From 3d1153041aebb10171a48dac7407a60321878528 Mon Sep 17 00:00:00 2001 From: awstools Date: Thu, 15 Jun 2023 18:16:46 +0000 Subject: [PATCH] docs(client-guardduty): Updated descriptions for some APIs. --- .../src/commands/CreateMembersCommand.ts | 18 ++++++++++------ ...ssociateFromAdministratorAccountCommand.ts | 6 ++++++ .../DisassociateFromMasterAccountCommand.ts | 6 ++++++ .../commands/DisassociateMembersCommand.ts | 8 ++++++- .../src/commands/InviteMembersCommand.ts | 21 ++++++++++++++++--- .../client-guardduty/src/models/models_0.ts | 2 +- codegen/sdk-codegen/aws-models/guardduty.json | 12 +++++------ 7 files changed, 56 insertions(+), 17 deletions(-) diff --git a/clients/client-guardduty/src/commands/CreateMembersCommand.ts b/clients/client-guardduty/src/commands/CreateMembersCommand.ts index 2f2fe0b63483..7ae4435258a2 100644 --- a/clients/client-guardduty/src/commands/CreateMembersCommand.ts +++ b/clients/client-guardduty/src/commands/CreateMembersCommand.ts @@ -39,12 +39,18 @@ export interface CreateMembersCommandOutput extends CreateMembersResponse, __Met *

Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account * IDs. This step is a prerequisite for managing the associated member accounts either by * invitation or through an organization.

- *

When using Create Members as an organizations delegated administrator this - * action will enable GuardDuty in the added member accounts, with the exception of the - * organization delegated administrator account, which must enable GuardDuty prior to being added - * as a member.

- *

If you are adding accounts by invitation, use this action after GuardDuty has bee enabled in - * potential member accounts and before using InviteMembers.

+ *

As a delegated administrator, using CreateMembers will enable GuardDuty in + * the added member accounts, with the exception of the + * organization delegated administrator account. A delegated administrator must enable GuardDuty + * prior to being added as a member.

+ *

If you are adding accounts by invitation, before using InviteMembers, use + * CreateMembers after GuardDuty has been enabled in potential member accounts.

+ *

If you disassociate a member from a GuardDuty + * delegated administrator, the member account details + * obtained from this API, including the associated email addresses, will be retained. + * This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To + * remove the details associated with a member account, the delegated administrator must invoke the + * DeleteMembers API.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-guardduty/src/commands/DisassociateFromAdministratorAccountCommand.ts b/clients/client-guardduty/src/commands/DisassociateFromAdministratorAccountCommand.ts index 3341b06a4407..40238fe2049c 100644 --- a/clients/client-guardduty/src/commands/DisassociateFromAdministratorAccountCommand.ts +++ b/clients/client-guardduty/src/commands/DisassociateFromAdministratorAccountCommand.ts @@ -45,6 +45,12 @@ export interface DisassociateFromAdministratorAccountCommandOutput /** * @public *

Disassociates the current GuardDuty member account from its administrator account.

+ *

When you + * disassociate an invited member from a GuardDuty delegated administrator, the member account details + * obtained from the CreateMembers API, including the associated email addresses, are retained. This is + * done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To + * remove the details associated with a member account, the delegated administrator must invoke the + * DeleteMembers API.

*

With autoEnableOrganizationMembers configuration for your organization set to * ALL, you'll receive an error if you attempt to disable GuardDuty in a member * account.

diff --git a/clients/client-guardduty/src/commands/DisassociateFromMasterAccountCommand.ts b/clients/client-guardduty/src/commands/DisassociateFromMasterAccountCommand.ts index a72fdc482383..738871570707 100644 --- a/clients/client-guardduty/src/commands/DisassociateFromMasterAccountCommand.ts +++ b/clients/client-guardduty/src/commands/DisassociateFromMasterAccountCommand.ts @@ -44,6 +44,12 @@ export interface DisassociateFromMasterAccountCommandOutput * @deprecated * *

Disassociates the current GuardDuty member account from its administrator account.

+ *

When you + * disassociate an invited member from a GuardDuty delegated administrator, the member account details + * obtained from the CreateMembers API, including the associated email addresses, are retained. This is + * done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To + * remove the details associated with a member account, the delegated administrator must invoke the + * DeleteMembers API.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts b/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts index 70222260a80e..714368ae377b 100644 --- a/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts +++ b/clients/client-guardduty/src/commands/DisassociateMembersCommand.ts @@ -36,8 +36,14 @@ export interface DisassociateMembersCommandOutput extends DisassociateMembersRes /** * @public - *

Disassociates GuardDuty member accounts (to the current administrator account) specified + *

Disassociates GuardDuty member accounts (from the current administrator account) specified * by the account IDs.

+ *

When you + * disassociate an invited member from a GuardDuty delegated administrator, the member account details + * obtained from the CreateMembers API, including the associated email addresses, are retained. This is + * done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To + * remove the details associated with a member account, the delegated administrator must invoke the + * DeleteMembers API.

*

With autoEnableOrganizationMembers configuration for your organization set to * ALL, you'll receive an error if you attempt to disassociate a member account * before removing them from your Amazon Web Services organization.

diff --git a/clients/client-guardduty/src/commands/InviteMembersCommand.ts b/clients/client-guardduty/src/commands/InviteMembersCommand.ts index 0d38655fc368..8543af510008 100644 --- a/clients/client-guardduty/src/commands/InviteMembersCommand.ts +++ b/clients/client-guardduty/src/commands/InviteMembersCommand.ts @@ -36,9 +36,24 @@ export interface InviteMembersCommandOutput extends InviteMembersResponse, __Met /** * @public - *

Invites other Amazon Web Services accounts (created as members of the current Amazon Web Services account by - * CreateMembers) to enable GuardDuty, and allow the current Amazon Web Services account to view and manage - * these accounts' findings on their behalf as the GuardDuty administrator account.

+ *

Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account + * that invokes this API. If you are using Amazon Web Services Organizations to manager your GuardDuty environment, this step is not + * needed. For more information, see Managing accounts with Amazon Web Services Organizations.

+ *

To invite Amazon Web Services accounts, the first step is + * to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API + * to add accounts by invitation. The + * invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited Amazon Web Services account can + * choose to accept the invitation from only one Amazon Web Services account. For more information, see + * Managing GuardDuty accounts + * by invitation.

+ *

After the invite has been accepted and you choose to disassociate a member account + * (by using DisassociateMembers) from your account, + * the details of the member account obtained by invoking CreateMembers, including the + * associated email addresses, will be retained. + * This is done so that you can invoke InviteMembers without the need to invoke + * CreateMembers again. To + * remove the details associated with a member account, you must also invoke + * DeleteMembers.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-guardduty/src/models/models_0.ts b/clients/client-guardduty/src/models/models_0.ts index 88f929abf4d3..f065fa7d14e1 100644 --- a/clients/client-guardduty/src/models/models_0.ts +++ b/clients/client-guardduty/src/models/models_0.ts @@ -572,7 +572,7 @@ export interface AwsApiCallAction { */ export interface DnsRequestAction { /** - *

The domain information for the API request.

+ *

The domain information for the DNS query.

*/ Domain?: string; diff --git a/codegen/sdk-codegen/aws-models/guardduty.json b/codegen/sdk-codegen/aws-models/guardduty.json index fd74a3feb672..3a912fa24e86 100644 --- a/codegen/sdk-codegen/aws-models/guardduty.json +++ b/codegen/sdk-codegen/aws-models/guardduty.json @@ -1790,7 +1790,7 @@ } ], "traits": { - "smithy.api#documentation": "

Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account\n IDs. This step is a prerequisite for managing the associated member accounts either by\n invitation or through an organization.

\n

When using Create Members as an organizations delegated administrator this\n action will enable GuardDuty in the added member accounts, with the exception of the\n organization delegated administrator account, which must enable GuardDuty prior to being added\n as a member.

\n

If you are adding accounts by invitation, use this action after GuardDuty has bee enabled in\n potential member accounts and before using InviteMembers.

", + "smithy.api#documentation": "

Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account\n IDs. This step is a prerequisite for managing the associated member accounts either by\n invitation or through an organization.

\n

As a delegated administrator, using CreateMembers will enable GuardDuty in \n the added member accounts, with the exception of the\n organization delegated administrator account. A delegated administrator must enable GuardDuty \n prior to being added as a member.

\n

If you are adding accounts by invitation, before using InviteMembers, use \n CreateMembers after GuardDuty has been enabled in potential member accounts.

\n

If you disassociate a member from a GuardDuty \n delegated administrator, the member account details \n obtained from this API, including the associated email addresses, will be retained. \n This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To \n remove the details associated with a member account, the delegated administrator must invoke the \n DeleteMembers API.

", "smithy.api#http": { "method": "POST", "uri": "/detector/{DetectorId}/member", @@ -3606,7 +3606,7 @@ } ], "traits": { - "smithy.api#documentation": "

Disassociates the current GuardDuty member account from its administrator account.

\n

With autoEnableOrganizationMembers configuration for your organization set to\n ALL, you'll receive an error if you attempt to disable GuardDuty in a member\n account.

", + "smithy.api#documentation": "

Disassociates the current GuardDuty member account from its administrator account.

\n

When you \n disassociate an invited member from a GuardDuty delegated administrator, the member account details \n obtained from the CreateMembers API, including the associated email addresses, are retained. This is \n done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To \n remove the details associated with a member account, the delegated administrator must invoke the \n DeleteMembers API.

\n

With autoEnableOrganizationMembers configuration for your organization set to\n ALL, you'll receive an error if you attempt to disable GuardDuty in a member\n account.

", "smithy.api#http": { "method": "POST", "uri": "/detector/{DetectorId}/administrator/disassociate", @@ -3658,7 +3658,7 @@ "smithy.api#deprecated": { "message": "This operation is deprecated, use DisassociateFromAdministratorAccount instead" }, - "smithy.api#documentation": "

Disassociates the current GuardDuty member account from its administrator account.

", + "smithy.api#documentation": "

Disassociates the current GuardDuty member account from its administrator account.

\n

When you \n disassociate an invited member from a GuardDuty delegated administrator, the member account details \n obtained from the CreateMembers API, including the associated email addresses, are retained. This is \n done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To \n remove the details associated with a member account, the delegated administrator must invoke the \n DeleteMembers API.

", "smithy.api#http": { "method": "POST", "uri": "/detector/{DetectorId}/master/disassociate", @@ -3713,7 +3713,7 @@ } ], "traits": { - "smithy.api#documentation": "

Disassociates GuardDuty member accounts (to the current administrator account) specified\n by the account IDs.

\n

With autoEnableOrganizationMembers configuration for your organization set to\n ALL, you'll receive an error if you attempt to disassociate a member account\n before removing them from your Amazon Web Services organization.

", + "smithy.api#documentation": "

Disassociates GuardDuty member accounts (from the current administrator account) specified\n by the account IDs.

\n

When you \n disassociate an invited member from a GuardDuty delegated administrator, the member account details \n obtained from the CreateMembers API, including the associated email addresses, are retained. This is \n done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To \n remove the details associated with a member account, the delegated administrator must invoke the \n DeleteMembers API.

\n

With autoEnableOrganizationMembers configuration for your organization set to\n ALL, you'll receive an error if you attempt to disassociate a member account\n before removing them from your Amazon Web Services organization.

", "smithy.api#http": { "method": "POST", "uri": "/detector/{DetectorId}/member/disassociate", @@ -3768,7 +3768,7 @@ "Domain": { "target": "com.amazonaws.guardduty#String", "traits": { - "smithy.api#documentation": "

The domain information for the API request.

", + "smithy.api#documentation": "

The domain information for the DNS query.

", "smithy.api#jsonName": "domain" } }, @@ -7538,7 +7538,7 @@ } ], "traits": { - "smithy.api#documentation": "

Invites other Amazon Web Services accounts (created as members of the current Amazon Web Services account by\n CreateMembers) to enable GuardDuty, and allow the current Amazon Web Services account to view and manage\n these accounts' findings on their behalf as the GuardDuty administrator account.

", + "smithy.api#documentation": "

Invites Amazon Web Services accounts to become members of an organization administered by the Amazon Web Services account \n that invokes this API. If you are using Amazon Web Services Organizations to manager your GuardDuty environment, this step is not \n needed. For more information, see Managing accounts with Amazon Web Services Organizations.

\n

To invite Amazon Web Services accounts, the first step is \n to ensure that GuardDuty has been enabled in the potential member accounts. You can now invoke this API\n to add accounts by invitation. The \n invited accounts can either accept or decline the invitation from their GuardDuty accounts. Each invited Amazon Web Services account can \n choose to accept the invitation from only one Amazon Web Services account. For more information, see \n Managing GuardDuty accounts \n by invitation.

\n

After the invite has been accepted and you choose to disassociate a member account \n (by using DisassociateMembers) from your account, \n the details of the member account obtained by invoking CreateMembers, including the \n associated email addresses, will be retained. \n This is done so that you can invoke InviteMembers without the need to invoke \n CreateMembers again. To \n remove the details associated with a member account, you must also invoke \n DeleteMembers.

", "smithy.api#http": { "method": "POST", "uri": "/detector/{DetectorId}/member/invite",