCaseRequest$impactedServices": "An optional element used in combination with CreateCase to provide a list of services impacted.
", "GetCaseResponse$impactedServices": "Response element for GetCase that provides a list of impacted services.
", "UpdateCaseRequest$impactedServicesToAdd": "Optional element for UpdateCase to provide content to add services impacted.
", "UpdateCaseRequest$impactedServicesToDelete": "Optional element for UpdateCase to provide content to remove services impacted.
" } }, "IncidentResponder": { "base": "", "refs": { "IncidentResponseTeam$member": null } }, "IncidentResponderName": { "base": null, "refs": { "IncidentResponder$name": "" } }, "IncidentResponseTeam": { "base": null, "refs": { "CreateMembershipRequest$incidentResponseTeam": "Required element used in combination with CreateMembership to add customer incident response team members and trusted partners to the membership.
", "GetMembershipResponse$incidentResponseTeam": "Response element for GetMembership that provides the configured membership incident response team members.
", "UpdateMembershipRequest$incidentResponseTeam": "Optional element for UpdateMembership to update the membership name.
" } }, "Integer": { "base": null, "refs": { "InternalServerException$retryAfterSeconds": "The number of seconds after which to retry the request.
", "ListCaseEditsResponse$total": "Response element for ListCaseEdits that identifies the total number of edits.
", "ListCommentsResponse$total": "Response element for ListComments identifying the number of responses.
", "ThrottlingException$retryAfterSeconds": "The number of seconds after which to retry the request.
" } }, "InternalServerException": { "base": "", "refs": {} }, "InvalidTokenException": { "base": "", "refs": {} }, "JobTitle": { "base": null, "refs": { "IncidentResponder$jobTitle": "", "Watcher$jobTitle": "" } }, "ListCaseEditsRequest": { "base": null, "refs": {} }, "ListCaseEditsRequestMaxResultsInteger": { "base": null, "refs": { "ListCaseEditsRequest$maxResults": "Optional element to identify how many results to obtain. There is a maximum value of 25.
" } }, "ListCaseEditsRequestNextTokenString": { "base": null, "refs": { "ListCaseEditsRequest$nextToken": "An optional string that, if supplied, must be copied from the output of a previous call to ListCaseEdits. When provided in this manner, the API fetches the next page of results.
" } }, "ListCaseEditsResponse": { "base": null, "refs": {} }, "ListCasesItem": { "base": "", "refs": { "ListCasesItems$member": null } }, "ListCasesItems": { "base": null, "refs": { "ListCasesResponse$items": "Response element for ListCases that includes caseARN, caseID, caseStatus, closedDate, createdDate, engagementType, lastUpdatedDate, pendingAction, resolverType, and title for each response.
" } }, "ListCasesRequest": { "base": null, "refs": {} }, "ListCasesRequestMaxResultsInteger": { "base": null, "refs": { "ListCasesRequest$maxResults": "Optional element for ListCases to limit the number of responses.
" } }, "ListCasesRequestNextTokenString": { "base": null, "refs": { "ListCasesRequest$nextToken": "An optional string that, if supplied, must be copied from the output of a previous call to ListCases. When provided in this manner, the API fetches the next page of results.
" } }, "ListCasesResponse": { "base": null, "refs": {} }, "ListCommentsItem": { "base": "", "refs": { "ListCommentsItems$member": null } }, "ListCommentsItems": { "base": null, "refs": { "ListCommentsResponse$items": "Response element for ListComments providing the body, commentID, createDate, creator, lastUpdatedBy and lastUpdatedDate for each response.
" } }, "ListCommentsRequest": { "base": null, "refs": {} }, "ListCommentsRequestMaxResultsInteger": { "base": null, "refs": { "ListCommentsRequest$maxResults": "Optional element for ListComments to limit the number of responses.
" } }, "ListCommentsRequestNextTokenString": { "base": null, "refs": { "ListCommentsRequest$nextToken": "An optional string that, if supplied, must be copied from the output of a previous call to ListComments. When provided in this manner, the API fetches the next page of results.
" } }, "ListCommentsResponse": { "base": null, "refs": {} }, "ListMembershipItem": { "base": "", "refs": { "ListMembershipItems$member": null } }, "ListMembershipItems": { "base": null, "refs": { "ListMembershipsResponse$items": "Request element for ListMemberships including the accountID, membershipARN, membershipID, membershipStatus, and region for each response.
" } }, "ListMembershipsRequest": { "base": null, "refs": {} }, "ListMembershipsRequestMaxResultsInteger": { "base": null, "refs": { "ListMembershipsRequest$maxResults": "Request element for ListMemberships to limit the number of responses.
" } }, "ListMembershipsRequestNextTokenString": { "base": null, "refs": { "ListMembershipsRequest$nextToken": "An optional string that, if supplied, must be copied from the output of a previous call to ListMemberships. When provided in this manner, the API fetches the next page of results.
" } }, "ListMembershipsResponse": { "base": null, "refs": {} }, "ListTagsForResourceInput": { "base": null, "refs": {} }, "ListTagsForResourceOutput": { "base": null, "refs": {} }, "Long": { "base": null, "refs": { "GetMembershipResponse$numberOfAccountsCovered": "Response element for GetMembership that provides the number of accounts in the membership.
", "ListCasesResponse$total": "Response element for ListCases providing the total number of responses.
" } }, "MembershipAccountRelationshipStatus": { "base": null, "refs": { "GetMembershipAccountDetailItem$relationshipStatus": "" } }, "MembershipAccountRelationshipType": { "base": null, "refs": { "GetMembershipAccountDetailItem$relationshipType": "" } }, "MembershipAccountsConfigurations": { "base": "The MembershipAccountsConfigurations structure defines the configuration settings for managing membership accounts withinAmazon Web Services.
This structure contains settings that determine how member accounts are configured and managed within your organization, including:
Account configuration preferences
Membership validation rules
Account access settings
You can use this structure to define and maintain standardized configurations across multiple member accounts in your organization.
", "refs": { "GetMembershipResponse$membershipAccountsConfigurations": "The membershipAccountsConfigurations field contains the configuration details for member accounts within the Amazon Web Services Organizations membership structure.
This field returns a structure containing information about:
Account configurations for member accounts
Membership settings and preferences
Account-level permissions and roles
The MembershipAccountsConfigurationsUpdatestructure represents the configuration updates for member accounts within an Amazon Web Services organization.
This structure is used to modify existing account configurations and settings for members in the organization. When applying updates, ensure all required fields are properly specified to maintain account consistency.
Key considerations when using this structure:
All configuration changes are validated before being applied
Updates are processed asynchronously in the background
Configuration changes may take several minutes to propagate across all affected accounts
The membershipAccountsConfigurationsUpdate field in the UpdateMembershipRequest structure allows you to update the configuration settings for accounts within a membership.
This field is optional and contains a structure of type MembershipAccountsConfigurationsUpdate that specifies the updated account configurations for the membership.
A list of organizational unit IDs to add to the membership configuration. Each organizational unit ID must match the pattern ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}.
The list must contain between 1 and 5 organizational unit IDs.
" } }, "MembershipAccountsConfigurationsUpdateOrganizationalUnitsToRemoveList": { "base": null, "refs": { "MembershipAccountsConfigurationsUpdate$organizationalUnitsToRemove": "A list of organizational unit IDs to remove from the membership configuration. Each organizational unit ID must match the pattern ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}.
The list must contain between 1 and 5 organizational unit IDs per invocation of the API request.
" } }, "MembershipArn": { "base": null, "refs": { "GetMembershipResponse$membershipArn": "Response element for GetMembership that provides the membership ARN.
", "ListMembershipItem$membershipArn": "" } }, "MembershipId": { "base": null, "refs": { "BatchGetMemberAccountDetailsRequest$membershipId": "Required element used in combination with BatchGetMemberAccountDetails to identify the membership ID to query.
", "CancelMembershipRequest$membershipId": "Required element used in combination with CancelMembershipRequest to identify the membership ID to cancel.
", "CancelMembershipResponse$membershipId": "The response element providing responses for requests to CancelMembershipRequest.
", "CreateMembershipResponse$membershipId": "Response element for CreateMembership providing the newly created membership ID.
", "GetMembershipRequest$membershipId": "Required element for GetMembership to identify the membership ID to query.
", "GetMembershipResponse$membershipId": "Response element for GetMembership that provides the queried membership ID.
", "ListMembershipItem$membershipId": "", "UpdateMembershipRequest$membershipId": "Required element for UpdateMembership to identify the membership to update.
" } }, "MembershipName": { "base": null, "refs": { "CreateMembershipRequest$membershipName": "Required element used in combination with CreateMembership to create a name for the membership.
", "GetMembershipResponse$membershipName": "Response element for GetMembership that provides the configured membership name.
", "UpdateMembershipRequest$membershipName": "Optional element for UpdateMembership to update the membership name.
" } }, "MembershipStatus": { "base": null, "refs": { "GetMembershipResponse$membershipStatus": "Response element for GetMembership that provides the current membership status.
", "ListMembershipItem$membershipStatus": "" } }, "OptInFeature": { "base": "", "refs": { "OptInFeatures$member": null } }, "OptInFeatureName": { "base": null, "refs": { "OptInFeature$featureName": "" } }, "OptInFeatures": { "base": null, "refs": { "CreateMembershipRequest$optInFeatures": "Optional element to enable the monitoring and investigation opt-in features for the service.
", "GetMembershipResponse$optInFeatures": "Response element for GetMembership that provides the if opt-in features have been enabled.
", "UpdateMembershipRequest$optInFeatures": "Optional element for UpdateMembership to enable or disable opt-in features for the service.
" } }, "OrganizationalUnitId": { "base": null, "refs": { "MembershipAccountsConfigurationsUpdateOrganizationalUnitsToAddList$member": null, "MembershipAccountsConfigurationsUpdateOrganizationalUnitsToRemoveList$member": null, "OrganizationalUnits$member": null } }, "OrganizationalUnits": { "base": null, "refs": { "MembershipAccountsConfigurations$organizationalUnits": "A list of organizational unit IDs that follow the pattern ou-[0-9a-z]{4,32}-[a-z0-9]{8,32}. These IDs represent the organizational units within an Amazon Web Services Organizations structure that are covered by the membership.
Each organizational unit ID in the list must:
Begin with the prefix 'ou-'
Contain between 4 and 32 alphanumeric characters in the first segment
Contain between 8 and 32 alphanumeric characters in the second segment
Response element for GetCase that identifies the case is waiting on customer input.
", "ListCasesItem$pendingAction": "" } }, "PersonName": { "base": null, "refs": { "Watcher$name": "" } }, "PrincipalId": { "base": null, "refs": { "CaseAttachmentAttributes$creator": "", "ListCommentsItem$creator": "", "ListCommentsItem$lastUpdatedBy": "" } }, "ResolverType": { "base": null, "refs": { "CreateCaseRequest$resolverType": "Required element used in combination with CreateCase to identify the resolver type.
", "GetCaseResponse$resolverType": "Response element for GetCase that provides the current resolver types.
", "ListCasesItem$resolverType": "", "UpdateResolverTypeRequest$resolverType": "Required element for UpdateResolverType to identify the new resolver.
", "UpdateResolverTypeResponse$resolverType": "Response element for UpdateResolver identifying the current resolver of the case.
" } }, "ResourceNotFoundException": { "base": "", "refs": {} }, "SecurityIncidentResponseNotActiveException": { "base": "", "refs": {} }, "SelfManagedCaseStatus": { "base": null, "refs": { "UpdateCaseStatusRequest$caseStatus": "Required element for UpdateCaseStatus to identify the status for a case. Options include Submitted | Detection and Analysis | Containment, Eradication and Recovery | Post-incident Activities.
Response element for UpdateCaseStatus showing the newly configured status.
" } }, "ServiceQuotaExceededException": { "base": "", "refs": {} }, "String": { "base": null, "refs": { "AccessDeniedException$message": "The ID of the resource which lead to the access denial.
", "CaseEditItem$principal": "", "ConflictException$message": "The exception message.
", "ConflictException$resourceId": "The ID of the conflicting resource.
", "ConflictException$resourceType": "The type of the conflicting resource.
", "GetMembershipAccountDetailError$error": "", "GetMembershipAccountDetailError$message": "", "InternalServerException$message": "The exception message.
", "InvalidTokenException$message": "The exception message.
", "ListCaseEditsResponse$nextToken": "An optional string that, if supplied on subsequent calls to ListCaseEdits, allows the API to fetch the next page of results.
", "ListCasesResponse$nextToken": "An optional string that, if supplied on subsequent calls to ListCases, allows the API to fetch the next page of results.
", "ListCommentsResponse$nextToken": "An optional string that, if supplied on subsequent calls to ListComments, allows the API to fetch the next page of results.
", "ListMembershipsResponse$nextToken": "An optional string that, if supplied on subsequent calls to ListMemberships, allows the API to fetch the next page of results.
", "ResourceNotFoundException$message": "The exception message.
", "SecurityIncidentResponseNotActiveException$message": "The exception message.
", "ServiceQuotaExceededException$message": "The exception message.
", "ServiceQuotaExceededException$resourceId": "The ID of the requested resource which lead to the service quota exception.
", "ServiceQuotaExceededException$resourceType": "The type of the requested resource which lead to the service quota exception.
", "ServiceQuotaExceededException$serviceCode": "The service code of the quota.
", "ServiceQuotaExceededException$quotaCode": "The code of the quota.
", "ThrottlingException$message": "The exception message.
", "ThrottlingException$serviceCode": "The service code of the exception.
", "ThrottlingException$quotaCode": "The quota code of the exception.
", "ValidationException$message": "The exception message.
", "ValidationExceptionField$name": "", "ValidationExceptionField$message": "" } }, "TagKey": { "base": null, "refs": { "TagKeys$member": null, "TagMap$key": null } }, "TagKeys": { "base": null, "refs": { "UntagResourceInput$tagKeys": "Required element for UnTagResource to identify tag to remove.
" } }, "TagMap": { "base": null, "refs": { "CreateCaseRequest$tags": "An optional element used in combination with CreateCase to add customer specified tags to a case.
", "CreateMembershipRequest$tags": "Optional element for customer configured tags.
", "ListTagsForResourceOutput$tags": "Response element for ListTagsForResource providing content for each configured tag.
", "TagResourceInput$tags": "Required element for ListTagsForResource to provide the content for a tag.
" } }, "TagResourceInput": { "base": null, "refs": {} }, "TagResourceOutput": { "base": null, "refs": {} }, "TagValue": { "base": null, "refs": { "TagMap$value": null } }, "ThreatActorIp": { "base": "", "refs": { "ThreatActorIpList$member": null } }, "ThreatActorIpList": { "base": null, "refs": { "CreateCaseRequest$threatActorIpAddresses": "An optional element used in combination with CreateCase to provide a list of suspicious internet protocol addresses associated with unauthorized activity.
", "GetCaseResponse$threatActorIpAddresses": "Response element for GetCase that provides a list of suspicious IP addresses associated with unauthorized activity.
", "UpdateCaseRequest$threatActorIpAddressesToAdd": "Optional element for UpdateCase to provide content to add additional suspicious IP addresses related to a case.
", "UpdateCaseRequest$threatActorIpAddressesToDelete": "Optional element for UpdateCase to provide content to remove suspicious IP addresses from a case.
" } }, "ThrottlingException": { "base": "", "refs": {} }, "Timestamp": { "base": null, "refs": { "CaseAttachmentAttributes$createdDate": "", "CaseEditItem$eventTimestamp": "", "CloseCaseResponse$closedDate": "A response element providing responses for requests to CloseCase. This element responds with the ISO-8601 formatted timestamp of the moment when the case was closed.
", "CreateCaseRequest$reportedIncidentStartDate": "Required element used in combination with CreateCase to provide an initial start date for the unauthorized activity.
", "GetCaseResponse$reportedIncidentStartDate": "Response element for GetCase that provides the customer provided incident start date.
", "GetCaseResponse$actualIncidentStartDate": "Response element for GetCase that provides the actual incident start date as identified by data analysis during the investigation.
", "GetCaseResponse$createdDate": "Response element for GetCase that provides the date the case was created.
", "GetCaseResponse$lastUpdatedDate": "Response element for GetCase that provides the date a case was last modified.
", "GetCaseResponse$closedDate": "Response element for GetCase that provides the date a specified case was closed.
", "GetMembershipResponse$membershipActivationTimestamp": "Response element for GetMembership that provides the configured membership activation timestamp.
", "GetMembershipResponse$membershipDeactivationTimestamp": "Response element for GetMembership that provides the configured membership name deactivation timestamp.
", "ListCasesItem$lastUpdatedDate": "", "ListCasesItem$createdDate": "", "ListCasesItem$closedDate": "", "ListCommentsItem$createdDate": "", "ListCommentsItem$lastUpdatedDate": "", "UpdateCaseRequest$reportedIncidentStartDate": "Optional element for UpdateCase to provide content for the customer reported incident start date field.
", "UpdateCaseRequest$actualIncidentStartDate": "Optional element for UpdateCase to provide content for the incident start date field.
" } }, "UntagResourceInput": { "base": null, "refs": {} }, "UntagResourceOutput": { "base": null, "refs": {} }, "UpdateCaseCommentRequest": { "base": null, "refs": {} }, "UpdateCaseCommentResponse": { "base": null, "refs": {} }, "UpdateCaseRequest": { "base": null, "refs": {} }, "UpdateCaseResponse": { "base": null, "refs": {} }, "UpdateCaseStatusRequest": { "base": null, "refs": {} }, "UpdateCaseStatusResponse": { "base": null, "refs": {} }, "UpdateMembershipRequest": { "base": null, "refs": {} }, "UpdateMembershipResponse": { "base": null, "refs": {} }, "UpdateResolverTypeRequest": { "base": null, "refs": {} }, "UpdateResolverTypeResponse": { "base": null, "refs": {} }, "Url": { "base": null, "refs": { "GetCaseAttachmentDownloadUrlResponse$attachmentPresignedUrl": "Response element providing the Amazon S3 presigned URL to download an attachment.
", "GetCaseAttachmentUploadUrlResponse$attachmentPresignedUrl": "Response element providing the Amazon S3 presigned URL to upload the attachment.
" } }, "UserAgent": { "base": null, "refs": { "ThreatActorIp$userAgent": "" } }, "ValidationException": { "base": "", "refs": {} }, "ValidationExceptionField": { "base": "", "refs": { "ValidationExceptionFieldList$member": null } }, "ValidationExceptionFieldList": { "base": null, "refs": { "ValidationException$fieldList": "The fields which lead to the exception.
" } }, "ValidationExceptionReason": { "base": null, "refs": { "ValidationException$reason": "The reason for the exception.
" } }, "Watcher": { "base": "", "refs": { "Watchers$member": null } }, "Watchers": { "base": null, "refs": { "CreateCaseRequest$watchers": "Required element used in combination with CreateCase to provide a list of entities to receive notifications for case updates.
", "GetCaseResponse$watchers": "Response element for GetCase that provides a list of Watchers added to the case.
", "UpdateCaseRequest$watchersToAdd": "Optional element for UpdateCase to provide content to add additional watchers to a case.
", "UpdateCaseRequest$watchersToDelete": "Optional element for UpdateCase to provide content to remove existing watchers from a case.
" } } } }