INSPECTOR2

AssociateMember

valid {
    input.Body.accountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

BatchGetAccountStatus

valid {
    input.Body.accountIds[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

BatchGetCodeSnippet

valid {
    input.Body.findingArns[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

BatchGetFindingDetails

valid {
    input.Body.findingArns[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

BatchGetFreeTrialInfo

valid {
    input.Body.accountIds[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

BatchGetMemberEc2DeepInspectionStatus

valid {
    input.Body.accountIds[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

BatchUpdateMemberEc2DeepInspectionStatus

valid {
    input.Body.accountIds[_].accountId == STRING
    input.Body.accountIds[_].activateDeepInspection == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelFindingsReport

valid {
    input.Body.reportId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CancelSbomExport

valid {
    input.Body.reportId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateCisScanConfiguration

enum_CisSecurityLevel := [ "LEVEL_1", "LEVEL_2" ]
enum_Day := [ "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT" ]

valid {
    input.Body.scanName == STRING
    input.Body.schedule.daily.startTime.timeOfDay == STRING
    input.Body.schedule.daily.startTime.timezone == STRING
    input.Body.schedule.monthly.day == enum_Day[_]
    input.Body.schedule.monthly.startTime.timeOfDay == STRING
    input.Body.schedule.monthly.startTime.timezone == STRING
    input.Body.schedule.oneTime == {}
    input.Body.schedule.weekly.days[_] == enum_Day[_]
    input.Body.schedule.weekly.startTime.timeOfDay == STRING
    input.Body.schedule.weekly.startTime.timezone == STRING
    input.Body.securityLevel == enum_CisSecurityLevel[_]
    input.Body.tags.STRING == STRING
    input.Body.targets.accountIds[_] == STRING
    input.Body.targets.targetResourceTags.STRING[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateFilter

enum_FilterAction := [ "NONE", "SUPPRESS" ]
enum_MapComparison := [ "EQUALS" ]
enum_StringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]

valid {
    input.Body.action == enum_FilterAction[_]
    input.Body.description == STRING
    input.Body.filterCriteria.awsAccountId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.awsAccountId[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityDetectorName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityDetectorName[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityFilePath[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityFilePath[_].value == STRING
    input.Body.filterCriteria.componentId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.componentId[_].value == STRING
    input.Body.filterCriteria.componentType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.componentType[_].value == STRING
    input.Body.filterCriteria.ec2InstanceImageId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceImageId[_].value == STRING
    input.Body.filterCriteria.ec2InstanceSubnetId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceSubnetId[_].value == STRING
    input.Body.filterCriteria.ec2InstanceVpcId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceVpcId[_].value == STRING
    input.Body.filterCriteria.ecrImageArchitecture[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageArchitecture[_].value == STRING
    input.Body.filterCriteria.ecrImageHash[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageHash[_].value == STRING
    input.Body.filterCriteria.ecrImagePushedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.ecrImagePushedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.ecrImageRegistry[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageRegistry[_].value == STRING
    input.Body.filterCriteria.ecrImageRepositoryName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageRepositoryName[_].value == STRING
    input.Body.filterCriteria.ecrImageTags[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageTags[_].value == STRING
    input.Body.filterCriteria.epssScore[_].lowerInclusive == DOUBLE
    input.Body.filterCriteria.epssScore[_].upperInclusive == DOUBLE
    input.Body.filterCriteria.exploitAvailable[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.exploitAvailable[_].value == STRING
    input.Body.filterCriteria.findingArn[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingArn[_].value == STRING
    input.Body.filterCriteria.findingStatus[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingStatus[_].value == STRING
    input.Body.filterCriteria.findingType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingType[_].value == STRING
    input.Body.filterCriteria.firstObservedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.firstObservedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.fixAvailable[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.fixAvailable[_].value == STRING
    input.Body.filterCriteria.inspectorScore[_].lowerInclusive == DOUBLE
    input.Body.filterCriteria.inspectorScore[_].upperInclusive == DOUBLE
    input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.lambdaFunctionLayers[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionLayers[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
    input.Body.filterCriteria.lastObservedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.lastObservedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.networkProtocol[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.networkProtocol[_].value == STRING
    input.Body.filterCriteria.portRange[_].beginInclusive == INTEGER
    input.Body.filterCriteria.portRange[_].endInclusive == INTEGER
    input.Body.filterCriteria.relatedVulnerabilities[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.relatedVulnerabilities[_].value == STRING
    input.Body.filterCriteria.resourceId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.resourceId[_].value == STRING
    input.Body.filterCriteria.resourceTags[_].comparison == enum_MapComparison[_]
    input.Body.filterCriteria.resourceTags[_].key == STRING
    input.Body.filterCriteria.resourceTags[_].value == STRING
    input.Body.filterCriteria.resourceType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.resourceType[_].value == STRING
    input.Body.filterCriteria.severity[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.severity[_].value == STRING
    input.Body.filterCriteria.title[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.title[_].value == STRING
    input.Body.filterCriteria.updatedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.updatedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.vendorSeverity[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vendorSeverity[_].value == STRING
    input.Body.filterCriteria.vulnerabilityId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerabilityId[_].value == STRING
    input.Body.filterCriteria.vulnerabilitySource[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerabilitySource[_].value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].architecture.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].architecture.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].epoch.lowerInclusive == DOUBLE
    input.Body.filterCriteria.vulnerablePackages[_].epoch.upperInclusive == DOUBLE
    input.Body.filterCriteria.vulnerablePackages[_].name.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].name.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].release.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].release.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].version.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].version.value == STRING
    input.Body.name == STRING
    input.Body.reason == STRING
    input.Body.tags.STRING == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateFindingsReport

enum_MapComparison := [ "EQUALS" ]
enum_ReportFormat := [ "CSV", "JSON" ]
enum_StringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]

valid {
    input.Body.filterCriteria.awsAccountId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.awsAccountId[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityDetectorName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityDetectorName[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityFilePath[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityFilePath[_].value == STRING
    input.Body.filterCriteria.componentId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.componentId[_].value == STRING
    input.Body.filterCriteria.componentType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.componentType[_].value == STRING
    input.Body.filterCriteria.ec2InstanceImageId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceImageId[_].value == STRING
    input.Body.filterCriteria.ec2InstanceSubnetId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceSubnetId[_].value == STRING
    input.Body.filterCriteria.ec2InstanceVpcId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceVpcId[_].value == STRING
    input.Body.filterCriteria.ecrImageArchitecture[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageArchitecture[_].value == STRING
    input.Body.filterCriteria.ecrImageHash[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageHash[_].value == STRING
    input.Body.filterCriteria.ecrImagePushedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.ecrImagePushedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.ecrImageRegistry[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageRegistry[_].value == STRING
    input.Body.filterCriteria.ecrImageRepositoryName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageRepositoryName[_].value == STRING
    input.Body.filterCriteria.ecrImageTags[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageTags[_].value == STRING
    input.Body.filterCriteria.epssScore[_].lowerInclusive == DOUBLE
    input.Body.filterCriteria.epssScore[_].upperInclusive == DOUBLE
    input.Body.filterCriteria.exploitAvailable[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.exploitAvailable[_].value == STRING
    input.Body.filterCriteria.findingArn[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingArn[_].value == STRING
    input.Body.filterCriteria.findingStatus[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingStatus[_].value == STRING
    input.Body.filterCriteria.findingType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingType[_].value == STRING
    input.Body.filterCriteria.firstObservedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.firstObservedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.fixAvailable[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.fixAvailable[_].value == STRING
    input.Body.filterCriteria.inspectorScore[_].lowerInclusive == DOUBLE
    input.Body.filterCriteria.inspectorScore[_].upperInclusive == DOUBLE
    input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.lambdaFunctionLayers[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionLayers[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
    input.Body.filterCriteria.lastObservedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.lastObservedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.networkProtocol[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.networkProtocol[_].value == STRING
    input.Body.filterCriteria.portRange[_].beginInclusive == INTEGER
    input.Body.filterCriteria.portRange[_].endInclusive == INTEGER
    input.Body.filterCriteria.relatedVulnerabilities[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.relatedVulnerabilities[_].value == STRING
    input.Body.filterCriteria.resourceId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.resourceId[_].value == STRING
    input.Body.filterCriteria.resourceTags[_].comparison == enum_MapComparison[_]
    input.Body.filterCriteria.resourceTags[_].key == STRING
    input.Body.filterCriteria.resourceTags[_].value == STRING
    input.Body.filterCriteria.resourceType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.resourceType[_].value == STRING
    input.Body.filterCriteria.severity[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.severity[_].value == STRING
    input.Body.filterCriteria.title[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.title[_].value == STRING
    input.Body.filterCriteria.updatedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.updatedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.vendorSeverity[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vendorSeverity[_].value == STRING
    input.Body.filterCriteria.vulnerabilityId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerabilityId[_].value == STRING
    input.Body.filterCriteria.vulnerabilitySource[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerabilitySource[_].value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].architecture.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].architecture.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].epoch.lowerInclusive == DOUBLE
    input.Body.filterCriteria.vulnerablePackages[_].epoch.upperInclusive == DOUBLE
    input.Body.filterCriteria.vulnerablePackages[_].name.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].name.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].release.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].release.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].version.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].version.value == STRING
    input.Body.reportFormat == enum_ReportFormat[_]
    input.Body.s3Destination.bucketName == STRING
    input.Body.s3Destination.keyPrefix == STRING
    input.Body.s3Destination.kmsKeyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateSbomExport

enum_ResourceMapComparison := [ "EQUALS" ]
enum_ResourceStringComparison := [ "EQUALS", "NOT_EQUALS" ]
enum_SbomReportFormat := [ "CYCLONEDX_1_4", "SPDX_2_3" ]

valid {
    input.Body.reportFormat == enum_SbomReportFormat[_]
    input.Body.resourceFilterCriteria.accountId[_].comparison == enum_ResourceStringComparison[_]
    input.Body.resourceFilterCriteria.accountId[_].value == STRING
    input.Body.resourceFilterCriteria.ec2InstanceTags[_].comparison == enum_ResourceMapComparison[_]
    input.Body.resourceFilterCriteria.ec2InstanceTags[_].key == STRING
    input.Body.resourceFilterCriteria.ec2InstanceTags[_].value == STRING
    input.Body.resourceFilterCriteria.ecrImageTags[_].comparison == enum_ResourceStringComparison[_]
    input.Body.resourceFilterCriteria.ecrImageTags[_].value == STRING
    input.Body.resourceFilterCriteria.ecrRepositoryName[_].comparison == enum_ResourceStringComparison[_]
    input.Body.resourceFilterCriteria.ecrRepositoryName[_].value == STRING
    input.Body.resourceFilterCriteria.lambdaFunctionName[_].comparison == enum_ResourceStringComparison[_]
    input.Body.resourceFilterCriteria.lambdaFunctionName[_].value == STRING
    input.Body.resourceFilterCriteria.lambdaFunctionTags[_].comparison == enum_ResourceMapComparison[_]
    input.Body.resourceFilterCriteria.lambdaFunctionTags[_].key == STRING
    input.Body.resourceFilterCriteria.lambdaFunctionTags[_].value == STRING
    input.Body.resourceFilterCriteria.resourceId[_].comparison == enum_ResourceStringComparison[_]
    input.Body.resourceFilterCriteria.resourceId[_].value == STRING
    input.Body.resourceFilterCriteria.resourceType[_].comparison == enum_ResourceStringComparison[_]
    input.Body.resourceFilterCriteria.resourceType[_].value == STRING
    input.Body.s3Destination.bucketName == STRING
    input.Body.s3Destination.keyPrefix == STRING
    input.Body.s3Destination.kmsKeyArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteCisScanConfiguration

valid {
    input.Body.scanConfigurationArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteFilter

valid {
    input.Body.arn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeOrganizationConfiguration

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

Disable

enum_ResourceScanType := [ "EC2", "ECR", "LAMBDA", "LAMBDA_CODE" ]

valid {
    input.Body.accountIds[_] == STRING
    input.Body.resourceTypes[_] == enum_ResourceScanType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableDelegatedAdminAccount

valid {
    input.Body.delegatedAdminAccountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateMember

valid {
    input.Body.accountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

Enable

enum_ResourceScanType := [ "EC2", "ECR", "LAMBDA", "LAMBDA_CODE" ]

valid {
    input.Body.accountIds[_] == STRING
    input.Body.clientToken == STRING
    input.Body.resourceTypes[_] == enum_ResourceScanType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableDelegatedAdminAccount

valid {
    input.Body.clientToken == STRING
    input.Body.delegatedAdminAccountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCisScanReport

enum_CisReportFormat := [ "PDF", "CSV" ]

valid {
    input.Body.reportFormat == enum_CisReportFormat[_]
    input.Body.scanArn == STRING
    input.Body.targetAccounts[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCisScanResultDetails

enum_CisFindingStatus := [ "PASSED", "FAILED", "SKIPPED" ]
enum_CisFindingStatusComparison := [ "EQUALS" ]
enum_CisScanResultDetailsSortBy := [ "CHECK_ID", "STATUS" ]
enum_CisSecurityLevel := [ "LEVEL_1", "LEVEL_2" ]
enum_CisSecurityLevelComparison := [ "EQUALS" ]
enum_CisSortOrder := [ "ASC", "DESC" ]
enum_CisStringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]

valid {
    input.Body.accountId == STRING
    input.Body.filterCriteria.checkIdFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.checkIdFilters[_].value == STRING
    input.Body.filterCriteria.findingArnFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.findingArnFilters[_].value == STRING
    input.Body.filterCriteria.findingStatusFilters[_].comparison == enum_CisFindingStatusComparison[_]
    input.Body.filterCriteria.findingStatusFilters[_].value == enum_CisFindingStatus[_]
    input.Body.filterCriteria.securityLevelFilters[_].comparison == enum_CisSecurityLevelComparison[_]
    input.Body.filterCriteria.securityLevelFilters[_].value == enum_CisSecurityLevel[_]
    input.Body.filterCriteria.titleFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.titleFilters[_].value == STRING
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.Body.scanArn == STRING
    input.Body.sortBy == enum_CisScanResultDetailsSortBy[_]
    input.Body.sortOrder == enum_CisSortOrder[_]
    input.Body.targetResourceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetConfiguration

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetDelegatedAdminAccount

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetEc2DeepInspectionConfiguration

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetEncryptionKey

enum_ResourceType := [ "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY", "AWS_LAMBDA_FUNCTION" ]
enum_ScanType := [ "NETWORK", "PACKAGE", "CODE" ]

valid {
    input.Qs.resourceType == enum_ResourceType[_]
    input.Qs.scanType == enum_ScanType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetFindingsReportStatus

valid {
    input.Body.reportId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetMember

valid {
    input.Body.accountId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSbomExport

valid {
    input.Body.reportId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAccountPermissions

enum_Service := [ "EC2", "ECR", "LAMBDA" ]

valid {
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.Body.service == enum_Service[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCisScanConfigurations

enum_CisScanConfigurationsSortBy := [ "SCAN_NAME", "SCAN_CONFIGURATION_ARN" ]
enum_CisSortOrder := [ "ASC", "DESC" ]
enum_CisStringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
enum_TagComparison := [ "EQUALS" ]

valid {
    input.Body.filterCriteria.scanConfigurationArnFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.scanConfigurationArnFilters[_].value == STRING
    input.Body.filterCriteria.scanNameFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.scanNameFilters[_].value == STRING
    input.Body.filterCriteria.targetResourceTagFilters[_].comparison == enum_TagComparison[_]
    input.Body.filterCriteria.targetResourceTagFilters[_].key == STRING
    input.Body.filterCriteria.targetResourceTagFilters[_].value == STRING
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.Body.sortBy == enum_CisScanConfigurationsSortBy[_]
    input.Body.sortOrder == enum_CisSortOrder[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCisScanResultsAggregatedByChecks

enum_CisScanResultsAggregatedByChecksSortBy := [ "CHECK_ID", "TITLE", "PLATFORM", "FAILED_COUNTS", "SECURITY_LEVEL" ]
enum_CisSecurityLevel := [ "LEVEL_1", "LEVEL_2" ]
enum_CisSecurityLevelComparison := [ "EQUALS" ]
enum_CisSortOrder := [ "ASC", "DESC" ]
enum_CisStringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]

valid {
    input.Body.filterCriteria.accountIdFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.accountIdFilters[_].value == STRING
    input.Body.filterCriteria.checkIdFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.checkIdFilters[_].value == STRING
    input.Body.filterCriteria.failedResourcesFilters[_].lowerInclusive == INTEGER
    input.Body.filterCriteria.failedResourcesFilters[_].upperInclusive == INTEGER
    input.Body.filterCriteria.platformFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.platformFilters[_].value == STRING
    input.Body.filterCriteria.securityLevelFilters[_].comparison == enum_CisSecurityLevelComparison[_]
    input.Body.filterCriteria.securityLevelFilters[_].value == enum_CisSecurityLevel[_]
    input.Body.filterCriteria.titleFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.titleFilters[_].value == STRING
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.Body.scanArn == STRING
    input.Body.sortBy == enum_CisScanResultsAggregatedByChecksSortBy[_]
    input.Body.sortOrder == enum_CisSortOrder[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCisScanResultsAggregatedByTargetResource

enum_CisResultStatus := [ "PASSED", "FAILED", "SKIPPED" ]
enum_CisResultStatusComparison := [ "EQUALS" ]
enum_CisScanResultsAggregatedByTargetResourceSortBy := [ "RESOURCE_ID", "FAILED_COUNTS", "ACCOUNT_ID", "PLATFORM", "TARGET_STATUS", "TARGET_STATUS_REASON" ]
enum_CisSortOrder := [ "ASC", "DESC" ]
enum_CisStringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
enum_CisTargetStatus := [ "TIMED_OUT", "CANCELLED", "COMPLETED" ]
enum_CisTargetStatusComparison := [ "EQUALS" ]
enum_CisTargetStatusReason := [ "SCAN_IN_PROGRESS", "UNSUPPORTED_OS", "SSM_UNMANAGED" ]
enum_TagComparison := [ "EQUALS" ]

valid {
    input.Body.filterCriteria.accountIdFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.accountIdFilters[_].value == STRING
    input.Body.filterCriteria.checkIdFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.checkIdFilters[_].value == STRING
    input.Body.filterCriteria.failedChecksFilters[_].lowerInclusive == INTEGER
    input.Body.filterCriteria.failedChecksFilters[_].upperInclusive == INTEGER
    input.Body.filterCriteria.platformFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.platformFilters[_].value == STRING
    input.Body.filterCriteria.statusFilters[_].comparison == enum_CisResultStatusComparison[_]
    input.Body.filterCriteria.statusFilters[_].value == enum_CisResultStatus[_]
    input.Body.filterCriteria.targetResourceIdFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.targetResourceIdFilters[_].value == STRING
    input.Body.filterCriteria.targetResourceTagFilters[_].comparison == enum_TagComparison[_]
    input.Body.filterCriteria.targetResourceTagFilters[_].key == STRING
    input.Body.filterCriteria.targetResourceTagFilters[_].value == STRING
    input.Body.filterCriteria.targetStatusFilters[_].comparison == enum_CisTargetStatusComparison[_]
    input.Body.filterCriteria.targetStatusFilters[_].value == enum_CisTargetStatus[_]
    input.Body.filterCriteria.targetStatusReasonFilters[_].comparison == enum_CisTargetStatusComparison[_]
    input.Body.filterCriteria.targetStatusReasonFilters[_].value == enum_CisTargetStatusReason[_]
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.Body.scanArn == STRING
    input.Body.sortBy == enum_CisScanResultsAggregatedByTargetResourceSortBy[_]
    input.Body.sortOrder == enum_CisSortOrder[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCisScans

enum_CisScanStatus := [ "FAILED", "COMPLETED", "CANCELLED", "IN_PROGRESS" ]
enum_CisScanStatusComparison := [ "EQUALS" ]
enum_CisSortOrder := [ "ASC", "DESC" ]
enum_CisStringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
enum_ListCisScansDetailLevel := [ "ORGANIZATION", "MEMBER" ]
enum_ListCisScansSortBy := [ "STATUS", "SCHEDULED_BY", "SCAN_START_DATE", "FAILED_CHECKS" ]
enum_TagComparison := [ "EQUALS" ]

valid {
    input.Body.detailLevel == enum_ListCisScansDetailLevel[_]
    input.Body.filterCriteria.failedChecksFilters[_].lowerInclusive == INTEGER
    input.Body.filterCriteria.failedChecksFilters[_].upperInclusive == INTEGER
    input.Body.filterCriteria.scanArnFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.scanArnFilters[_].value == STRING
    input.Body.filterCriteria.scanAtFilters[_].earliestScanStartTime == TIMESTAMP
    input.Body.filterCriteria.scanAtFilters[_].latestScanStartTime == TIMESTAMP
    input.Body.filterCriteria.scanConfigurationArnFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.scanConfigurationArnFilters[_].value == STRING
    input.Body.filterCriteria.scanNameFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.scanNameFilters[_].value == STRING
    input.Body.filterCriteria.scanStatusFilters[_].comparison == enum_CisScanStatusComparison[_]
    input.Body.filterCriteria.scanStatusFilters[_].value == enum_CisScanStatus[_]
    input.Body.filterCriteria.scheduledByFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.scheduledByFilters[_].value == STRING
    input.Body.filterCriteria.targetAccountIdFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.targetAccountIdFilters[_].value == STRING
    input.Body.filterCriteria.targetResourceIdFilters[_].comparison == enum_CisStringComparison[_]
    input.Body.filterCriteria.targetResourceIdFilters[_].value == STRING
    input.Body.filterCriteria.targetResourceTagFilters[_].comparison == enum_TagComparison[_]
    input.Body.filterCriteria.targetResourceTagFilters[_].key == STRING
    input.Body.filterCriteria.targetResourceTagFilters[_].value == STRING
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.Body.sortBy == enum_ListCisScansSortBy[_]
    input.Body.sortOrder == enum_CisSortOrder[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCoverage

enum_CoverageMapComparison := [ "EQUALS" ]
enum_CoverageStringComparison := [ "EQUALS", "NOT_EQUALS" ]

valid {
    input.Body.filterCriteria.accountId[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.accountId[_].value == STRING
    input.Body.filterCriteria.ec2InstanceTags[_].comparison == enum_CoverageMapComparison[_]
    input.Body.filterCriteria.ec2InstanceTags[_].key == STRING
    input.Body.filterCriteria.ec2InstanceTags[_].value == STRING
    input.Body.filterCriteria.ecrImageTags[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.ecrImageTags[_].value == STRING
    input.Body.filterCriteria.ecrRepositoryName[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.ecrRepositoryName[_].value == STRING
    input.Body.filterCriteria.imagePulledAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.imagePulledAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionTags[_].comparison == enum_CoverageMapComparison[_]
    input.Body.filterCriteria.lambdaFunctionTags[_].key == STRING
    input.Body.filterCriteria.lambdaFunctionTags[_].value == STRING
    input.Body.filterCriteria.lastScannedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.lastScannedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.resourceId[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.resourceId[_].value == STRING
    input.Body.filterCriteria.resourceType[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.resourceType[_].value == STRING
    input.Body.filterCriteria.scanMode[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.scanMode[_].value == STRING
    input.Body.filterCriteria.scanStatusCode[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.scanStatusCode[_].value == STRING
    input.Body.filterCriteria.scanStatusReason[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.scanStatusReason[_].value == STRING
    input.Body.filterCriteria.scanType[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.scanType[_].value == STRING
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListCoverageStatistics

enum_CoverageMapComparison := [ "EQUALS" ]
enum_CoverageStringComparison := [ "EQUALS", "NOT_EQUALS" ]
enum_GroupKey := [ "SCAN_STATUS_CODE", "SCAN_STATUS_REASON", "ACCOUNT_ID", "RESOURCE_TYPE", "ECR_REPOSITORY_NAME" ]

valid {
    input.Body.filterCriteria.accountId[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.accountId[_].value == STRING
    input.Body.filterCriteria.ec2InstanceTags[_].comparison == enum_CoverageMapComparison[_]
    input.Body.filterCriteria.ec2InstanceTags[_].key == STRING
    input.Body.filterCriteria.ec2InstanceTags[_].value == STRING
    input.Body.filterCriteria.ecrImageTags[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.ecrImageTags[_].value == STRING
    input.Body.filterCriteria.ecrRepositoryName[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.ecrRepositoryName[_].value == STRING
    input.Body.filterCriteria.imagePulledAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.imagePulledAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionTags[_].comparison == enum_CoverageMapComparison[_]
    input.Body.filterCriteria.lambdaFunctionTags[_].key == STRING
    input.Body.filterCriteria.lambdaFunctionTags[_].value == STRING
    input.Body.filterCriteria.lastScannedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.lastScannedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.resourceId[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.resourceId[_].value == STRING
    input.Body.filterCriteria.resourceType[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.resourceType[_].value == STRING
    input.Body.filterCriteria.scanMode[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.scanMode[_].value == STRING
    input.Body.filterCriteria.scanStatusCode[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.scanStatusCode[_].value == STRING
    input.Body.filterCriteria.scanStatusReason[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.scanStatusReason[_].value == STRING
    input.Body.filterCriteria.scanType[_].comparison == enum_CoverageStringComparison[_]
    input.Body.filterCriteria.scanType[_].value == STRING
    input.Body.groupBy == enum_GroupKey[_]
    input.Body.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListDelegatedAdminAccounts

valid {
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListFilters

enum_FilterAction := [ "NONE", "SUPPRESS" ]

valid {
    input.Body.action == enum_FilterAction[_]
    input.Body.arns[_] == STRING
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListFindingAggregations

enum_AccountSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_AggregationFindingType := [ "NETWORK_REACHABILITY", "PACKAGE_VULNERABILITY", "CODE_VULNERABILITY" ]
enum_AggregationResourceType := [ "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", "AWS_LAMBDA_FUNCTION" ]
enum_AggregationType := [ "FINDING_TYPE", "PACKAGE", "TITLE", "REPOSITORY", "AMI", "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER", "IMAGE_LAYER", "ACCOUNT", "AWS_LAMBDA_FUNCTION", "LAMBDA_LAYER" ]
enum_AmiSortBy := [ "CRITICAL", "HIGH", "ALL", "AFFECTED_INSTANCES" ]
enum_AwsEcrContainerSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_Ec2InstanceSortBy := [ "NETWORK_FINDINGS", "CRITICAL", "HIGH", "ALL" ]
enum_FindingTypeSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_ImageLayerSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_LambdaFunctionSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_LambdaLayerSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_MapComparison := [ "EQUALS" ]
enum_PackageSortBy := [ "CRITICAL", "HIGH", "ALL" ]
enum_RepositorySortBy := [ "CRITICAL", "HIGH", "ALL", "AFFECTED_IMAGES" ]
enum_SortOrder := [ "ASC", "DESC" ]
enum_StringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]
enum_TitleSortBy := [ "CRITICAL", "HIGH", "ALL" ]

valid {
    input.Body.accountIds[_].comparison == enum_StringComparison[_]
    input.Body.accountIds[_].value == STRING
    input.Body.aggregationRequest.accountAggregation.findingType == enum_AggregationFindingType[_]
    input.Body.aggregationRequest.accountAggregation.resourceType == enum_AggregationResourceType[_]
    input.Body.aggregationRequest.accountAggregation.sortBy == enum_AccountSortBy[_]
    input.Body.aggregationRequest.accountAggregation.sortOrder == enum_SortOrder[_]
    input.Body.aggregationRequest.amiAggregation.amis[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.amiAggregation.amis[_].value == STRING
    input.Body.aggregationRequest.amiAggregation.sortBy == enum_AmiSortBy[_]
    input.Body.aggregationRequest.amiAggregation.sortOrder == enum_SortOrder[_]
    input.Body.aggregationRequest.awsEcrContainerAggregation.architectures[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.awsEcrContainerAggregation.architectures[_].value == STRING
    input.Body.aggregationRequest.awsEcrContainerAggregation.imageShas[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.awsEcrContainerAggregation.imageShas[_].value == STRING
    input.Body.aggregationRequest.awsEcrContainerAggregation.imageTags[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.awsEcrContainerAggregation.imageTags[_].value == STRING
    input.Body.aggregationRequest.awsEcrContainerAggregation.repositories[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.awsEcrContainerAggregation.repositories[_].value == STRING
    input.Body.aggregationRequest.awsEcrContainerAggregation.resourceIds[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.awsEcrContainerAggregation.resourceIds[_].value == STRING
    input.Body.aggregationRequest.awsEcrContainerAggregation.sortBy == enum_AwsEcrContainerSortBy[_]
    input.Body.aggregationRequest.awsEcrContainerAggregation.sortOrder == enum_SortOrder[_]
    input.Body.aggregationRequest.ec2InstanceAggregation.amis[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.ec2InstanceAggregation.amis[_].value == STRING
    input.Body.aggregationRequest.ec2InstanceAggregation.instanceIds[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.ec2InstanceAggregation.instanceIds[_].value == STRING
    input.Body.aggregationRequest.ec2InstanceAggregation.instanceTags[_].comparison == enum_MapComparison[_]
    input.Body.aggregationRequest.ec2InstanceAggregation.instanceTags[_].key == STRING
    input.Body.aggregationRequest.ec2InstanceAggregation.instanceTags[_].value == STRING
    input.Body.aggregationRequest.ec2InstanceAggregation.operatingSystems[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.ec2InstanceAggregation.operatingSystems[_].value == STRING
    input.Body.aggregationRequest.ec2InstanceAggregation.sortBy == enum_Ec2InstanceSortBy[_]
    input.Body.aggregationRequest.ec2InstanceAggregation.sortOrder == enum_SortOrder[_]
    input.Body.aggregationRequest.findingTypeAggregation.findingType == enum_AggregationFindingType[_]
    input.Body.aggregationRequest.findingTypeAggregation.resourceType == enum_AggregationResourceType[_]
    input.Body.aggregationRequest.findingTypeAggregation.sortBy == enum_FindingTypeSortBy[_]
    input.Body.aggregationRequest.findingTypeAggregation.sortOrder == enum_SortOrder[_]
    input.Body.aggregationRequest.imageLayerAggregation.layerHashes[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.imageLayerAggregation.layerHashes[_].value == STRING
    input.Body.aggregationRequest.imageLayerAggregation.repositories[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.imageLayerAggregation.repositories[_].value == STRING
    input.Body.aggregationRequest.imageLayerAggregation.resourceIds[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.imageLayerAggregation.resourceIds[_].value == STRING
    input.Body.aggregationRequest.imageLayerAggregation.sortBy == enum_ImageLayerSortBy[_]
    input.Body.aggregationRequest.imageLayerAggregation.sortOrder == enum_SortOrder[_]
    input.Body.aggregationRequest.lambdaFunctionAggregation.functionNames[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.lambdaFunctionAggregation.functionNames[_].value == STRING
    input.Body.aggregationRequest.lambdaFunctionAggregation.functionTags[_].comparison == enum_MapComparison[_]
    input.Body.aggregationRequest.lambdaFunctionAggregation.functionTags[_].key == STRING
    input.Body.aggregationRequest.lambdaFunctionAggregation.functionTags[_].value == STRING
    input.Body.aggregationRequest.lambdaFunctionAggregation.resourceIds[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.lambdaFunctionAggregation.resourceIds[_].value == STRING
    input.Body.aggregationRequest.lambdaFunctionAggregation.runtimes[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.lambdaFunctionAggregation.runtimes[_].value == STRING
    input.Body.aggregationRequest.lambdaFunctionAggregation.sortBy == enum_LambdaFunctionSortBy[_]
    input.Body.aggregationRequest.lambdaFunctionAggregation.sortOrder == enum_SortOrder[_]
    input.Body.aggregationRequest.lambdaLayerAggregation.functionNames[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.lambdaLayerAggregation.functionNames[_].value == STRING
    input.Body.aggregationRequest.lambdaLayerAggregation.layerArns[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.lambdaLayerAggregation.layerArns[_].value == STRING
    input.Body.aggregationRequest.lambdaLayerAggregation.resourceIds[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.lambdaLayerAggregation.resourceIds[_].value == STRING
    input.Body.aggregationRequest.lambdaLayerAggregation.sortBy == enum_LambdaLayerSortBy[_]
    input.Body.aggregationRequest.lambdaLayerAggregation.sortOrder == enum_SortOrder[_]
    input.Body.aggregationRequest.packageAggregation.packageNames[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.packageAggregation.packageNames[_].value == STRING
    input.Body.aggregationRequest.packageAggregation.sortBy == enum_PackageSortBy[_]
    input.Body.aggregationRequest.packageAggregation.sortOrder == enum_SortOrder[_]
    input.Body.aggregationRequest.repositoryAggregation.repositories[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.repositoryAggregation.repositories[_].value == STRING
    input.Body.aggregationRequest.repositoryAggregation.sortBy == enum_RepositorySortBy[_]
    input.Body.aggregationRequest.repositoryAggregation.sortOrder == enum_SortOrder[_]
    input.Body.aggregationRequest.titleAggregation.findingType == enum_AggregationFindingType[_]
    input.Body.aggregationRequest.titleAggregation.resourceType == enum_AggregationResourceType[_]
    input.Body.aggregationRequest.titleAggregation.sortBy == enum_TitleSortBy[_]
    input.Body.aggregationRequest.titleAggregation.sortOrder == enum_SortOrder[_]
    input.Body.aggregationRequest.titleAggregation.titles[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.titleAggregation.titles[_].value == STRING
    input.Body.aggregationRequest.titleAggregation.vulnerabilityIds[_].comparison == enum_StringComparison[_]
    input.Body.aggregationRequest.titleAggregation.vulnerabilityIds[_].value == STRING
    input.Body.aggregationType == enum_AggregationType[_]
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListFindings

enum_MapComparison := [ "EQUALS" ]
enum_SortField := [ "AWS_ACCOUNT_ID", "FINDING_TYPE", "SEVERITY", "FIRST_OBSERVED_AT", "LAST_OBSERVED_AT", "FINDING_STATUS", "RESOURCE_TYPE", "ECR_IMAGE_PUSHED_AT", "ECR_IMAGE_REPOSITORY_NAME", "ECR_IMAGE_REGISTRY", "NETWORK_PROTOCOL", "COMPONENT_TYPE", "VULNERABILITY_ID", "VULNERABILITY_SOURCE", "INSPECTOR_SCORE", "VENDOR_SEVERITY", "EPSS_SCORE" ]
enum_SortOrder := [ "ASC", "DESC" ]
enum_StringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]

valid {
    input.Body.filterCriteria.awsAccountId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.awsAccountId[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityDetectorName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityDetectorName[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityFilePath[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityFilePath[_].value == STRING
    input.Body.filterCriteria.componentId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.componentId[_].value == STRING
    input.Body.filterCriteria.componentType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.componentType[_].value == STRING
    input.Body.filterCriteria.ec2InstanceImageId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceImageId[_].value == STRING
    input.Body.filterCriteria.ec2InstanceSubnetId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceSubnetId[_].value == STRING
    input.Body.filterCriteria.ec2InstanceVpcId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceVpcId[_].value == STRING
    input.Body.filterCriteria.ecrImageArchitecture[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageArchitecture[_].value == STRING
    input.Body.filterCriteria.ecrImageHash[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageHash[_].value == STRING
    input.Body.filterCriteria.ecrImagePushedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.ecrImagePushedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.ecrImageRegistry[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageRegistry[_].value == STRING
    input.Body.filterCriteria.ecrImageRepositoryName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageRepositoryName[_].value == STRING
    input.Body.filterCriteria.ecrImageTags[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageTags[_].value == STRING
    input.Body.filterCriteria.epssScore[_].lowerInclusive == DOUBLE
    input.Body.filterCriteria.epssScore[_].upperInclusive == DOUBLE
    input.Body.filterCriteria.exploitAvailable[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.exploitAvailable[_].value == STRING
    input.Body.filterCriteria.findingArn[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingArn[_].value == STRING
    input.Body.filterCriteria.findingStatus[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingStatus[_].value == STRING
    input.Body.filterCriteria.findingType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingType[_].value == STRING
    input.Body.filterCriteria.firstObservedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.firstObservedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.fixAvailable[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.fixAvailable[_].value == STRING
    input.Body.filterCriteria.inspectorScore[_].lowerInclusive == DOUBLE
    input.Body.filterCriteria.inspectorScore[_].upperInclusive == DOUBLE
    input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.lambdaFunctionLayers[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionLayers[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
    input.Body.filterCriteria.lastObservedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.lastObservedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.networkProtocol[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.networkProtocol[_].value == STRING
    input.Body.filterCriteria.portRange[_].beginInclusive == INTEGER
    input.Body.filterCriteria.portRange[_].endInclusive == INTEGER
    input.Body.filterCriteria.relatedVulnerabilities[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.relatedVulnerabilities[_].value == STRING
    input.Body.filterCriteria.resourceId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.resourceId[_].value == STRING
    input.Body.filterCriteria.resourceTags[_].comparison == enum_MapComparison[_]
    input.Body.filterCriteria.resourceTags[_].key == STRING
    input.Body.filterCriteria.resourceTags[_].value == STRING
    input.Body.filterCriteria.resourceType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.resourceType[_].value == STRING
    input.Body.filterCriteria.severity[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.severity[_].value == STRING
    input.Body.filterCriteria.title[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.title[_].value == STRING
    input.Body.filterCriteria.updatedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.updatedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.vendorSeverity[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vendorSeverity[_].value == STRING
    input.Body.filterCriteria.vulnerabilityId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerabilityId[_].value == STRING
    input.Body.filterCriteria.vulnerabilitySource[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerabilitySource[_].value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].architecture.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].architecture.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].epoch.lowerInclusive == DOUBLE
    input.Body.filterCriteria.vulnerablePackages[_].epoch.upperInclusive == DOUBLE
    input.Body.filterCriteria.vulnerablePackages[_].name.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].name.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].release.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].release.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].version.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].version.value == STRING
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.Body.sortCriteria.field == enum_SortField[_]
    input.Body.sortCriteria.sortOrder == enum_SortOrder[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListMembers

valid {
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.Body.onlyAssociated == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListUsageTotals

valid {
    input.Body.accountIds[_] == STRING
    input.Body.maxResults == INTEGER
    input.Body.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ResetEncryptionKey

enum_ResourceType := [ "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY", "AWS_LAMBDA_FUNCTION" ]
enum_ScanType := [ "NETWORK", "PACKAGE", "CODE" ]

valid {
    input.Body.resourceType == enum_ResourceType[_]
    input.Body.scanType == enum_ScanType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SearchVulnerabilities

valid {
    input.Body.filterCriteria.vulnerabilityIds[_] == STRING
    input.Body.nextToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SendCisSessionHealth

valid {
    input.Body.scanJobId == STRING
    input.Body.sessionToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

SendCisSessionTelemetry

enum_CisRuleStatus := [ "FAILED", "PASSED", "NOT_EVALUATED", "INFORMATIONAL", "UNKNOWN", "NOT_APPLICABLE", "ERROR" ]

valid {
    input.Body.messages[_].cisRuleDetails == BLOB
    input.Body.messages[_].ruleId == STRING
    input.Body.messages[_].status == enum_CisRuleStatus[_]
    input.Body.scanJobId == STRING
    input.Body.sessionToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StartCisSession

valid {
    input.Body.message.sessionToken == STRING
    input.Body.scanJobId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

StopCisSession

enum_StopCisSessionStatus := [ "SUCCESS", "FAILED", "INTERRUPTED", "UNSUPPORTED_OS" ]

valid {
    input.Body.message.benchmarkProfile == STRING
    input.Body.message.benchmarkVersion == STRING
    input.Body.message.computePlatform.product == STRING
    input.Body.message.computePlatform.vendor == STRING
    input.Body.message.computePlatform.version == STRING
    input.Body.message.progress.errorChecks == INTEGER
    input.Body.message.progress.failedChecks == INTEGER
    input.Body.message.progress.informationalChecks == INTEGER
    input.Body.message.progress.notApplicableChecks == INTEGER
    input.Body.message.progress.notEvaluatedChecks == INTEGER
    input.Body.message.progress.successfulChecks == INTEGER
    input.Body.message.progress.totalChecks == INTEGER
    input.Body.message.progress.unknownChecks == INTEGER
    input.Body.message.reason == STRING
    input.Body.message.status == enum_StopCisSessionStatus[_]
    input.Body.scanJobId == STRING
    input.Body.sessionToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.tags.STRING == STRING
    input.ReqMap.resourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.ReqMap.resourceArn == STRING
    input.Qs.tagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateCisScanConfiguration

enum_CisSecurityLevel := [ "LEVEL_1", "LEVEL_2" ]
enum_Day := [ "SUN", "MON", "TUE", "WED", "THU", "FRI", "SAT" ]

valid {
    input.Body.scanConfigurationArn == STRING
    input.Body.scanName == STRING
    input.Body.schedule.daily.startTime.timeOfDay == STRING
    input.Body.schedule.daily.startTime.timezone == STRING
    input.Body.schedule.monthly.day == enum_Day[_]
    input.Body.schedule.monthly.startTime.timeOfDay == STRING
    input.Body.schedule.monthly.startTime.timezone == STRING
    input.Body.schedule.oneTime == {}
    input.Body.schedule.weekly.days[_] == enum_Day[_]
    input.Body.schedule.weekly.startTime.timeOfDay == STRING
    input.Body.schedule.weekly.startTime.timezone == STRING
    input.Body.securityLevel == enum_CisSecurityLevel[_]
    input.Body.targets.accountIds[_] == STRING
    input.Body.targets.targetResourceTags.STRING[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateConfiguration

enum_Ec2ScanMode := [ "EC2_SSM_AGENT_BASED", "EC2_HYBRID" ]
enum_EcrPullDateRescanDuration := [ "DAYS_14", "DAYS_30", "DAYS_60", "DAYS_90", "DAYS_180" ]
enum_EcrRescanDuration := [ "LIFETIME", "DAYS_30", "DAYS_180", "DAYS_14", "DAYS_60", "DAYS_90" ]

valid {
    input.Body.ec2Configuration.scanMode == enum_Ec2ScanMode[_]
    input.Body.ecrConfiguration.pullDateRescanDuration == enum_EcrPullDateRescanDuration[_]
    input.Body.ecrConfiguration.rescanDuration == enum_EcrRescanDuration[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateEc2DeepInspectionConfiguration

valid {
    input.Body.activateDeepInspection == BOOLEAN
    input.Body.packagePaths[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateEncryptionKey

enum_ResourceType := [ "AWS_EC2_INSTANCE", "AWS_ECR_CONTAINER_IMAGE", "AWS_ECR_REPOSITORY", "AWS_LAMBDA_FUNCTION" ]
enum_ScanType := [ "NETWORK", "PACKAGE", "CODE" ]

valid {
    input.Body.kmsKeyId == STRING
    input.Body.resourceType == enum_ResourceType[_]
    input.Body.scanType == enum_ScanType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateFilter

enum_FilterAction := [ "NONE", "SUPPRESS" ]
enum_MapComparison := [ "EQUALS" ]
enum_StringComparison := [ "EQUALS", "PREFIX", "NOT_EQUALS" ]

valid {
    input.Body.action == enum_FilterAction[_]
    input.Body.description == STRING
    input.Body.filterArn == STRING
    input.Body.filterCriteria.awsAccountId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.awsAccountId[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityDetectorName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityDetectorName[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityDetectorTags[_].value == STRING
    input.Body.filterCriteria.codeVulnerabilityFilePath[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.codeVulnerabilityFilePath[_].value == STRING
    input.Body.filterCriteria.componentId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.componentId[_].value == STRING
    input.Body.filterCriteria.componentType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.componentType[_].value == STRING
    input.Body.filterCriteria.ec2InstanceImageId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceImageId[_].value == STRING
    input.Body.filterCriteria.ec2InstanceSubnetId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceSubnetId[_].value == STRING
    input.Body.filterCriteria.ec2InstanceVpcId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ec2InstanceVpcId[_].value == STRING
    input.Body.filterCriteria.ecrImageArchitecture[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageArchitecture[_].value == STRING
    input.Body.filterCriteria.ecrImageHash[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageHash[_].value == STRING
    input.Body.filterCriteria.ecrImagePushedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.ecrImagePushedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.ecrImageRegistry[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageRegistry[_].value == STRING
    input.Body.filterCriteria.ecrImageRepositoryName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageRepositoryName[_].value == STRING
    input.Body.filterCriteria.ecrImageTags[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.ecrImageTags[_].value == STRING
    input.Body.filterCriteria.epssScore[_].lowerInclusive == DOUBLE
    input.Body.filterCriteria.epssScore[_].upperInclusive == DOUBLE
    input.Body.filterCriteria.exploitAvailable[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.exploitAvailable[_].value == STRING
    input.Body.filterCriteria.findingArn[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingArn[_].value == STRING
    input.Body.filterCriteria.findingStatus[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingStatus[_].value == STRING
    input.Body.filterCriteria.findingType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.findingType[_].value == STRING
    input.Body.filterCriteria.firstObservedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.firstObservedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.fixAvailable[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.fixAvailable[_].value == STRING
    input.Body.filterCriteria.inspectorScore[_].lowerInclusive == DOUBLE
    input.Body.filterCriteria.inspectorScore[_].upperInclusive == DOUBLE
    input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionExecutionRoleArn[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.lambdaFunctionLastModifiedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.lambdaFunctionLayers[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionLayers[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionName[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionName[_].value == STRING
    input.Body.filterCriteria.lambdaFunctionRuntime[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.lambdaFunctionRuntime[_].value == STRING
    input.Body.filterCriteria.lastObservedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.lastObservedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.networkProtocol[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.networkProtocol[_].value == STRING
    input.Body.filterCriteria.portRange[_].beginInclusive == INTEGER
    input.Body.filterCriteria.portRange[_].endInclusive == INTEGER
    input.Body.filterCriteria.relatedVulnerabilities[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.relatedVulnerabilities[_].value == STRING
    input.Body.filterCriteria.resourceId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.resourceId[_].value == STRING
    input.Body.filterCriteria.resourceTags[_].comparison == enum_MapComparison[_]
    input.Body.filterCriteria.resourceTags[_].key == STRING
    input.Body.filterCriteria.resourceTags[_].value == STRING
    input.Body.filterCriteria.resourceType[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.resourceType[_].value == STRING
    input.Body.filterCriteria.severity[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.severity[_].value == STRING
    input.Body.filterCriteria.title[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.title[_].value == STRING
    input.Body.filterCriteria.updatedAt[_].endInclusive == TIMESTAMP
    input.Body.filterCriteria.updatedAt[_].startInclusive == TIMESTAMP
    input.Body.filterCriteria.vendorSeverity[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vendorSeverity[_].value == STRING
    input.Body.filterCriteria.vulnerabilityId[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerabilityId[_].value == STRING
    input.Body.filterCriteria.vulnerabilitySource[_].comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerabilitySource[_].value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].architecture.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].architecture.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].epoch.lowerInclusive == DOUBLE
    input.Body.filterCriteria.vulnerablePackages[_].epoch.upperInclusive == DOUBLE
    input.Body.filterCriteria.vulnerablePackages[_].name.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].name.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].release.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].release.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].sourceLambdaLayerArn.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].sourceLayerHash.value == STRING
    input.Body.filterCriteria.vulnerablePackages[_].version.comparison == enum_StringComparison[_]
    input.Body.filterCriteria.vulnerablePackages[_].version.value == STRING
    input.Body.name == STRING
    input.Body.reason == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateOrgEc2DeepInspectionConfiguration

valid {
    input.Body.orgPackagePaths[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateOrganizationConfiguration

valid {
    input.Body.autoEnable.ec2 == BOOLEAN
    input.Body.autoEnable.ecr == BOOLEAN
    input.Body.autoEnable.lambda == BOOLEAN
    input.Body.autoEnable.lambdaCode == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}